diff --git a/oval/types.go b/oval/types.go index 852bce2..7803e90 100644 --- a/oval/types.go +++ b/oval/types.go @@ -150,7 +150,8 @@ func (d *Date) UnmarshalXML(dec *xml.Decoder, start xml.StartElement) error { time.RFC1123Z, time.RFC3339, time.RFC3339Nano, - "2006-01-02 15:04:05", // Ubuntu style `YYYY-MM-DD time`, for when you want to seem precise. + "2006-01-02 15:04:05", // Ubuntu style `YYYY-MM-DD time`, for when you want to seem precise. + "2006-01-02 15:04:05 PT", // Ubuntu style `YYYY-MM-DD time invalid-timezone`, note: this loses the timezone precision. } { d.Date, err = time.Parse(f, s) if err == nil { diff --git a/testdata/com.ubuntu.focal.cve.oval.xml b/testdata/com.ubuntu.focal.cve.oval.xml new file mode 100644 index 0000000..ce572ab --- /dev/null +++ b/testdata/com.ubuntu.focal.cve.oval.xml @@ -0,0 +1,255580 @@ + + + + Canonical CVE OVAL Generator + 1.1 + 5.11.1 + 2021-07-21T08:40:29 + + + + + + Check that Ubuntu 20.04 (focal) is installed. + + + + + + + + + + CVE-2002-2439 on Ubuntu 20.04 (focal) - low. + operator new[] sometimes returns pointers to heap blocks which are too small. When a new array is allocated, the C++ run-time has to calculate its size. The product may exceed the maximum value which can be stored in a machine register. This error is ignored, and the truncated value is used for the heap allocation. This may lead to heap overflows and therefore security bugs. (See http://cert.uni-stuttgart.de/advisories/calloc.php for further references.) + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-02-23 + http://gcc.gnu.org/bugzilla/show_bug.cgi?id=19351 + https://bugzilla.redhat.com/show_bug.cgi?id=850911 + http://people.canonical.com/~ubuntu-security/cve/2002/CVE-2002-2439.html + + + + sbeattie> fixed upstream in gcc 4.8.0 sbeattie> backporting fixes may be problematic for ABI issues sbeattie> gcc-i686-linux-android/xenial is 4.7.4 based mdeslaur> gcc-4.7 is not the default xenial compiler and is only used to mdeslaur> build a few packages. Fixing this would be intrusive, would mdeslaur> require rebuilding those packages, and there is no clear mdeslaur> attack vector on them. We will not be fixing gcc-4.7 in xenial. mdeslaur> Marking as ignored. + + + + + + + + + + + + + + + CVE-2007-0255 on Ubuntu 20.04 (focal) - untriaged. + XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2007 Canonical Ltd. + 2007-01-16 23:28:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2007/CVE-2007-0255.html + + + + + + + + + + CVE-2007-5109 on Ubuntu 20.04 (focal) - low. + Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action, as demonstrated by using a Flash object to automatically make the request. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2007 Canonical Ltd. + 2007-09-26 23:17:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2007/CVE-2007-5109.html + + + + jdstrand> may only be 2.6 and higher + + + + + + + + + CVE-2008-5144 on Ubuntu 20.04 (focal) - negligible. + nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2008 Canonical Ltd. + 2008-11-18 16:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-5144.html + + + + jdstrand> per Debian, code can be run via postinst, but requires special circumstances + + + + + + + + + CVE-2008-5146 on Ubuntu 20.04 (focal) - negligible. + add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2008 Canonical Ltd. + 2008-11-18 16:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-5146.html + + + + jdstrand> per Debian, affected code is in example script + + + + + + + + + CVE-2008-5150 on Ubuntu 20.04 (focal) - negligible. + sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2008 Canonical Ltd. + 2008-11-18 16:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-5150.html + + + + jdstrand> per Debian, unsafe code is in example script + + + + + + + + + CVE-2008-5152 on Ubuntu 20.04 (focal) - negligible. + inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2008 Canonical Ltd. + 2008-11-18 16:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-5152.html + + + + jdstrand> per Debian, unsafe code is in example script + + + + + + + + + CVE-2008-7315 on Ubuntu 20.04 (focal) - medium. + UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-10 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448 + http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-7315.html + https://rt.cpan.org/Public/Bug/Display.html?id=107364 + http://www.openwall.com/lists/oss-security/2015/10/08/2 + + + + + + + + + + CVE-2008-7320 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-18 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-7320.html + https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774 + https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774/comments/13 + https://bugzilla.gnome.org/show_bug.cgi?id=551036 + https://www.bountysource.com/issues/3849352-seahorse-shows-passwords-without-verification + + + + + + + + + + CVE-2009-0165 on Ubuntu 20.04 (focal) - low. + Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 19:30:00 UTC + 2009-04-23 + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0165.html + https://ubuntu.com/security/notices/USN-973-1 + + + + jdstrand> per mdeslaur, poppler and xpdf not-affected sbeattie> ipe uses system pdflatex + + + + + + + + + CVE-2009-0166 on Ubuntu 20.04 (focal) - medium. + The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 17:30:00 UTC + 2009-04-23 + Braden Thomas and Drew Yao + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0166.html + https://ubuntu.com/security/notices/USN-759-1 + https://ubuntu.com/security/notices/USN-973-1 + + + + kees> this is also CVE-2009-0146, CVE-2009-0147, but not CVE-2009-0165. kees> http://idisk.mac.com/drew_yao-Public/jbig2.zip mdeslaur> our cups uses the system pdftops, so we're not affected jdstrand> CUPS compiled with --disable-pdftops sbeattie> ipe uses system pdflatex + + + + + + + + + + + + CVE-2009-0195 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 17:30:00 UTC + 2009-04-23 + mdeslaur + Alin Rad Pop + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0195.html + https://ubuntu.com/security/notices/USN-759-1 + https://ubuntu.com/security/notices/USN-973-1 + + + + mdeslaur> Probably the same issue as CVE-2009-0146 mdeslaur> fixed by usn-759-1 even though the CVE is not listed in it sbeattie> ipe uses system pdflatex + + + + + + + + + + + + CVE-2009-0799 on Ubuntu 20.04 (focal) - medium. + The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 17:30:00 UTC + 2009-04-23 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0799.html + https://ubuntu.com/security/notices/USN-759-1 + https://ubuntu.com/security/notices/USN-973-1 + + + + jdstrand> CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops) sbeattie> ipe uses system pdflatex + + + + + + + + + + + + CVE-2009-0800 on Ubuntu 20.04 (focal) - medium. + Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 17:30:00 UTC + 2009-04-23 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0800.html + https://ubuntu.com/security/notices/USN-759-1 + https://ubuntu.com/security/notices/USN-973-1 + + + + jdstrand> CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops) sbeattie> ipe uses system pdflatex + + + + + + + + + + + + CVE-2009-1179 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 17:30:00 UTC + 2009-04-23 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-1179.html + https://ubuntu.com/security/notices/USN-759-1 + https://ubuntu.com/security/notices/USN-973-1 + + + + jdstrand> CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops) sbeattie> ipe uses system pdflatex + + + + + + + + + + + + CVE-2009-1180 on Ubuntu 20.04 (focal) - medium. + The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 17:30:00 UTC + 2009-04-23 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-1180.html + https://ubuntu.com/security/notices/USN-759-1 + https://ubuntu.com/security/notices/USN-973-1 + + + + jdstrand> CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops) + + + + + + + + + + + + CVE-2009-1181 on Ubuntu 20.04 (focal) - medium. + The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 17:30:00 UTC + 2009-04-23 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-1181.html + https://ubuntu.com/security/notices/USN-759-1 + https://ubuntu.com/security/notices/USN-973-1 + + + + jdstrand> CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops) + + + + + + + + + + + + CVE-2009-1182 on Ubuntu 20.04 (focal) - medium. + Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 17:30:00 UTC + 2009-04-23 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-1182.html + https://ubuntu.com/security/notices/USN-759-1 + + + + jdstrand> CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops) + + + + + + + + + + + + CVE-2009-1183 on Ubuntu 20.04 (focal) - medium. + The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 17:30:00 UTC + 2009-04-23 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-1183.html + https://ubuntu.com/security/notices/USN-759-1 + + + + jdstrand> CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops) + + + + + + + + + + + + CVE-2009-1188 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-04-23 19:30:00 UTC + 2009-04-23 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-1188.html + https://ubuntu.com/security/notices/USN-759-1 + + + + jdstrand> CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops) + + + + + + + + + + + + CVE-2009-1962 on Ubuntu 20.04 (focal) - low. + Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2009 Canonical Ltd. + 2009-06-08 01:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-1962.html + http://www.openwall.com/lists/oss-security/2009/04/01/6 + + + + + + + + + + CVE-2009-3560 on Ubuntu 20.04 (focal) - medium. + The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-12-04 21:30:00 UTC + 2009-12-04 + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3560.html + https://ubuntu.com/security/notices/USN-890-1 + https://ubuntu.com/security/notices/USN-890-2 + https://ubuntu.com/security/notices/USN-890-3 + https://ubuntu.com/security/notices/USN-890-4 + https://ubuntu.com/security/notices/USN-890-5 + https://ubuntu.com/security/notices/USN-890-6 + + + + mdeslaur> watch out for possible regression (see DSA-1953-2) jdstrand> regression for SUSE: https://bugzilla.novell.com/show_bug.cgi?id=566434 jdstrand> regression fix commit: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165 jdstrand> 2.0.1-4+lenny3 has the fix jdstrand> jdstrand provided updates in supported releases for expat, xmlrpc-c, cmake, python-xml, python2.4, and python2.5 ebarretto> this is not an issue for vnc4, for more information see: ebarretto> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560949 sbeattie> as of xotcl 1.6.6-1, xotcl uses system expat sbeattie> as of tla 1.3.5+dfsg-15, tla uses system expat sbeattie> as of sitecopy 1:0.16.0-1, sitecopy uses system expat sbeattie> by wbxml2 0.10.7-1, wbxml2 uses system expat sbeattie> as of insighttoolkit 3.16.0-1, insighttoolkit uses system expat sbeattie> according to dbug 560926, cadaver only uses embedded expat when embedded neon is used, and embedded neon is not used in Ubuntu + + + + + + + + + + + + + + + + CVE-2009-3603 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-10-21 17:30:00 UTC + 2009-10-21 + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3603.html + https://ubuntu.com/security/notices/USN-850-1 + https://ubuntu.com/security/notices/USN-850-3 + + + + + + + + + + + + + + CVE-2009-3604 on Ubuntu 20.04 (focal) - medium. + The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-10-21 17:30:00 UTC + 2009-10-21 + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3604.html + https://ubuntu.com/security/notices/USN-850-1 + https://ubuntu.com/security/notices/USN-850-3 + + + + + + + + + + + + + + CVE-2009-3606 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-10-21 17:30:00 UTC + 2009-10-21 + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3606.html + https://ubuntu.com/security/notices/USN-973-1 + + + + mdeslaur> poppler fixes this with the gmallocn cleanups in CVE-2009-3605 + + + + + + + + + + + + CVE-2009-3608 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-10-21 17:30:00 UTC + 2009-10-21 + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3608.html + https://ubuntu.com/security/notices/USN-850-1 + https://ubuntu.com/security/notices/USN-850-3 + https://ubuntu.com/security/notices/USN-973-1 + + + + + + + + + + + + + + CVE-2009-3609 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-10-21 17:30:00 UTC + 2009-10-21 + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3609.html + https://ubuntu.com/security/notices/USN-850-1 + https://ubuntu.com/security/notices/USN-850-3 + https://ubuntu.com/security/notices/USN-973-1 + + + + + + + + + + + + + + CVE-2009-3720 on Ubuntu 20.04 (focal) - low. + The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2009 Canonical Ltd. + 2009-11-03 16:30:00 UTC + 2009-11-03 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551936 + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3720.html + https://ubuntu.com/security/notices/USN-890-1 + https://ubuntu.com/security/notices/USN-890-2 + https://ubuntu.com/security/notices/USN-890-3 + https://ubuntu.com/security/notices/USN-890-4 + https://ubuntu.com/security/notices/USN-890-5 + https://ubuntu.com/security/notices/USN-890-6 + + + + jdstrand> both this and CVE-2009-2625 refer to the same expat bug: This CVE was later assigned to the same issue, since CVE-2009-2625 was worded as a Java vulnerability. Our USN references CVE-2009-2625 and this CVE will be ignored (for expat). jdstrand> jdstrand provided updates in supported releases for expat, xmlrpc-c, cmake, python-xml, python2.4, and python2.5 ebarretto> this is not an issue for vnc4, for more information see: ebarretto> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560949 + + + + + + + + + + + + + + + + + + CVE-2009-3850 on Ubuntu 20.04 (focal) - low. + Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2009 Canonical Ltd. + 2009-11-06 15:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3850.html + + + + kees> user-assisted + + + + + + + + + CVE-2009-4228 on Ubuntu 20.04 (focal) - low. + Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2009 Canonical Ltd. + 2009-12-08 18:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-4228.html + + + + + + + + + + CVE-2009-4490 on Ubuntu 20.04 (focal) - negligible. + mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2010 Canonical Ltd. + 2010-01-13 20:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-4490.html + + + + jdstrand> if there is a problem, it is the terminal that has the issue + + + + + + + + + CVE-2009-4495 on Ubuntu 20.04 (focal) - negligible. + Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2010 Canonical Ltd. + 2010-01-13 20:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-4495.html + + + + jdstrand> if there is a problem, it is the terminal that has the issue + + + + + + + + + CVE-2009-5080 on Ubuntu 20.04 (focal) - low. + The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2011 Canonical Ltd. + 2011-06-30 15:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-5080.html + + + + jdstrand> Debian CVE tracker lists this as fixed in 1.20.1-5, but it is not + + + + + + + + + CVE-2009-5155 on Ubuntu 20.04 (focal) - negligible. + In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-02-26 02:29:00 UTC + 2019-02-26 02:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=11053 + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793 + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806 + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238 + https://sourceware.org/bugzilla/show_bug.cgi?id=18986 + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-5155.html + https://ubuntu.com/security/notices/USN-4954-1 + + + + + + + + + + + + + CVE-2010-0044 on Ubuntu 20.04 (focal) - low. + PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2010 Canonical Ltd. + 2010-03-15 13:28:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-0044.html + + + + + + + + + + + + + CVE-2010-3192 on Ubuntu 20.04 (focal) - negligible. + Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2010 Canonical Ltd. + 2010-10-14 05:58:00 UTC + http://sourceware.org/bugzilla/show_bug.cgi?id=12189 + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3192.html + http://seclists.org/fulldisclosure/2010/Apr/399 + https://sourceware.org/ml/libc-alpha/2017-08/msg00010.html + + + + mdeslaur> upstream has closed this bug as "won't fix". Let's ignore this. tyhicks> upstream has now fixed this CVE so I'm un-ignoring it. We need to verify but we don't think we are vulnerable as we're already disabling the stack trace. + + + + + + + + + CVE-2010-3702 on Ubuntu 20.04 (focal) - medium. + The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2010 Canonical Ltd. + 2010-11-05 18:00:00 UTC + 2010-10-13 + mdeslaur + Joel Voss + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165 + https://bugs.edge.launchpad.net/ubuntu/+source/xpdf/+bug/701220 + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3702.html + https://ubuntu.com/security/notices/USN-1005-1 + + + + + + + + + + + + + + CVE-2010-3703 on Ubuntu 20.04 (focal) - medium. + The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2010 Canonical Ltd. + 2010-11-05 18:00:00 UTC + 2010-10-13 + mdeslaur + Joel Voss + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165 + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3703.html + https://ubuntu.com/security/notices/USN-1005-1 + + + + mdeslaur> only affect poppler versions after b1d4efb082 + + + + + + + + + + + + + CVE-2010-3704 on Ubuntu 20.04 (focal) - medium. + The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2010 Canonical Ltd. + 2010-11-05 18:00:00 UTC + 2010-10-13 + mdeslaur + Joel Voss + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165 + https://bugs.edge.launchpad.net/ubuntu/+source/xpdf/+bug/701220 + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3704.html + https://ubuntu.com/security/notices/USN-1005-1 + + + + + + + + + + + + + + CVE-2010-4001 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to the beginning of LD_LIBRARY_PATH at a later point in the script. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2010 Canonical Ltd. + 2010-11-06 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-4001.html + + + + + + + + + + CVE-2010-4207 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2010 Canonical Ltd. + 2010-11-07 22:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-4207.html + + + + + + + + + + CVE-2010-4208 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2010 Canonical Ltd. + 2010-11-07 22:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-4208.html + + + + + + + + + + CVE-2010-4209 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2010 Canonical Ltd. + 2010-11-07 22:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-4209.html + + + + + + + + + + CVE-2010-4654 on Ubuntu 20.04 (focal) - medium. + poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-13 20:15:00 UTC + Dan Rosenberg + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-4654.html + http://thread.gmane.org/gmane.comp.security.oss.general/4109 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> first patch may change API/ABI mdeslaur> first patch is for protection, second patch actually fixes mdeslaur> particular issue. Second patch is included in Lucid's poppler, mdeslaur> so we're not affected. + + + + + + + + + + + + CVE-2010-5105 on Ubuntu 20.04 (focal) - low. + The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-04-27 20:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621 + http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-5105.html + + + + sbeattie> according to debian report, 2.49.2~dfsg-1 is not affected sbeattie> should be mitigated by yama tmp hardening + + + + + + + + + CVE-2011-0704 on Ubuntu 20.04 (focal) - medium. + 389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-04 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-0704.html + https://bugzilla.redhat.com/show_bug.cgi?id=675320 + https://bugzilla.redhat.com/show_bug.cgi?id=676876 + + + + + + + + + + CVE-2011-0765 on Ubuntu 20.04 (focal) - medium. + Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) 3.x before 3.3 allows local users to gain privileges via a crafted command line. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2011 Canonical Ltd. + 2011-04-10 02:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-0765.html + + + + + + + + + + CVE-2011-1412 on Ubuntu 20.04 (focal) - medium. + sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2011 Canonical Ltd. + 2011-08-04 02:45:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=725951 + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-1412.html + http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html + http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html + + + + + + + + + + CVE-2011-1947 on Ubuntu 20.04 (focal) - low. + fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2011 Canonical Ltd. + 2011-06-02 19:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-1947.html + http://www.fetchmail.info/fetchmail-SA-2011-01.txt + http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt + + + + + + + + + + CVE-2011-2764 on Ubuntu 20.04 (focal) - medium. + The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2011 Canonical Ltd. + 2011-08-04 02:45:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2764.html + https://bugzilla.redhat.com/show_bug.cgi?id=725951 + http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html + + + + + + + + + + CVE-2011-2896 on Ubuntu 20.04 (focal) - medium. + The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2011 Canonical Ltd. + 2011-08-19 17:55:00 UTC + 2011-08-19 + mdeslaur + Tomas Hoger + http://cups.org/str.php?L3867 + http://cups.org/str.php?L3869 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896 + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2896.html + https://ubuntu.com/security/notices/USN-1207-1 + https://ubuntu.com/security/notices/USN-1214-1 + + + + + + + + + + + + + + CVE-2011-3012 on Ubuntu 20.04 (focal) - medium. + The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2011 Canonical Ltd. + 2011-08-09 20:55:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=725951 + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3012.html + + + + + + + + + + CVE-2011-3170 on Ubuntu 20.04 (focal) - medium. + The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2011 Canonical Ltd. + 2011-08-19 17:55:00 UTC + 2011-08-19 + mdeslaur + Tomas Hoger + http://cups.org/str.php?L3914 + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3170.html + https://ubuntu.com/security/notices/USN-1207-1 + + + + mdeslaur> This also affects cups 1.5.x and isn't fixed in 1.5.0 mdeslaur> gimp was fixed correctly with a single commit, so doesn't have mdeslaur> this issue, which is an incomplete fix. + + + + + + + + + + + + CVE-2011-3438 on Ubuntu 20.04 (focal) - medium. + WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-24 19:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3438.html + http://support.apple.com/kb/HT4808 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2011-3699 on Ubuntu 20.04 (focal) - low. + John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2011 Canonical Ltd. + 2011-09-23 23:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3699.html + + + + tyhicks> It isn't clear if the 5.12 release fixed this issue, which is what tyhicks> ships in Debian unstable. + + + + + + + + + CVE-2011-3727 on Ubuntu 20.04 (focal) - low. + DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2011 Canonical Ltd. + 2011-09-23 23:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3727.html + + + + tyhicks> Minimal diff between lib/tpl/index.php in 0.0.20091225c-3 and tyhicks> 0.0.20110525a-2, so I'm marking oneiric as needed. + + + + + + + + + CVE-2011-3744 on Ubuntu 20.04 (focal) - low. + HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2011 Canonical Ltd. + 2011-09-23 23:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3744.html + + + + tyhicks> I don't see anything in the 4.3.0 changelog suggesting that this tyhicks> was fixed. Marking as 'needed' in Oneiric and upstream. + + + + + + + + + CVE-2011-3761 on Ubuntu 20.04 (focal) - low. + NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2011 Canonical Ltd. + 2011-09-24 00:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3761.html + + + + + + + + + + CVE-2011-3818 on Ubuntu 20.04 (focal) - low. + WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2011 Canonical Ltd. + 2011-09-24 00:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3818.html + + + + + + + + + + CVE-2011-3821 on Ubuntu 20.04 (focal) - low. + xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xajax_core/plugin_layer/xajaxScriptPlugin.inc.php and certain other files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2011 Canonical Ltd. + 2011-09-24 00:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3821.html + + + + + + + + + + CVE-2011-4078 on Ubuntu 20.04 (focal) - medium. + include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2011 Canonical Ltd. + 2011-11-03 15:55:00 UTC + http://trac.roundcube.net/ticket/1488086 + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4078.html + http://openwall.com/lists/oss-security/2011/10/26/6 + + + + mdeslaur> related issue to CVE-2011-3379 + + + + + + + + + CVE-2011-4115 on Ubuntu 20.04 (focal) - low. + Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-31 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4115.html + https://rt.cpan.org/Public/Bug/Display.html?id=68298 + + + + + + + + + + CVE-2011-4604 on Ubuntu 20.04 (focal) - medium. + The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2013 Canonical Ltd. + 2013-06-07 14:03:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4604.html + + + + + + + + + + CVE-2011-4898 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2012 Canonical Ltd. + 2012-01-30 17:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4898.html + + + + + + + + + + CVE-2011-4899 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2012 Canonical Ltd. + 2012-01-30 17:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4899.html + + + + + + + + + + CVE-2011-4931 on Ubuntu 20.04 (focal) - low. + gpw generates shorter passwords than required + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651510 + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4931.html + http://openwall.com/lists/oss-security/2012/01/17/2 + + + + + + + + + + CVE-2011-5055 on Ubuntu 20.04 (focal) - medium. + MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2012 Canonical Ltd. + 2012-01-08 00:55:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=771428 + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-5055.html + http://samiam.org/blog/20111230.html + + + + + + + + + + CVE-2011-5056 on Ubuntu 20.04 (focal) - medium. + The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2012 Canonical Ltd. + 2012-01-08 00:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-5056.html + http://samiam.org/blog/20111229.html + + + + + + + + + + CVE-2012-0782 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2012 Canonical Ltd. + 2012-01-30 17:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0782.html + + + + + + + + + + CVE-2012-0876 on Ubuntu 20.04 (focal) - medium. + The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2012 Canonical Ltd. + 2012-07-03 19:55:00 UTC + 2012-07-03 + http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127 + https://bugzilla.redhat.com/show_bug.cgi?id=786617 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663579 + http://bugs.python.org/issue14234 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0876.html + http://blog.gmane.org/gmane.text.xml.expat.bugs/month=20120301 + http://www.openwall.com/lists/oss-security/2012/03/09/1 + https://rhn.redhat.com/errata/RHSA-2012-0731.html + https://ubuntu.com/security/notices/USN-1527-1 + https://ubuntu.com/security/notices/USN-1527-2 + https://ubuntu.com/security/notices/USN-1613-1 + https://ubuntu.com/security/notices/USN-1613-2 + + + + jdstrand> RedHat issued https://rhn.redhat.com/errata/RHBA-2012-1250.html for python as a result of the added XML_SetHashSalt symbol ebarretto> tla uses system expat as of 1.3.5+dfsg-15 + + + + + + + + + + + + + + + + + CVE-2012-0880 on Ubuntu 20.04 (focal) - medium. + Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 21:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=787103 + https://access.redhat.com/security/cve/cve-2012-0880 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0880.html + + + + mikesalvatore> No fix could be found as of 2018-10-24. + + + + + + + + + CVE-2012-0881 on Ubuntu 20.04 (focal) - low. + Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-30 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0881.html + + + + + + + + + + CVE-2012-0937 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2012 Canonical Ltd. + 2012-01-30 17:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0937.html + + + + + + + + + + CVE-2012-1093 on Ubuntu 20.04 (focal) - low. + The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-21 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661627 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1093.html + + + + mdeslaur> xorg server is actually the xorg-server package mdeslaur> the xorg package only contains docs + + + + + + + + + CVE-2012-1096 on Ubuntu 20.04 (focal) - low. + NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 17:15:00 UTC + Ludwig Nussel + https://bugzilla.novell.com/show_bug.cgi?id=738073 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684259 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096 + https://bugzilla.gnome.org/show_bug.cgi?id=793329 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1096.html + http://www.openwall.com/lists/oss-security/2012/02/29/2 + + + + tyhicks> Reproducer in the oss-security CVE request mdeslaur> doesn't seem to have a fix yet as of 2021-04-06 + + + + + + + + + CVE-2012-1148 on Ubuntu 20.04 (focal) - low. + Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2012 Canonical Ltd. + 2012-07-03 19:55:00 UTC + 2012-07-03 + Tim Boddy + http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127 + https://bugzilla.redhat.com/show_bug.cgi?id=801648 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1148.html + http://mail.python.org/pipermail/expat-bugs/2010-February/002870.html + http://www.openwall.com/lists/oss-security/2012/03/09/1 + https://ubuntu.com/security/notices/USN-1527-1 + https://ubuntu.com/security/notices/USN-1527-2 + https://ubuntu.com/security/notices/USN-1613-1 + https://ubuntu.com/security/notices/USN-1613-2 + + + + ebarretto> tla uses system expat as of 1.3.5+dfsg-15 + + + + + + + + + + + + + + + + + CVE-2012-2666 on Ubuntu 20.04 (focal) - low. + golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-09 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2666.html + https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd + https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666 + https://codereview.appspot.com/5992078 + https://bugzilla.suse.com/show_bug.cgi?id=765455 + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. sbeattie> fixed in 1.0.2 + + + + + + + + + + + + + CVE-2012-3482 on Ubuntu 20.04 (focal) - low. + Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2012 Canonical Ltd. + 2012-12-21 05:46:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=847988 + https://bugs.launchpad.net/bugs/1036509 + https://bugs.gentoo.org/show_bug.cgi?id=431284 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3482.html + http://www.fetchmail.info/fetchmail-SA-2012-02.txt + + + + + + + + + + CVE-2012-4230 on Ubuntu 20.04 (focal) - medium. + The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-04-25 14:15:00 UTC + Zach Alexander + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4230.html + http://xforce.iss.net/xforce/xfdb/82744 + http://www.madirish.net/554 + http://seclists.org/fulldisclosure/2013/Mar/114 + http://packetstormsecurity.com/files/120750/TinyMCE-3.5.8-Cross-Site-Scripting.html + http://osvdb.org/91130 + + + + + + + + + + CVE-2012-4542 on Ubuntu 20.04 (focal) - low. + block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2013 Canonical Ltd. + 2013-02-28 19:55:00 UTC + Paolo Bonzini + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4542 + https://launchpad.net/bugs/1131331 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4542.html + https://rhn.redhat.com/errata/RHSA-2013-0496.html + http://marc.info/?l=linux-kernel&m=135903967015813&w=2 + https://lkml.org/lkml/2013/1/24/279 + https://lkml.org/lkml/2013/5/23/292 + https://lkml.org/lkml/2014/8/27/170 + + + + sbeattie> never applied upstream (see 27 Aug 2014 email from Paolo) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2012-5521 on Ubuntu 20.04 (focal) - low. + quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-25 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102 + https://bugzilla.redhat.com/show_bug.cgi?id=876197 + https://bugzilla.quagga.net/show_bug.cgi?id=747 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5521.html + http://www.openwall.com/lists/oss-security/2012/11/13/7 + http://www.openwall.com/lists/oss-security/2012/11/13 + + + + mdeslaur> no upstream fix as of 2018-02-19 mdeslaur> upstream having trouble reproducing + + + + + + + + + CVE-2012-5662 on Ubuntu 20.04 (focal) - medium. + x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-05-27 14:55:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706547 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5662.html + http://www.openwall.com/lists/oss-security/2013/03/21 + + + + + + + + + + CVE-2012-5867 on Ubuntu 20.04 (focal) - low. + HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-23 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5867.html + http://www.openwall.com/lists/oss-security/2012/11/14 + http://www.exploit-db.com/exploits/22683/ + + + + + + + + + + CVE-2012-6112 on Ubuntu 20.04 (focal) - medium. + classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2013 Canonical Ltd. + 2013-01-27 22:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6112.html + http://www.tinymce.com/develop/changelog/?type=phpspell + http://www.tinymce.com/forum/viewtopic.php?id=30036 + http://www.openwall.com/lists/oss-security/2013/01/17 + + + + + + + + + + CVE-2012-6615 on Ubuntu 20.04 (focal) - medium. + The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2013 Canonical Ltd. + 2013-12-24 20:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6615.html + + + + amurray> The Debian chromium source package is called chromium-browser in Ubuntu mdeslaur> starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap + + + + + + + + + + + + + + + CVE-2012-6616 on Ubuntu 20.04 (focal) - medium. + The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2013 Canonical Ltd. + 2013-12-24 20:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6616.html + + + + amurray> The Debian chromium source package is called chromium-browser in Ubuntu mdeslaur> starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap + + + + + + + + + + + + + + + CVE-2012-6617 on Ubuntu 20.04 (focal) - medium. + The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2013 Canonical Ltd. + 2013-12-24 20:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6617.html + + + + amurray> The Debian chromium source package is called chromium-browser in Ubuntu mdeslaur> starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap + + + + + + + + + + + + + + + + CVE-2012-6618 on Ubuntu 20.04 (focal) - untriaged. + The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate." + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2013 Canonical Ltd. + 2013-12-24 20:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6618.html + + + + + + + + + + CVE-2012-6655 on Ubuntu 20.04 (focal) - low. + An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-27 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757912 + https://bugs.freedesktop.org/show_bug.cgi?id=55000 + https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/8 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6655.html + http://openwall.com/lists/oss-security/2014/08/15/5 + + + + mdeslaur> as of 2020-10-21, still no fix from upstream + + + + + + + + + CVE-2012-6702 on Ubuntu 20.04 (focal) - medium. + Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-16 18:59:00 UTC + 2012-12-31 + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6702 + https://bugzilla.redhat.com/show_bug.cgi?id=1197087 + https://sourceforge.net/p/expat/bugs/499/ + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6702.html + http://seclists.org/oss-sec/2016/q2/468 + https://ubuntu.com/security/notices/USN-3013-1 + https://ubuntu.com/security/notices/USN-3010-1 + + + + sbeattie> tla uses system expat as of 1.3.5+dfsg-15 + + + + + + + + + + + + + CVE-2012-6707 on Ubuntu 20.04 (focal) - low. + WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6707.html + https://core.trac.wordpress.org/ticket/21022 + + + + + + + + + + CVE-2012-6709 on Ubuntu 20.04 (focal) - low. + ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-23 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510417 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891575 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-6709.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658 + https://bugzilla.redhat.com/show_bug.cgi?id=881399 + https://github.com/nabetaro/elinks/issues/1 + + + + + + + + + + CVE-2013-0157 on Ubuntu 20.04 (focal) - low. + (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-01-21 18:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697464 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0157.html + + + + + + + + + + CVE-2013-0162 on Ubuntu 20.04 (focal) - low. + The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2013 Canonical Ltd. + 2013-03-01 05:40:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0162.html + http://www.openwall.com/lists/oss-security/2013/02/22/5 + + + + mdeslaur> probably mitigated by Yama + + + + + + + + + CVE-2013-0342 on Ubuntu 20.04 (focal) - medium. + The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-09 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701151 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0342.html + + + + + + + + + + CVE-2013-1438 on Ubuntu 20.04 (focal) - medium. + Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-01-19 18:02:00 UTC + 2013-08-30 + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721235 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721239 (libkdcraw) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721232 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721233 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721234 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721231 (libraw) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721237 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721236 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721238 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1438.html + http://www.openwall.com/lists/oss-security/2013/08/29/3 + https://ubuntu.com/security/notices/USN-1964-1 + https://ubuntu.com/security/notices/USN-1978-1 + + + + jdstrand> upstream says to use 0.14-stable branch from github repo sbeattie> darktable as of 2.0.0 does not have embedded LibRaw anymore + + + + + + + + + + + + + + + CVE-2013-1816 on Ubuntu 20.04 (focal) - medium. + MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-20 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1816.html + https://bugzilla.wikimedia.org/show_bug.cgi?id=44135 + https://bugzilla.wikimedia.org/show_bug.cgi?id=42441 + http://www.openwall.com/lists/oss-security/2013/03/05/4 + + + + + + + + + + CVE-2013-1817 on Ubuntu 20.04 (focal) - medium. + MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-20 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702305 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1817.html + http://www.openwall.com/lists/oss-security/2013/03/05/4 + https://bugzilla.wikimedia.org/show_bug.cgi?id=43518 + + + + + + + + + + CVE-2013-1841 on Ubuntu 20.04 (focal) - low. + Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-06-13 14:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702914 + https://rt.cpan.org/Ticket/Display.html?id=83909 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1841.html + https://rt.cpan.org/Ticket/Display.html?id=83909 + http://www.openwall.com/lists/oss-security/2013/03/04/10 + + + + + + + + + + CVE-2013-1951 on Ubuntu 20.04 (focal) - low. + A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-31 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1951.html + http://www.openwall.com/lists/oss-security/2013/04/16 + + + + + + + + + + CVE-2013-20001 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-12 20:15:00 UTC + https://github.com/openzfs/zfs/issues/1894#issuecomment-30693652 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-20001.html + https://github.com/openzfs/zfs/releases + + + + mdeslaur> as of 2021-03-23, there doesn't appear to be an upstream fix mdeslaur> available + + + + + + + + + CVE-2013-2024 on Ubuntu 20.04 (focal) - medium. + OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-31 20:15:00 UTC + Florian Zumbiehl + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2024.html + http://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html + + + + + + + + + + CVE-2013-2099 on Ubuntu 20.04 (focal) - low. + Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2013 Canonical Ltd. + 2013-10-09 14:53:00 UTC + 2013-05-16 + mdeslaur + Florian Weimer + http://bugs.python.org/issue17980 + https://github.com/facebook/tornado/issues/799 + https://bugzilla.redhat.com/show_bug.cgi?id=963260 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708530 (python 3.3) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709066 (python 2.7) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709067 (linkchecker) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709068 (bzr) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709069 (python-tornado) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709070 (python-urllib3) + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2099.html + http://www.openwall.com/lists/oss-security/2013/05/16/6 + http://bugs.python.org/issue17980 + https://ubuntu.com/security/notices/USN-1983-1 + https://ubuntu.com/security/notices/USN-1985-1 + https://ubuntu.com/security/notices/USN-1984-1 + + + + + + + + + + + + + + + + CVE-2013-2114 on Ubuntu 20.04 (focal) - medium. + Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2013 Canonical Ltd. + 2013-11-18 02:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2114.html + + + + + + + + + + CVE-2013-2131 on Ubuntu 20.04 (focal) - low. + Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-01-04 21:59:00 UTC + Thomas Pollet + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708866 + https://github.com/oetiker/rrdtool-1.x/issues/396 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2131 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2131.html + http://www.openwall.com/lists/oss-security/2013/04/18/5 + + + + + + + + + + CVE-2013-2561 on Ubuntu 20.04 (focal) - low. + OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2013 Canonical Ltd. + 2013-11-23 18:55:00 UTC + Larry W. Cashdollar + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2561.html + https://bugzilla.redhat.com/show_bug.cgi?id=927430 + http://seclists.org/oss-sec/2013/q1/751 + + + + + + + + + + CVE-2013-4158 on Ubuntu 20.04 (focal) - medium. + smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4158.html + http://www.openwall.com/lists/oss-security/2013/07/19 + + + + + + + + + + CVE-2013-4235 on Ubuntu 20.04 (focal) - low. + shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 15:15:00 UTC + Florian Weimer + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778950 + https://bugzilla.redhat.com/show_bug.cgi?id=884658 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4235.html + + + + + + + + + + CVE-2013-4303 on Ubuntu 20.04 (focal) - medium. + includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4303.html + https://bugzilla.wikimedia.org/show_bug.cgi?id=52746 + + + + + + + + + + CVE-2013-4419 on Ubuntu 20.04 (focal) - low. + The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2013 Canonical Ltd. + 2013-11-05 20:55:00 UTC + Michael Scherer + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4419.html + https://bugzilla.redhat.com/show_bug.cgi?id=1016960 + + + + + + + + + + CVE-2013-4453 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2013 Canonical Ltd. + 2013-11-05 20:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4453.html + + + + + + + + + + CVE-2013-4488 on Ubuntu 20.04 (focal) - low. + libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-10-10 01:55:00 UTC + https://bugzilla.novell.com/show_bug.cgi?id=848653 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4488 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4488.html + http://www.openwall.com/lists/oss-security/2013/10/31 + http://www.mail-archive.com/libgadu-devel@lists.ziew.org/msg01017.html + + + + mdeslaur> we build with the gnutls backend mdeslaur> upstream certs don't actually match host names used, so mdeslaur> correct cert validation is difficult. + + + + + + + + + CVE-2013-4492 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2013 Canonical Ltd. + 2013-12-07 00:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4492.html + https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ + https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445 + http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/ + + + + + + + + + + CVE-2013-4517 on Ubuntu 20.04 (focal) - low. + Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-01-11 01:55:00 UTC + James Forshaw + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4517.html + http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc + + + + + + + + + + CVE-2013-4584 on Ubuntu 20.04 (focal) - low. + Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-15 15:15:00 UTC + Daniel Kahn Gillmor + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4584.html + http://www.openwall.com/lists/oss-security/2013/11/13/2 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729028 + + + + + + + + + + CVE-2013-5106 on Ubuntu 20.04 (focal) - medium. + A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-12 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-5106.html + http://github.com/klen/python-mode/issues/162 + + + + + + + + + + CVE-2013-5321 on Ubuntu 20.04 (focal) - medium. + Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2013 Canonical Ltd. + 2013-08-20 14:56:00 UTC + Glafkos Charalambous + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-5321.html + http://www.exploit-db.com/exploits/26406 + + + + + + + + + + CVE-2013-6825 on Ubuntu 20.04 (focal) - medium. + (1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-06-10 14:55:00 UTC + Hector Marco + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-6825.html + http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html + http://secunia.com/advisories/58916 + http://seclists.org/fulldisclosure/2014/Jun/11 + http://packetstormsecurity.com/files/126883/DCMTK-Privilege-Escalation.html + http://git.dcmtk.org/web?p=dcmtk.git;a=blob;f=CHANGES.361 + + + + seth-arnold> Debian adds "NOTE: Not running with elevated privileges in Debian packaging" + + + + + + + + + CVE-2013-7110 on Ubuntu 20.04 (focal) - medium. + Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-05-02 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7110.html + https://github.com/transifex/transifex-client/issues/42 + https://github.com/transifex/transifex-client/commit/6d69d61 + http://www.openwall.com/lists/oss-security/2013/12/15 + + + + mdeslaur> fix for CVE-2013-2073 was incomplete + + + + + + + + + CVE-2013-7233 on Ubuntu 20.04 (focal) - low. + Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2013 Canonical Ltd. + 2013-12-30 04:53:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7233.html + http://seclists.org/fulldisclosure/2013/Dec/145 + + + + + + + + + + CVE-2013-7370 on Ubuntu 20.04 (focal) - medium. + node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 14:15:00 UTC + Sergio Arcos + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744374 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7370.html + https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting + https://github.com/senchalabs/connect/issues/831 + + + + + + + + + + CVE-2013-7401 on Ubuntu 20.04 (focal) - medium. + The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-12-19 20:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7401.html + http://www.openwall.com/lists/oss-security/2014/09/01/10 + http://www.openwall.com/lists/oss-security/2014/09/15 + + + + + + + + + + CVE-2013-7402 on Ubuntu 20.04 (focal) - medium. + Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-12-17 19:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7402.html + http://www.openwall.com/lists/oss-security/2014/09/15 + + + + + + + + + + CVE-2013-7444 on Ubuntu 20.04 (focal) - medium. + The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-09-01 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7444.html + https://phabricator.wikimedia.org/T106893 + https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e + http://www.openwall.com/lists/oss-security/2015/08/27 + + + + + + + + + + CVE-2013-7445 on Ubuntu 20.04 (focal) - medium. + The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-10-16 01:59:00 UTC + https://bugzilla.kernel.org/show_bug.cgi?id=60533 + https://launchpad.net/bugs/1508323 + https://bugs.freedesktop.org/show_bug.cgi?id=106136 + https://gitlab.freedesktop.org/drm/intel/-/issues/110 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7445.html + https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing) + + + + sbeattie> no progress by upstream on fixing this. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2013-7447 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-02-17 15:59:00 UTC + 2013-12-31 + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275 + https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811 + https://bugzilla.gnome.org/show_bug.cgi?id=703220 + https://github.com/mate-desktop/eom/issues/93 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7447.html + http://www.openwall.com/lists/oss-security/2016/02/10/2 + https://ubuntu.com/security/notices/USN-2898-1 + https://ubuntu.com/security/notices/USN-2898-2 + + + + + + + + + + + + + + + CVE-2013-7469 on Ubuntu 20.04 (focal) - medium. + Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-21 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7469.html + https://drive.google.com/file/d/1rwYsnuhZZxmSR6Zs8rJlWW3R27XBOSJU/view + https://github.com/haiwen/seafile/issues/350 + + + + + + + + + + CVE-2013-7484 on Ubuntu 20.04 (focal) - low. + Zabbix before 5.0 represents passwords in the users table with unsalted MD5. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-30 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7484.html + https://support.zabbix.com/browse/ZBX-16551 + https://support.zabbix.com/browse/ZBXNEXT-1898 + + + + ebarretto> Current fix is still in development branch. + + + + + + + + + CVE-2013-7488 on Ubuntu 20.04 (focal) - low. + perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-07 18:15:00 UTC + https://github.com/gbarr/perl-Convert-ASN1/issues/14 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956186 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7488.html + + + + mdeslaur> as of 2020-04-14, proposed fix not commited upstream + + + + + + + + + CVE-2013-7489 on Ubuntu 20.04 (focal) - medium. + The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-26 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7489.html + https://github.com/bbangert/beaker/issues/191 + https://www.openwall.com/lists/oss-security/2020/05/14/11 + https://bugzilla.redhat.com/show_bug.cgi?id=1850105 + + + + + + + + + + CVE-2014-0021 on Ubuntu 20.04 (focal) - low. + Chrony before 1.29.1 has traffic amplification in cmdmon protocol Miroslav Lichvar discovered that Chrony is affected by traffic amplification attacks. A remote attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-15 15:15:00 UTC + Miroslav Lichvar + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0021.html + http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2014/01/msg00005.html + + + + seth-arnold> A fix will likely require protocol changes + + + + + + + + + CVE-2014-0083 on Ubuntu 20.04 (focal) - medium. + The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 14:15:00 UTC + Pierre Carrier + https://bugzilla.redhat.com/show_bug.cgi?id=1065086 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0083.html + https://github.com/ruby-ldap/ruby-net-ldap/blob/master/lib/net/ldap/password.rb + + + + + + + + + + CVE-2014-0114 on Ubuntu 20.04 (focal) - medium. + Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could use this vulnerability to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-04-30 10:49:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0114.html + https://bugzilla.redhat.com/show_bug.cgi?id=1091938 + + + + + + + + + + CVE-2014-0175 on Ubuntu 20.04 (focal) - negligible. + mcollective has a default password set at install + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-12-13 13:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0175 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0175.html + + + + + + + + + + CVE-2014-0225 on Ubuntu 20.04 (focal) - medium. + When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. It was discovered that the Spring Framework incorrectly handled XML documents. An attacker could possibly use this issue to cause a denial of service, disclosure of information or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-25 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0225.html + + + + + + + + + + CVE-2014-0459 on Ubuntu 20.04 (focal) - low. + Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-04-16 01:55:00 UTC + 2014-04-15 + https://github.com/mm2/Little-CMS/issues/29 + https://github.com/mm2/Little-CMS/issues/30 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745471 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0459.html + http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html + https://ubuntu.com/security/notices/USN-2187-1 + https://ubuntu.com/security/notices/USN-2191-1 + + + + mdeslaur> in lucid+, NetX and the plugin moved to the icedtea-web package jdstrand> sun-java6 is not redistributable, no longer in the archive and no longer tracked jdstrand> sun-java5 is EOL upstream and no longer tracked mdeslaur> See lcms2 regression in bug #30 + + + + + + + + + CVE-2014-10064 on Ubuntu 20.04 (focal) - medium. + The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-31 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-10064.html + https://nodesecurity.io/advisories/28 + + + + ebarretto> Not much information, except for an advisory + + + + + + + + + CVE-2014-10077 on Ubuntu 20.04 (focal) - medium. + Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. It was discovered that Ruby I18n did not properly handle certain input. An attacker could use this vulnerability to cause a denial of service (crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-06 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-10077.html + https://github.com/rubysec/ruby-advisory-db/pull/182/files + https://github.com/svenfuchs/i18n/pull/289 + https://github.com/svenfuchs/i18n/releases/tag/v0.8.0 + + + + + + + + + + CVE-2014-10402 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 16:15:00 UTC + https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-10402.html + + + + leosilva> deferred 2021-06-14 as there is no upstream fix yet. + + + + + + + + + CVE-2014-1686 on Ubuntu 20.04 (focal) - negligible. + MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-04-16 09:58:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1686.html + http://seclists.org/fulldisclosure/2014/Mar/102 + + + + sbeattie> paths in mediawiki package are known + + + + + + + + + CVE-2014-1869 on Ubuntu 20.04 (focal) - negligible. + Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters). + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2014 Canonical Ltd. + 2014-02-08 00:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763899 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1869.html + + + + ebarretto> issue in -doc package + + + + + + + + + CVE-2014-1879 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-02-20 15:27:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1879.html + https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a + http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php + + + + + + + + + + CVE-2014-1935 on Ubuntu 20.04 (focal) - low. + 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 15:15:00 UTC + Jakub Wilk + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737206 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1935.html + + + + + + + + + + CVE-2014-2570 on Ubuntu 20.04 (focal) - low. + Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-08-31 18:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2570.html + http://seclists.org/bugtraq/2014/Mar/128 + + + + + + + + + + CVE-2014-2913 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-05-07 10:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745272 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2913.html + http://seclists.org/fulldisclosure/2014/Apr/240 + http://seclists.org/fulldisclosure/2014/Apr/242 + + + + seth-arnold> I marked this 'low' because arguments are discouraged for many environments, access to NRPE can be restricted with firewalling or other user access controls, and this might plausibly be a feature. + + + + + + + + + CVE-2014-3004 on Ubuntu 20.04 (focal) - medium. + The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-06-11 14:55:00 UTC + Ron Gutierrez and Adam Bixby + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3004.html + http://seclists.org/fulldisclosure/2014/May/142 + http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html + + + + + + + + + + CVE-2014-3005 on Ubuntu 20.04 (focal) - medium. + XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. It was discovered that Zabbix incorrectly handled certain XML files. A remote attacker could possibly use this issue to read arbitrary files or potentially execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-01 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751910 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3005.html + http://seclists.org/fulldisclosure/2014/Jun/87 + + + + + + + + + + CVE-2014-3137 on Ubuntu 20.04 (focal) - medium. + Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code. It was discovered that Bottle does not properly limit content types. A remote attacker could possibly use this to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-10-25 22:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746322 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3137.html + + + + + + + + + + CVE-2014-3248 on Ubuntu 20.04 (focal) - low. + Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-11-16 17:59:00 UTC + 2014-11-16 + Dennis Rowe + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3248.html + http://puppetlabs.com/security/cve/cve-2014-3248 + http://www.openwall.com/lists/oss-security/2014/07/08/2 + https://ubuntu.com/security/notices/USN-3308-1 + + + + + + + + + + + + + + CVE-2014-3421 on Ubuntu 20.04 (focal) - medium. + lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-05-08 10:55:00 UTC + Steve Kemp + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747100 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3421.html + http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html + http://openwall.com/lists/oss-security/2014/05/07/7 + http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8 + + + + + + + + + + CVE-2014-3495 on Ubuntu 20.04 (focal) - low. + duplicity 0.6.24 has improper verification of SSL certificates + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-13 14:15:00 UTC + Eric Christensen + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751902 + https://bugs.launchpad.net/duplicity/+bug/1314234 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3495.html + + + + mdeslaur> Amazon certificate is still mismatched as of 2015-07-30 mdeslaur> No fix from upstream as of 2015-07-30 + + + + + + + + + CVE-2014-3539 on Ubuntu 20.04 (focal) - medium. + base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-06 16:29:00 UTC + Kurt Seifried and Vasyl Kaigorodov + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777525 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3539.html + https://bugzilla.redhat.com/show_bug.cgi?id=1116485 + + + + + + + + + + CVE-2014-3578 on Ubuntu 20.04 (focal) - medium. + Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. It was discovered that Spring Framework incorrectly handled URL inputs. An attacker could possibly use this issue to read arbitrary files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-02-19 20:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760733 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3578.html + + + + + + + + + + CVE-2014-3619 on Ubuntu 20.04 (focal) - medium. + The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. It was discovered that GlusterFS incorrectly handled network requests. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-03-27 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3619.html + http://review.gluster.org/#/c/8848/ + https://bugzilla.redhat.com/show_bug.cgi?id=1136712 + + + + + + + + + + CVE-2014-3625 on Ubuntu 20.04 (focal) - medium. + Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. It was discovered that Spring Framework incorrectly handled inputs. A remote attacker could possibly use this issue to read arbitrary files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-11-20 17:50:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769698 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3625.html + https://github.com/spring-projects/spring-framework/commit/3f68cd + http://www.pivotal.io/security/cve-2014-3625 + + + + + + + + + + CVE-2014-4607 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-12 14:15:00 UTC + 2014-07-09 + Don A. Bailey + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752861 + https://bugzilla.redhat.com/show_bug.cgi?id=1112418 + https://bugs.launchpad.net/ubuntu/+source/krfb/+bug/1352421 (krfb) + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4607.html + https://rhn.redhat.com/errata/RHSA-2014-0861.html + https://ubuntu.com/security/notices/USN-2300-1 + http://www.kde.org/info/security/advisory-20140803-1.txt (krfb) + + + + amurray| grub2 has a vendored copy of minilzo which is part of lzo2 so likely any vulnerabilities that affect lzo2 may also affect minilzo in grub2 and hence grub2-signed mdeslaur> grub2 since bug 1911440 now pulls in the system lzo2 when mdeslaur> building, so focal+ is fixed mdeslaur> grub2-signed on bionic now ships the grub binary built on a mdeslaur> later release, so it is not vulnerable to this CVE + + + + + + + + + + + + + + CVE-2014-4611 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715. Don Bailey and Ludvig Strigeus discovered an integer overflow in the Linux kernel's implementation of the LZ4 decompression algorithm, when used by code not complying with API limitations. An attacker could exploit this flaw to cause a denial of service (memory corruption) or possibly other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-07-03 04:22:00 UTC + 2014-07-03 + Don Bailey, Ludvig Strigeus + https://launchpad.net/bugs/1335314 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4611.html + https://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html + https://fastcompression.blogspot.ca/2014/06/debunking-lz4-20-years-old-bug-myth.html + https://ubuntu.com/security/notices/USN-2287-1 + https://ubuntu.com/security/notices/USN-2288-1 + https://ubuntu.com/security/notices/USN-2289-1 + https://ubuntu.com/security/notices/USN-2290-1 + + + + jdstrand> android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels ebarretto> commented out the packages that are old so we can have this CVE in ebarretto> active/ again. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2014-4658 on Ubuntu 20.04 (focal) - medium. + The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. It was discovered that Ansible did not properly set permissions upon creation or modification of a vault file. A local attacker could use this to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4658.html + http://www.openwall.com/lists/oss-security/2014/06/26/19 + + + + + + + + + + CVE-2014-4660 on Ubuntu 20.04 (focal) - medium. + Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format. It was discovered that Ansible created filenames containing sensitive information. An attacker could use this vulnerability to obtain unauthorized access to a private Ubuntu repository. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-20 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4660.html + http://www.openwall.com/lists/oss-security/2014/06/26/19 + + + + + + + + + + CVE-2014-4678 on Ubuntu 20.04 (focal) - medium. + The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. It was discovered that Ansible mishandled certain input. A remote attacker could use this to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-20 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4678.html + https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916 + + + + seth-arnold> This CVE was the result of an incomplete fix for CVE-2014-4657 + + + + + + + + + CVE-2014-4715 on Ubuntu 20.04 (focal) - medium. + Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611. It was discovered that LZ4 incorrectly handled integers. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-07-03 04:22:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4715.html + http://seclists.org/oss-sec/2014/q2/676 + https://code.google.com/p/lz4/issues/detail?id=134 + https://code.google.com/p/lz4/source/detail?r=119 + http://fastcompression.blogspot.fr/2014/07/software-vulnerabilities-how-it-works.html + http://blog.securitymouse.com/2014/07/i-was-wrong-proving-lz4-exploitable.html + + + + mdeslaur> code in grub2 is different, no indication it is vulnerable to mdeslaur> the same issue. Marking as not-affected. + + + + + + + + + + + + + CVE-2014-4722 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-07-07 14:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4722.html + http://packetstormsecurity.com/files/127295/OCS-Inventory-NG-Cross-Site-Scripting.html + + + + + + + + + + CVE-2014-4883 on Ubuntu 20.04 (focal) - medium. + resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-11-28 02:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4883.html + https://bugzilla.redhat.com/show_bug.cgi?id=1169008 + http://www.kb.cert.org/vuls/id/210620 + http://git.savannah.gnu.org/cgit/lwip.git/commit/?id=9fb46e120655ac481b2af8f865d5ae56c39b831a + + + + + + + + + + CVE-2014-4927 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-07-24 14:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4927.html + http://www.exploit-db.com/exploits/34102 + http://packetstormsecurity.com/files/127544/ACME-micro_httpd-Denial-Of-Service.html + http://osvdb.org/show/osvdb/109356 + + + + seth-arnold> No source control or issue tracker for micro-httpd + + + + + + + + + CVE-2014-4955 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-07-20 11:12:00 UTC + Frans Rosén + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4955.html + https://github.com/phpmyadmin/phpmyadmin/commit/10014d4dc596b9e3a491bf04f3e708cf1887d5e1 + http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php + + + + + + + + + + CVE-2014-4967 on Ubuntu 20.04 (focal) - medium. + Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. It was discovered that Ansible mishandled certain input. A remote attacker could use this to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-18 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4967.html + https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871 + http://www.openwall.com/lists/oss-security/2014/07/22 + + + + + + + + + + CVE-2014-4986 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-07-20 11:12:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4986.html + https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d + http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php + + + + + + + + + + CVE-2014-4987 on Ubuntu 20.04 (focal) - medium. + server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-07-20 11:12:00 UTC + Chirayu Chiripal + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4987.html + https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5 + http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php + + + + + + + + + + CVE-2014-5011 on Ubuntu 20.04 (focal) - low. + DOMPDF before 0.6.2 allows Information Disclosure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-10 06:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813849 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5011.html + https://github.com/dompdf/dompdf/releases/tag/v0.6.2 + + + + + + + + + + CVE-2014-5012 on Ubuntu 20.04 (focal) - low. + DOMPDF before 0.6.2 allows denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-10 06:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813849 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5012.html + https://github.com/dompdf/dompdf/releases/tag/v0.6.2 + + + + + + + + + + CVE-2014-5013 on Ubuntu 20.04 (focal) - medium. + DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-10 06:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813849 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5013.html + https://github.com/dompdf/dompdf/releases/tag/v0.6.2 + + + + + + + + + + CVE-2014-5044 on Ubuntu 20.04 (focal) - low. + Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-07 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5044.html + https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721 + http://www.openwall.com/lists/oss-security/2014/07/23/7 + + + + sbeattie> issues are in libgfortran/fortran runtime sbeattie> gcc-avr only builds gcc and g++ compilers/runtimes sbeattie> gcc-X.X-cross packages have fortran compiler/runtimes in universe sbeattie> gcc-XX-defaults packages do not actually include gcc, just symlinks to the default version to use per release/arch/tool sbeattie> gccgo packages are (surprise!) only interested in go runtimes sbeattie> gcc-opt is a wrapper for setting gcc arguments + + + + + + + + + + + + + CVE-2014-5209 on Ubuntu 20.04 (focal) - low. + An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5209.html + https://exchange.xforce.ibmcloud.com/vulnerabilities/95841 + https://support.f5.com/csp/article/K44942017 + https://support.f5.com/csp/article/K44942017?utm_source=f5support&amp;utm_medium=RSS + + + + mdeslaur> mode 7 is disabled by default in 4.2.8, marking relevant mdeslaur> releases as not-affected + + + + + + + + + CVE-2014-5273 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-08-22 01:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758536 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5273.html + http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php + + + + + + + + + + CVE-2014-5274 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-08-22 01:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758536 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5274.html + http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php + + + + + + + + + + CVE-2014-5459 on Ubuntu 20.04 (focal) - negligible. + The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2014 Canonical Ltd. + 2014-09-27 10:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759282 + https://pear.php.net/bugs/bug.php?id=18056 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5459.html + + + + jdstrand> Upstream states this is a known issue sbeattie> upstream claims fixed in 1.9.2, but still uses /tmp/pear/ according to debian bug report mdeslaur> 1.9.2+ only a DoS + + + + + + + + + CVE-2014-6053 on Ubuntu 20.04 (focal) - medium. + The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-12-15 18:59:00 UTC + 2014-09-24 + mdeslaur + Nicolas Ruff + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6053.html + http://seclists.org/oss-sec/2014/q3/639 + http://www.kde.org/info/security/advisory-20140923-1.txt + http://www.ocert.org/advisories/ocert-2014-007.html + https://ubuntu.com/security/notices/USN-2365-1 + https://ubuntu.com/security/notices/USN-4573-1 + https://ubuntu.com/security/notices/USN-4587-1 + + + + + + + + + + + + + CVE-2014-6251 on Ubuntu 20.04 (focal) - medium. + Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-10-25 00:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6251.html + http://seclists.org/fulldisclosure/2014/Oct/29 + + + + + + + + + + CVE-2014-6300 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-11-08 11:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6300.html + http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php + + + + + + + + + + CVE-2014-6311 on Ubuntu 20.04 (focal) - low. + generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-22 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760709 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6311.html + + + + jdstrand> per Debian, not installed into the binary packages + + + + + + + + + CVE-2014-6393 on Ubuntu 20.04 (focal) - medium. + The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-09 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6393.html + + + + + + + + + + CVE-2014-7191 on Ubuntu 20.04 (focal) - medium. + The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array. It was discovered that the qs module in Node.js incorrectly handled inputs. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-10-19 01:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7191.html + https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8 + https://nodesecurity.io/advisories/qs_dos_memory_exhaustion + + + + ebarretto> This issue is actually for node-querystring. ebarretto> Somewhere along the line node-qs was born or forked from ebarretto> node-querystring which was deprecated. But now there are again ebarretto> new projects called querystring. Be careful when updating. ebarretto> Trusty's version is actually based on node-querystring. + + + + + + + + + CVE-2014-7217 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-10-03 01:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7217.html + http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php + https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961 + https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448 + + + + + + + + + + CVE-2014-7945 on Ubuntu 20.04 (focal) - medium. + OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-01-22 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7945.html + https://pdfium.googlesource.com/pdfium/+/767aebbef641a89498deebc29369a078207b4dcc + https://code.google.com/p/chromium/issues/detail?id=414310 + http://googlechromereleases.blogspot.com/2015/01/stable-update.html + + + + sbeattie> openjpeg2 refactored some of the code + + + + + + + + + + + + CVE-2014-7947 on Ubuntu 20.04 (focal) - medium. + OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-01-22 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7947.html + https://pdfium.googlesource.com/pdfium/+/66d6538c0a97cff550cafdfeaebe8a3f0efbad89 + https://code.google.com/p/chromium/issues/detail?id=430566 + http://googlechromereleases.blogspot.com/2015/01/stable-update.html + + + + mdeslaur> incomplete fix, see CVE-2016-4797 + + + + + + + + + + + + CVE-2014-8242 on Ubuntu 20.04 (focal) - low. + librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-10-26 17:59:00 UTC + Michael Samuel + https://github.com/librsync/librsync/issues/5 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8242.html + http://www.openwall.com/lists/oss-security/2014/10/12 + + + + ebarretto> Too intrusive to backport + + + + + + + + + CVE-2014-8326 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-11-05 11:55:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8326.html + + + + + + + + + + CVE-2014-8625 on Ubuntu 20.04 (focal) - low. + Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-01-20 15:59:00 UTC + Joshua Rogers + https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8625.html + http://openwall.com/lists/oss-security/2014/11/07/2 + http://openwall.com/lists/oss-security/2014/11/07/4 + + + + + + + + + + CVE-2014-8958 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-11-30 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8958.html + http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php + + + + + + + + + + CVE-2014-8959 on Ubuntu 20.04 (focal) - medium. + Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-11-30 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8959.html + http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php + + + + + + + + + + CVE-2014-8960 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-11-30 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8960.html + http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php + + + + + + + + + + CVE-2014-8961 on Ubuntu 20.04 (focal) - low. + Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-11-30 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8961.html + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + + + + + + + + + + CVE-2014-9114 on Ubuntu 20.04 (focal) - low. + Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-31 16:59:00 UTC + Sebastian Krahmer + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771274 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9114.html + http://www.openwall.com/lists/oss-security/2014/11/26/13 + + + + + + + + + + CVE-2014-9218 on Ubuntu 20.04 (focal) - medium. + libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-12-08 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9218.html + https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php + + + + + + + + + + CVE-2014-9219 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-12-08 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9219.html + https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2 + http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php + + + + + + + + + + CVE-2014-9235 on Ubuntu 20.04 (focal) - medium. + Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-12-03 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9235.html + http://seclists.org/fulldisclosure/2014/Nov/45 + https://github.com/jeroenrnl/zoph/issues/59 + + + + + + + + + + CVE-2014-9236 on Ubuntu 20.04 (focal) - low. + Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-12-03 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9236.html + http://seclists.org/fulldisclosure/2014/Nov/45 + https://github.com/jeroenrnl/zoph/issues/59 + + + + ebarretto> According to Debian: ebarretto> The SQL injection and XSS claims appear to be mostly unfounded. + + + + + + + + + CVE-2014-9390 on Ubuntu 20.04 (focal) - medium. + Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-12 02:15:00 UTC + 2014-12-19 + Matt Mackall and Augie Fackler + https://bugs.launchpad.net/ubuntu/+source/git/+bug/1404035 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9390.html + http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html + http://mercurial.selenic.com/wiki/WhatsNew#Mercurial_3.2.3_.282014-12-18.29 + http://article.gmane.org/gmane.linux.kernel/1853266 + https://developer.atlassian.com/blog/2014/12/securing-your-git-server/ + https://ubuntu.com/security/notices/USN-2470-1 + + + + kees> This CVE is about the git VCS. The "git" from hardy and earlier is not what was "git-core". jdstrand> Maverick and later renamed 'git-core' to 'git', so 'git' in these releases does refer to git VCS. jdstrand> initially marked 'low' since default filesystems on Ubuntu are case-sensitive, however file servers serving these reopositories to clients need to be patched, so upping to medium tyhicks> git upstream fixed a minor regression in the HFS+ .git filtering with commit 6aaf956b + + + + + + + + + + + + + + CVE-2014-9474 on Ubuntu 20.04 (focal) - low. + Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-10 01:30:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772008 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9474.html + https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9243 + + + + + + + + + + CVE-2014-9513 on Ubuntu 20.04 (focal) - medium. + Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772473 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9513.html + + + + + + + + + + CVE-2014-9556 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. It was discovered that cabextract incorrectly handled certain malformed CAB files. An attacker could use this issue to cause cabextract to hang, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-02-03 16:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772891 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773041 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9556.html + + + + + + + + + + + + + CVE-2014-9651 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-08-28 21:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775346 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9651.html + + + + + + + + + + CVE-2014-9761 on Ubuntu 20.04 (focal) - low. + Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Joseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). An attacker could use this to cause a denial of service (stack exhaustion leading to an application crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-04-19 21:59:00 UTC + 2016-04-19 + Joseph Myers + https://sourceware.org/bugzilla/show_bug.cgi?id=16962 + https://launchpad.net/bugs/1585614 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9761.html + http://www.openwall.com/lists/oss-security/2016/01/20/1 + https://ubuntu.com/security/notices/USN-2985-1 + https://ubuntu.com/security/notices/USN-2985-2 + + + + tyhicks> USN-2985-1 initially fixed this issue but it caused a regression and the change was backed out by USN-2985-2. This issue will be fixed in a future update. + + + + + + + + + CVE-2014-9911 on Ubuntu 20.04 (focal) - medium. + Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-04 20:59:00 UTC + 2017-01-04 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9911.html + http://bugs.icu-project.org/trac/ticket/10891 + http://www.openwall.com/lists/oss-security/2016/11/25/1 + https://ubuntu.com/security/notices/USN-3227-1 + + + + jdstrand> this was fixed in 54.0.1. chromium-browser has 56 now chrisccoulson> firefox has 56 at least since Firefox 50, and Thunderbird has 56 since at least 45.3 chrisccoulson> oxide has had 56.1 since at least 1.17 + + + + + + + + + + + + CVE-2014-9939 on Ubuntu 20.04 (focal) - negligible. + ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-03-21 06:59:00 UTC + 2017-03-21 + https://sourceware.org/bugzilla/show_bug.cgi?id=18750 + https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1476014 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9939.html + http://www.openwall.com/lists/oss-security/2015/07/31/6 + https://ubuntu.com/security/notices/USN-3367-1 + + + + sbeattie> issue is trapped by fortify source + + + + + + + + + CVE-2014-9970 on Ubuntu 20.04 (focal) - medium. + jasypt before 1.9.2 allows a timing attack against the password hash comparison. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-21 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9970.html + https://sourceforge.net/p/jasypt/code/668/ + + + + + + + + + + CVE-2015-0255 on Ubuntu 20.04 (focal) - medium. + X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-02-13 15:59:00 UTC + 2015-02-11 + mdeslaur + Olivier Fourdan + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0255.html + http://www.openwall.com/lists/oss-security/2015/02/10/18 + https://ubuntu.com/security/notices/USN-2500-1 + + + + + + + + + + CVE-2015-0852 on Ubuntu 20.04 (focal) - medium. + Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. It was discovered that FreeImage incorrectly handled certain PCX files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-09-29 18:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0852.html + https://marc.info/?l=oss-security&m=144073280200732&w=2 + http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.17&r2=1.18&pathrev=MAIN + http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.18&r2=1.19&pathrev=MAIN + + + + + + + + + + CVE-2015-1192 on Ubuntu 20.04 (focal) - medium. + Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-01-21 18:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774989 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1192.html + + + + + + + + + + CVE-2015-1193 on Ubuntu 20.04 (focal) - low. + Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-01-21 18:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774716 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1193.html + + + + + + + + + + CVE-2015-1194 on Ubuntu 20.04 (focal) - low. + pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-01-21 18:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774716 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1194.html + + + + + + + + + + CVE-2015-1273 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-07-23 00:59:00 UTC + https://code.google.com/p/chromium/issues/detail?id=459215 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1273.html + http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html + + + + tyhicks> There are large changes between openjpeg trunk and the 1.5 and 1.3 branches that we shipped in Vivid and older. However, it looks like those code bases are also affected because I don't see similar sanity checks. As of 2015-07-24, I don't see a fix in the 1.5 branch. + + + + + + + + + CVE-2015-1283 on Ubuntu 20.04 (focal) - medium. + Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. USN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-07-23 00:59:00 UTC + 2015-07-22 + https://code.google.com/p/chromium/issues/detail?id=492052 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793484 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1283.html + http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html + https://ubuntu.com/security/notices/USN-2677-1 + https://ubuntu.com/security/notices/USN-2726-1 + https://ubuntu.com/security/notices/USN-3013-1 + + + + + + + + + + + + + + + + + + CVE-2015-1336 on Ubuntu 20.04 (focal) - low. + The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-28 01:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html + http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/ + https://lists.nongnu.org/archive/html/man-db-announce/2016-12/msg00000.html + + + + + + + + + + CVE-2015-1370 on Ubuntu 20.04 (focal) - medium. + Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-01-27 20:04:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1370.html + https://nodesecurity.io/advisories/marked_vbscript_injection + https://github.com/chjj/marked/issues/492 + https://github.com/evilpacket/marked/commit/3c191144939107c45a7fa11ab6cb88be6694a1ba + http://www.openwall.com/lists/oss-security/2015/01/23/2 + + + + + + + + + + CVE-2015-1379 on Ubuntu 20.04 (focal) - low. + The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). It was discovered that socat incorrectly handled signals. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-08 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776234 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1379.html + + + + + + + + + + CVE-2015-1386 on Ubuntu 20.04 (focal) - medium. + Directory traversal vulnerability in unshield 1.0-1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776193 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1386.html + + + + + + + + + + CVE-2015-1419 on Ubuntu 20.04 (focal) - low. + Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-01-28 11:59:00 UTC + https://bugzilla.novell.com/show_bug.cgi?id=915522 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1419.html + http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00023.html + http://secunia.com/advisories/62415 + http://lists.opensuse.org/opensuse-updates/2015-01/msg00041.html + http://seclists.org/oss-sec/2015/q1/389 + + + + mdeslaur> man page says this isn't a security feature + + + + + + + + + CVE-2015-1426 on Ubuntu 20.04 (focal) - low. + Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-02-23 17:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778265 + https://tickets.puppetlabs.com/browse/FACT-800 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1426.html + http://puppetlabs.com/security/cve/cve-2015-1426 + + + + + + + + + + CVE-2015-1554 on Ubuntu 20.04 (focal) - medium. + kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776424 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1554.html + http://www.openwall.com/lists/oss-security/2015/02/07 + + + + + + + + + + CVE-2015-1832 on Ubuntu 20.04 (focal) - medium. + XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-10-03 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1832.html + http://www-01.ibm.com/support/docview.wss?uid=swg21990100 + https://issues.apache.org/jira/browse/DERBY-6807 + https://svn.apache.org/viewvc?view=revision&revision=1691461 + + + + + + + + + + CVE-2015-1872 on Ubuntu 20.04 (focal) - low. + The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-07-26 22:59:00 UTC + 2015-07-26 + Mateusz Jurczyk and Gynvael Coldwind + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1872.html + https://ubuntu.com/security/notices/USN-2944-1 + + + + mdeslaur> as of 2016-03-11, doesn't look fixed in libav ebarretto> as of 2018-09-27, the fix is only available in libav 0.8.x ebarretto> the fix was not backported or applied to any other version ebarretto> so considered ignored for trusty's version. + + + + + + + + + CVE-2015-2060 on Ubuntu 20.04 (focal) - low. + cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash. It was discovered that cabextract incorrectly handled certain malformed CAB files. A remote attacker could use this issue to write to arbitrary files on the host filesystem. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-29 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778753 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2060.html + http://www.openwall.com/lists/oss-security/2015/02/18/3 + + + + + + + + + + CVE-2015-2156 on Ubuntu 20.04 (focal) - medium. + Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796114 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793770 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646523 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2156.html + http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html + https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass + http://engineering.linkedin.com/security/look-netty%E2%80%99s-recent-security-update-cve%C2%AD-2015%C2%AD-2156 + https://github.com/slandelle/netty/commit/800555417e77029dcf8a31d7de44f27b5a8f79b8 + + + + + + + + + + CVE-2015-2206 on Ubuntu 20.04 (focal) - low. + libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-03-09 17:59:00 UTC + Jian Jiang and Xiaofeng Zheng + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2206.html + http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php + + + + tyhicks> "Versions 4.0.x (prior to 4.0.10.9), 4.2.x (prior to 4.2.13.2) and 4.3.x (prior to 4.3.11.1) are affected." + + + + + + + + + CVE-2015-2305 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. It was discovered that regcomp implementation has a buffer overflow that affects vigor. An attacker could use this vulnerability to cause a denial of service (crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-03-30 10:59:00 UTC + 2015-03-30 + https://bugs.php.net/bug.php?id=69248 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778404 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778392 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778391 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778393 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778410 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778403 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778389 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406 (clamav) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778413 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778398 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778394 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778396 (cups) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778393 (llvm-toolchain-3.6) + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2305.html + http://www.kb.cert.org/vuls/id/695940 + https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ + https://ubuntu.com/security/notices/USN-2572-1 + https://ubuntu.com/security/notices/USN-2594-1 + + + + + + + + + + + + + + + + + CVE-2015-2704 on Ubuntu 20.04 (focal) - medium. + realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. It was discovered that realmd incorrectly handled newline characters in LDAP responses. A remote attacker could possible use this to inject arbitrary sssd.conf configuration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-05-18 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781179 + https://bugs.freedesktop.org/show_bug.cgi?id=89207 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2704.html + https://bugs.freedesktop.org/show_bug.cgi?id=89207 + + + + sbeattie> no fix available upstream as 2015.03.26 msalvatore> fix released 2015.04.14 + + + + + + + + + CVE-2015-2785 on Ubuntu 20.04 (focal) - low. + The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-03-29 21:59:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=852481 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778261 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2785.html + http://www.openwall.com/lists/oss-security/2015/02/06/11 + + + + + + + + + + CVE-2015-3008 on Ubuntu 20.04 (focal) - medium. + Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-04-10 15:00:00 UTC + Maciej Szmigiero + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3008.html + http://downloads.asterisk.org/pub/security/AST-2015-003.html + https://issues.asterisk.org/jira/browse/ASTERISK-24847 + http://www.securitytracker.com/id/1032052 + http://seclists.org/fulldisclosure/2015/Apr/22 + http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html + + + + + + + + + + CVE-2015-3156 on Ubuntu 20.04 (focal) - medium. + The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-11 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3156.html + https://bugzilla.redhat.com/show_bug.cgi?id=1216073#c1 + + + + + + + + + + CVE-2015-3192 on Ubuntu 20.04 (focal) - low. + Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-07-12 19:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796137 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3192.html + https://pivotal.io/security/cve-2015-3192 + https://jira.spring.io/browse/SPR-13136 + + + + + + + + + + CVE-2015-3200 on Ubuntu 20.04 (focal) - low. + mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-06-09 14:59:00 UTC + http://redmine.lighttpd.net/issues/2646 + https://web.archive.org/web/20160907194723/http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3200.html + http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html + + + + + + + + + + CVE-2015-3225 on Ubuntu 20.04 (focal) - low. + lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. It was discovered that Rack incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-07-26 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3225.html + http://www.openwall.com/lists/oss-security/2015/06/16/14 + + + + + + + + + + CVE-2015-3239 on Ubuntu 20.04 (focal) - low. + Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-08-26 19:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790830 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3239.html + http://savannah.nongnu.org/bugs/?45276 + http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1 + + + + seth-arnold> I saw nothing in callers of this macro that would prevent less-than-zero accesses: input params were sometimes integers, sometimes harder to determine the type. Debian codesearch shows many duplications of the <= mistake with dwarf_to_unw_regnum arrays in other files, not just the one dwarf_i.h. + + + + + + + + + + + + + CVE-2015-3245 on Ubuntu 20.04 (focal) - low. + Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field. It was discovered that libuser has incomplete blacklist vulnerability. A local user could use it to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-08-11 14:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793465 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3245.html + + + + + + + + + + CVE-2015-3246 on Ubuntu 20.04 (focal) - medium. + libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges. It was discovered that libuser has incomplete blacklist vulnerability. A local user could use it to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-08-11 14:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793465 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3246.html + + + + + + + + + + CVE-2015-3248 on Ubuntu 20.04 (focal) - low. + openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-26 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789543 + http://sourceforge.net/p/openhpi/bugs/1883/ + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3248.html + https://bugzilla.redhat.com/show_bug.cgi?id=1233520 + http://openhpi.org/Changelogs/3.6.0 + + + + sbeattie> directory is world-readable but not world-writable in debian/ubuntu. + + + + + + + + + CVE-2015-3253 on Ubuntu 20.04 (focal) - medium. + The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-08-13 14:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793397 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793398 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3253.html + http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html + http://groovy-lang.org/security.html + + + + ebarretto> groovy in Xenial is currently FTBFS. Also there's no more support ebarretto> from upstream to that version (1.8.6) + + + + + + + + + CVE-2015-3416 on Ubuntu 20.04 (focal) - low. + The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-04-24 17:59:00 UTC + 2015-04-24 + mdeslaur + Michal Zalewski + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783968 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3416.html + http://seclists.org/fulldisclosure/2015/Apr/31 + https://ubuntu.com/security/notices/USN-2698-1 + + + + msalvatore> Some patches from the fix can be applied to the sqlite package. Marking this as needed. + + + + + + + + + + + + CVE-2015-3885 on Ubuntu 20.04 (focal) - negligible. + Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. It was discovered that FreeImage incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause FreeImage to crash, resulting in a denial of service, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2015 Canonical Ltd. + 2015-05-19 18:59:00 UTC + 2015-05-19 + mdeslaur + Eduardo Castellanos + https://bugzilla.redhat.com/show_bug.cgi?id=1221249 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785019 (dcraw) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767180 (kodi) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786788 (libraw) + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3885.html + http://www.ocert.org/advisories/ocert-2015-006.html + https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start + https://ubuntu.com/security/notices/USN-3492-1 + + + + + + + + + + + + + + + + + CVE-2015-3902 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-05-26 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3902.html + + + + + + + + + + CVE-2015-3903 on Ubuntu 20.04 (focal) - medium. + libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-05-26 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3903.html + + + + + + + + + + CVE-2015-3908 on Ubuntu 20.04 (focal) - medium. + Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-08-12 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3908.html + http://www.openwall.com/lists/oss-security/2015/07/14/4 + + + + + + + + + + CVE-2015-4556 on Ubuntu 20.04 (focal) - medium. + The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-29 14:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788833 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4556.html + http://www.openwall.com/lists/oss-security/2015/06/15/1 + http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html + + + + sbeattie> will be fixed upstream in 4.10 + + + + + + + + + CVE-2015-4707 on Ubuntu 20.04 (focal) - low. + Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-20 18:29:00 UTC + Ahmad Khan + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4707.html + http://www.openwall.com/lists/oss-security/2015/06/22/4 + + + + tyhicks> It isn't clear if iPython versions less than 2.0 are affected debian> Problematic code introduced in rel-2.0.0 + + + + + + + + + CVE-2015-4852 on Ubuntu 20.04 (focal) - low. + The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-11-18 15:59:00 UTC + https://bugs.launchpad.net/ubuntu/+source/libcommons-collections3-java/+bug/1514985 + https://bugzilla.redhat.com/show_bug.cgi?id=1279330 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4852.html + https://issues.apache.org/jira/browse/COLLECTIONS-580 + http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ + http://www.openwall.com/lists/oss-security/2015/11/09/1 + http://www.infoq.com/news/2015/11/commons-exploit + https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread + https://www.kb.cert.org/vuls/id/576313 + https://access.redhat.com/solutions/2045023 + + + + sbeattie> according to infoq article and digging through openjdk source, there is at least an embedded copy of xalan xslt in openjdk which is also vulnerable, though it may be just an example of a target class to overwrite via desrialization. sbeattie> same as above for libxalan2-java mdeslaur> This CVE was originally assigned to Oracle WebLogic, and then mdeslaur> was subsequently used by IBM Websphere. It has been proposed to mdeslaur> use it for commons-collections. See: mdeslaur> http://www.openwall.com/lists/oss-security/2015/11/15/1 mdeslaur> Red Hat has assigned CVE-2015-7501 to the issue in mdeslaur> JBoss Middleware Suite mdeslaur> as of 2018-09-19, no indication that this is being fixed in mdeslaur> openjdk, or if it is an issue at all. Marking as ignored. + + + + + + + + + + + + + CVE-2015-4901 on Ubuntu 20.04 (focal) - medium. + Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-10-22 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4901.html + + + + + + + + + + CVE-2015-4906 on Ubuntu 20.04 (focal) - medium. + Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-10-22 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4906.html + + + + + + + + + + CVE-2015-4908 on Ubuntu 20.04 (focal) - medium. + Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-10-22 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4908.html + + + + + + + + + + CVE-2015-4916 on Ubuntu 20.04 (focal) - medium. + Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-10-22 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4916.html + + + + + + + + + + CVE-2015-5168 on Ubuntu 20.04 (focal) - low. + Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5168.html + http://mail-archives.us.apache.org/mod_mbox/www-announce/201509.mbox/%3CCABF6JR2j5vesvnjbm6sDPB_zAGj3kNgzzHEpLUh6dWG6t8mC2w@mail.gmail.com%3E + + + + + + + + + + CVE-2015-5179 on Ubuntu 20.04 (focal) - low. + FreeIPA might display user data improperly via vectors involving non-printable characters. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-20 16:29:00 UTC + https://fedorahosted.org/freeipa/ticket/5153 + https://bugzilla.redhat.com/show_bug.cgi?id=1252567 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5179.html + + + + ebarretto> According to ticket 5153 on Fedora, there won't be a fix. + + + + + + + + + CVE-2015-5191 on Ubuntu 20.04 (focal) - low. + VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-28 21:29:00 UTC + Florian Weimer + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869633 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5191.html + + + + mdeslaur> probably DoS only with symlink restrictions + + + + + + + + + CVE-2015-5206 on Ubuntu 20.04 (focal) - low. + Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5206.html + http://mail-archives.us.apache.org/mod_mbox/www-announce/201509.mbox/%3CCABF6JR2j5vesvnjbm6sDPB_zAGj3kNgzzHEpLUh6dWG6t8mC2w@mail.gmail.com%3E + + + + + + + + + + CVE-2015-5211 on Ubuntu 20.04 (focal) - medium. + Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. Alvaro Muñoz discovered that Spring Framework incorrectly handled certain URLs. A remote attacker could possibly use this issue to cause a reflected file download. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-25 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5211.html + https://jira.spring.io/browse/SPR-13548 + https://github.com/spring-projects/spring-framework/commit/2bd1da + https://github.com/spring-projects/spring-framework/commit/a95c3d + https://github.com/spring-projects/spring-framework/commit/03f547 + https://pivotal.io/security/cve-2015-5211 + + + + + + + + + + CVE-2015-5218 on Ubuntu 20.04 (focal) - low. + Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-11-09 16:59:00 UTC + Alaa Mubaied + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798067 + https://bugzilla.redhat.com/show_bug.cgi?id=1259322 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5218.html + + + + sbeattie> fixed in util-linux, but debian/ubuntu util-linux does not ship colcrt + + + + + + + + + CVE-2015-5237 on Ubuntu 20.04 (focal) - low. + protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-25 17:29:00 UTC + Florian Weimer + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5237.html + https://github.com/google/protobuf/issues/760 + + + + seth-arnold> No fix as of 2015-08-27, since the message parsing limit defaults to 64 megabytes a software author would have to change the limit in order to handle larger messages anyway, and is thus unlikely to generate these messages in the short-term. (There is no actual limit on generation, so this might be an issue today -- it is just not a priority for the maintainer.) + + + + + + + + + CVE-2015-5262 on Ubuntu 20.04 (focal) - medium. + http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. It was discovered that Apache Commons HttpClient did not properly handle read timeouts during HTTPS handshakes. A remote attacker could trigger this flaw to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-10-27 16:59:00 UTC + 2015-09-30 + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798650 + https://bugzilla.redhat.com/show_bug.cgi?id=1259892 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5262 + https://issues.apache.org/jira/browse/HTTPCLIENT-1478 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5262.html + https://bugzilla.redhat.com/show_bug.cgi?id=1261538 + https://ubuntu.com/security/notices/USN-2769-1 + + + + mdeslaur> introduced in httpcomponents-client 4.3.0 + + + + + + + + + + + + CVE-2015-5276 on Ubuntu 20.04 (focal) - low. + The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-11-17 15:59:00 UTC + Lee Clagett + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5276.html + https://gcc.gnu.org/ml/gcc-patches/2015-09/msg01050.html + + + + tyhicks> Note that upstream revision 227687 is incomplete/incorrect. See msg01050.html for a more complete patch that is undergoing review. tyhicks> In gcc-4.7 through gcc-4.8, the code in question exists at libstdc++-v3/include/tr1/random.h and libstdc++-v3/include/bits/random.h tyhicks> In gcc-4.4, the code in question exists at libstdc++-v3/include/tr1_impl/random sbeattie> Note that for versions where the random_device() code in question is in a header file, means that it's compiled into the binaries built against libstdc++, which would need to be rebuilt to get the fixed version. sbeattie> upstream commits (so far) are listed under gcc-snapshots package. Corresponding git commits are: 84bb4e67d45a8921cedd2ef64fe3cffd9ee72f44 8efb09c4325785a5e7d11d05c5aadc74d2a49887 fd16f36d1986fbbb9f802b3649e543f3f41227ea sbeattie> gcc-opt is just a wrapper around gcc, not affected + + + + + + + + + + + + + + + CVE-2015-5395 on Ubuntu 20.04 (focal) - medium. + Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-20 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5395.html + http://www.openwall.com/lists/oss-security/2015/07/07/10 + http://www.sogo.nu/bugs/view.php?id=3246 + + + + + + + + + + CVE-2015-5607 on Ubuntu 20.04 (focal) - low. + Cross-site request forgery in the REST API in IPython 2 and 3. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-20 16:29:00 UTC + Ahmad Khan + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793123 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5607.html + http://www.openwall.com/lists/oss-security/2015/07/12/4 + + + + + + + + + + CVE-2015-6240 on Ubuntu 20.04 (focal) - medium. + The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-07 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6240.html + http://www.openwall.com/lists/oss-security/2015/07/14/3 + + + + tyhicks> Fixed upstream in 1.9.2 + + + + + + + + + CVE-2015-6644 on Ubuntu 20.04 (focal) - low. + Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-01-06 19:59:00 UTC + 2016-01-06 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6644.html + https://ubuntu.com/security/notices/USN-3727-1 + + + + + + + + + + CVE-2015-6748 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. It was discovered that jsoup improperly handled certain HTML tags. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-25 17:29:00 UTC + mikesalvatore + Tommy Johansen + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6748.html + https://github.com/jhy/jsoup/pull/582 + https://hibernate.atlassian.net/browse/HV-1012 + https://issues.jboss.org/browse/WFLY-5223 + http://www.openwall.com/lists/oss-security/2015/08/28/3 + + + + + + + + + + CVE-2015-6816 on Ubuntu 20.04 (focal) - medium. + ganglia-web before 3.7.1 allows remote attackers to bypass authentication. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-09 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798213 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6816.html + http://www.openwall.com/lists/oss-security/2015/09/04/2 + https://github.com/ganglia/ganglia-web/issues/267 + + + + sbeattie> web interface moved out of ganglia and into ganglia-web in 3.6.0-1 + + + + + + + + + CVE-2015-6925 on Ubuntu 20.04 (focal) - medium. + wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-01-22 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801120 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6925.html + + + + + + + + + + CVE-2015-6938 on Ubuntu 20.04 (focal) - low. + Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-09-21 19:59:00 UTC + Juan Broullón + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6938.html + + + + tyhicks> "Affected versions: 0.12 <= version <= 4.0" + + + + + + + + + CVE-2015-7313 on Ubuntu 20.04 (focal) - negligible. + LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-03-17 14:59:00 UTC + Gustavo Grieco + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800124 + http://bugzilla.maptools.org/show_bug.cgi?id=2524 (old) + https://gitlab.com/libtiff/libtiff/issues/59 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7313.html + https://marc.info/?l=oss-security&m=144284777006804&w=2 + + + + mdeslaur> as of 2021-02-24, no upstream fix sbeattie> likely fixed in upstream 4.0.7 release sbeattie> reproducer in oss-security post + + + + + + + + + CVE-2015-7559 on Ubuntu 20.04 (focal) - medium. + It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-01 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7559.html + https://issues.apache.org/jira/browse/AMQ-6470 + + + + + + + + + + CVE-2015-7686 on Ubuntu 20.04 (focal) - low. + Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-10-06 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7686.html + http://www.openwall.com/lists/oss-security/2015/10/02/13 + http://www.openwall.com/lists/oss-security/2015/09/27/1 + + + + + + + + + + CVE-2015-7700 on Ubuntu 20.04 (focal) - low. + Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-31 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7700.html + http://pmt.sourceforge.net/pngcrush/changelog.html + https://sourceforge.net/p/pmt/news/2015/10/pngcrush-1787-released/ + + + + + + + + + + CVE-2015-7810 on Ubuntu 20.04 (focal) - low. + libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-22 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7810.html + http://www.openwall.com/lists/oss-security/2015/10/12 + + + + + + + + + + CVE-2015-8077 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-12-03 20:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8077.html + + + + + + + + + + CVE-2015-8078 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-12-03 20:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8078.html + + + + + + + + + + CVE-2015-8106 on Ubuntu 20.04 (focal) - medium. + Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-04-18 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8106.html + http://sourceforge.net/p/latex2rtf/code/1152/tree//trunk/funct1.c?diff=50900fed34309d3c639c868f:1151 + + + + + + + + + + CVE-2015-8239 on Ubuntu 20.04 (focal) - low. + The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-10 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8239.html + http://www.openwall.com/lists/oss-security/2015/11/10/2 + https://www.sudo.ws/stable.html#1.8.16 + + + + sbeattie> command digests are available only in 1.8.7 and higher + + + + + + + + + CVE-2015-8366 on Ubuntu 20.04 (focal) - low. + Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-14 16:15:00 UTC + 2015-12-02 + mdeslaur + ChenQin + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8366.html + https://ubuntu.com/security/notices/USN-3492-1 + + + + + + + + + + + + + + + + + CVE-2015-8367 on Ubuntu 20.04 (focal) - low. + The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-14 16:15:00 UTC + 2015-12-02 + mdeslaur + ChenQin + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8367.html + https://ubuntu.com/security/notices/USN-3492-1 + + + + + + + + + + + + + + + CVE-2015-8396 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow. It was discovered that GDCM incorrectly handled certain DICOM image files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-01-12 20:59:00 UTC + Stelios Tsampas + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8396.html + http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/ + + + + + + + + + + CVE-2015-8397 on Ubuntu 20.04 (focal) - low. + The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read. It was discovered that GDCM incorrectly handled certain DICOM image files. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information from process memory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-01-12 20:59:00 UTC + Stelios Tsampas + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8397.html + http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/ + + + + + + + + + + CVE-2015-8547 on Ubuntu 20.04 (focal) - medium. + The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-01-08 19:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807801 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8547.html + http://www.openwall.com/lists/oss-security/2015/12/12/1 + + + + + + + + + + CVE-2015-8553 on Ubuntu 20.04 (focal) - medium. + Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-04-13 15:59:00 UTC + https://launchpad.net/bugs/1530958 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8553.html + http://xenbits.xen.org/xsa/advisory-120.html + http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention) + + + + mdeslaur> see version 5 of XSA-120 advisory for updates patches sbeattie> deferring as it introduced problems with some QEMU setups sbeattie> first fix is af6fc858a35b90e89ea7a7ee58e66628c55c776b; the regression fix doesn't seem to have made it upstream sbeattie> description is incorrect, the incomplete fix is to CVE-2015-2150 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2015-8559 on Ubuntu 20.04 (focal) - medium. + The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-21 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8559.html + https://github.com/chef/chef/issues/3871 + http://www.openwall.com/lists/oss-security/2015/12/14/10 + + + + + + + + + + CVE-2015-8614 on Ubuntu 20.04 (focal) - medium. + Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-04-11 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8614.html + http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82 (3.13.1) + http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=e3ffcb455e0376053451ce968e6c71ef37708222 (not yet in tagged release) + http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557 + http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3584 + https://bugs.gentoo.org/show_bug.cgi?id=569010 + + + + + + + + + + CVE-2015-8669 on Ubuntu 20.04 (focal) - negligible. + libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2015 Canonical Ltd. + 2015-12-26 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8669.html + https://www.phpmyadmin.net/security/PMASA-2015-6/ + https://github.com/phpmyadmin/phpmyadmin/commit/c4d649325b25139d7c097e56e2e46cc7187fae45 + + + + sbeattie> install path location disclosure, already widely known for packaged versions + + + + + + + + + CVE-2015-8697 on Ubuntu 20.04 (focal) - medium. + stalin 0.11-5 allows local users to write to arbitrary files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-27 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808730 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8697.html + http://www.openwall.com/lists/oss-security/2015/12/27/1 + + + + + + + + + + CVE-2015-8786 on Ubuntu 20.04 (focal) - negligible. + The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-09 20:59:00 UTC + https://github.com/rabbitmq/rabbitmq-management/issues/97 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8786.html + http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_1 + + + + + + + + + + CVE-2015-8854 on Ubuntu 20.04 (focal) - medium. + The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8854.html + https://nodesecurity.io/advisories/marked_redos + https://github.com/chjj/marked/issues/497 + + + + + + + + + + CVE-2015-8855 on Ubuntu 20.04 (focal) - medium. + The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8855.html + https://nodesecurity.io/advisories/semver_redos + https://github.com/npm/npm/releases/tag/v2.7.5 + + + + + + + + + + CVE-2015-8856 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8856.html + https://nodesecurity.io/advisories/serve-static-xss + https://github.com/expressjs/serve-index/issues/28 + + + + + + + + + + CVE-2015-8857 on Ubuntu 20.04 (focal) - medium. + The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8857.html + https://nodesecurity.io/advisories/39 + http://www.openwall.com/lists/oss-security/2016/04/20/11 + https://nodesecurity.io/advisories/39 + http://www.openwall.com/lists/oss-security/2016/04/20/11 + + + + + + + + + + CVE-2015-8858 on Ubuntu 20.04 (focal) - medium. + The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8858.html + + + + + + + + + + CVE-2015-8859 on Ubuntu 20.04 (focal) - low. + The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8859.html + http://www.openwall.com/lists/oss-security/2016/04/20/11 + https://nodesecurity.io/advisories/56 + + + + + + + + + + CVE-2015-8860 on Ubuntu 20.04 (focal) - medium. + The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. It was discovered that node-tar mishandled certain tar archives. An attacker could use this vulnerability to write arbitrary files to the filesystem. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + mikesalvatore + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8860.html + + + + + + + + + + CVE-2015-8869 on Ubuntu 20.04 (focal) - medium. + OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function. It was discovered that OCaml mishandled sign extensions. A remote attacker could use this vulnerability to steal sensitive information, cause a denial of service (crash), or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-13 19:59:00 UTC + 2016-06-13 + mdeslaur + Radek Micek + http://caml.inria.fr/mantis/view.php?id=7003 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8869.html + http://www.openwall.com/lists/oss-security/2016/04/29/1 + https://ubuntu.com/security/notices/USN-3437-1 + + + + msalvatore> binaries built with ocamlopt will need to be rebuilt after a system upgrade + + + + + + + + + CVE-2015-8972 on Ubuntu 20.04 (focal) - negligible. + Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8972.html + http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html + http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134 + + + + + + + + + + CVE-2015-8981 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size. Hanno Böck discovered that PoDoFo mishandled certain crafted PDF files, resulting in a heap-based buffer overflow. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-16 15:59:00 UTC + Hanno Böck + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8981.html + https://marc.info/?l=oss-security&m=148601605717859&w=2 + + + + + + + + + + CVE-2015-8985 on Ubuntu 20.04 (focal) - negligible. + The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-03-20 16:59:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=21163 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8985.html + + + + sbeattie> PoC testcase in upstream bug report sbeattie> fix commit possibly introduced regression addressed by bc680b336971305cb39896b30d72dc7101b62242 + + + + + + + + + CVE-2015-9019 on Ubuntu 20.04 (focal) - low. + In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-05 21:59:00 UTC + Fernando Arnaboldi + https://bugzilla.gnome.org/show_bug.cgi?id=758400 + https://bugzilla.suse.com/show_bug.cgi?id=934119 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9019.html + + + + sbeattie> upstream fixed this for xsltproc, but libxslt remains unfixed sbeattie> not clear what the security impact of this is + + + + + + + + + CVE-2015-9099 on Ubuntu 20.04 (focal) - medium. + The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate. It was discovered that LAME incorrectly handled certain audio files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-25 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9099.html + http://www.openwall.com/lists/oss-security/2015/02/12/8 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959 + + + + ratliff> fixed via 001-Add-check-for-invalid-input-sample-rate.patch + + + + + + + + + CVE-2015-9100 on Ubuntu 20.04 (focal) - medium. + The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. It was discovered that LAME incorrectly handled certain audio files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-25 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777160 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9100.html + http://www.openwall.com/lists/oss-security/2015/02/12/8 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777160 + + + + ratliff> fixed via 0001-Add-check-for-invalid-input-sample-rate.patch + + + + + + + + + CVE-2015-9101 on Ubuntu 20.04 (focal) - medium. + The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. It was discovered that LAME incorrectly handled certain audio files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-25 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777161 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9101.html + http://www.openwall.com/lists/oss-security/2015/02/12/8 + https://blogs.gentoo.org/ago/2017/06/17/lame-heap-based-buffer-overflow-in-fill_buffer_resample-util-c/ + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777161 + + + + ratliff> fixed via 0001-Add-check-for-invalid-input-sample-rate.patch + + + + + + + + + CVE-2015-9267 on Ubuntu 20.04 (focal) - medium. + Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. It was discovered that NSIS incorrectly handled temporary folders. An attacker could possibly use this issue to execute arbitrary commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-01 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9267.html + https://sourceforge.net/p/nsis/bugs/1125/ + + + + + + + + + + CVE-2015-9268 on Ubuntu 20.04 (focal) - medium. + Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. It was discovered that NSIS incorrectly handled temporary folders. An attacker could possibly use this issue to execute arbitrary commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-01 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9268.html + https://sourceforge.net/p/nsis/bugs/1125/ + + + + + + + + + + CVE-2015-9275 on Ubuntu 20.04 (focal) - low. + ARC 5.21q allows directory traversal via a full pathname in an archive file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-07 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774527 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9275.html + https://bugs.debian.org/774527 + https://bugzilla.redhat.com/show_bug.cgi?id=1179142 + + + + + + + + + + CVE-2015-9284 on Ubuntu 20.04 (focal) - medium. + The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9284.html + https://github.com/omniauth/omniauth-rails/pull/1 + https://github.com/omniauth/omniauth/pull/809 + https://www.openwall.com/lists/oss-security/2015/05/26/11 + + + + + + + + + + CVE-2015-9541 on Ubuntu 20.04 (focal) - low. + Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-24 22:15:00 UTC + https://bugreports.qt.io/browse/QTBUG-47417 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9541.html + + + + + + + + + + + + + + CVE-2015-9543 on Ubuntu 20.04 (focal) - low. + An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-19 03:15:00 UTC + https://launchpad.net/bugs/1492140 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951635 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-9543.html + https://review.opendev.org/220622 + + + + + + + + + + CVE-2016-0718 on Ubuntu 20.04 (focal) - medium. + Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-05-26 16:59:00 UTC + 2016-05-17 19:00:00 UTC + mdeslaur + Gustavo Grieco + 2016-05-17 19:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0718.html + https://ubuntu.com/security/notices/USN-2983-1 + https://ubuntu.com/security/notices/USN-3013-1 + https://ubuntu.com/security/notices/USN-3044-1 + + + + ebarretto> tla uses system expat as of 1.3.5+dfsg-15 + + + + + + + + + + + + + + + + + + CVE-2016-0741 on Ubuntu 20.04 (focal) - medium. + slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-04-19 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0741.html + https://rhn.redhat.com/errata/RHSA-2016-0204.html + + + + leosilva> code is quite different in trusty than patch, probably a trick backport. ebarretto> only affects 1.3.4 and up + + + + + + + + + CVE-2016-0772 on Ubuntu 20.04 (focal) - medium. + The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-02 14:59:00 UTC + 2016-09-02 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0772.html + http://www.openwall.com/lists/oss-security/2016/06/14/9 + https://ubuntu.com/security/notices/USN-3134-1 + + + + sbeattie> issue is fixed for xenial/python3.5 and xenial/python2.7 for packages in xenial-updates, but not xenial-security + + + + + + + + + CVE-2016-1000002 on Ubuntu 20.04 (focal) - low. + gdm3 3.14.2 and possibly later has an information leak before screen lock + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-05 14:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1391126 + https://bugzilla.gnome.org/show_bug.cgi?id=753678 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000002.html + + + + mdeslaur> as of 2020-10-21, there is no upstream fix for this issue + + + + + + + + + CVE-2016-1000027 on Ubuntu 20.04 (focal) - negligible. + Pivotal Spring Framework 4.1.4 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-01-02 23:15:00 UTC + Jacob Baines + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000027.html + https://www.tenable.com/security/research/tra-2016-20 + + + + seth-arnold> Unsafe java deserialization, appears disputed by Pivotal + + + + + + + + + CVE-2016-1000104 on Ubuntu 20.04 (focal) - untriaged. + A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000104.html + https://marc.info/?l=oss-security&m=146885145004975&w=2 + + + + + + + + + + CVE-2016-1000108 on Ubuntu 20.04 (focal) - low. + yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-10 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000108.html + https://marc.info/?l=oss-security&m=146885145004975&w=2 + + + + + + + + + + CVE-2016-1000110 on Ubuntu 20.04 (focal) - medium. + The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-27 17:15:00 UTC + 2016-07-25 + Rémi Rampin + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000110.html + https://bugs.python.org/issue27568 + https://ubuntu.com/security/notices/USN-3134-1 + + + + sbeattie> may also need patches from https://bugs.python.org/issue26804 + + + + + + + + + CVE-2016-1000236 on Ubuntu 20.04 (focal) - negligible. + Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-11-19 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838618 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000236.html + https://nodesecurity.io/advisories/134 + + + + + + + + + + CVE-2016-1000338 on Ubuntu 20.04 (focal) - medium. + In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-01 20:29:00 UTC + 2018-06-01 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000338.html + https://ubuntu.com/security/notices/USN-3727-1 + + + + + + + + + + CVE-2016-1000339 on Ubuntu 20.04 (focal) - medium. + In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 13:29:00 UTC + 2018-06-04 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000339.html + https://ubuntu.com/security/notices/USN-3727-1 + + + + + + + + + + CVE-2016-1000340 on Ubuntu 20.04 (focal) - medium. + In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000340.html + + + + leosilva> trusty is not-affected. Vulnerable code was introduced later. + + + + + + + + + CVE-2016-1000341 on Ubuntu 20.04 (focal) - medium. + In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 13:29:00 UTC + 2018-06-04 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000341.html + https://ubuntu.com/security/notices/USN-3727-1 + + + + + + + + + + CVE-2016-1000342 on Ubuntu 20.04 (focal) - medium. + In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 13:29:00 UTC + 2018-06-04 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000342.html + https://ubuntu.com/security/notices/USN-3727-1 + + + + + + + + + + CVE-2016-1000343 on Ubuntu 20.04 (focal) - medium. + In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 13:29:00 UTC + 2018-06-04 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000343.html + https://ubuntu.com/security/notices/USN-3727-1 + + + + + + + + + + CVE-2016-1000344 on Ubuntu 20.04 (focal) - medium. + In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000344.html + + + + mdeslaur> This is an intrusive change to introduce to Ubuntu 14.04 LTS. mdeslaur> Marking as ignored. + + + + + + + + + CVE-2016-1000345 on Ubuntu 20.04 (focal) - medium. + In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 21:29:00 UTC + 2018-06-04 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000345.html + https://ubuntu.com/security/notices/USN-3727-1 + + + + + + + + + + CVE-2016-1000346 on Ubuntu 20.04 (focal) - medium. + In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 21:29:00 UTC + 2018-06-04 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000346.html + https://ubuntu.com/security/notices/USN-3727-1 + + + + + + + + + + CVE-2016-1000352 on Ubuntu 20.04 (focal) - medium. + In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000352.html + + + + mdeslaur> This is an intrusive change to introduce to Ubuntu 14.04 LTS. mdeslaur> Marking as ignored. + + + + + + + + + CVE-2016-10026 on Ubuntu 20.04 (focal) - medium. + ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-13 18:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10026.html + http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/ + http://www.openwall.com/lists/oss-security/2016/12/20/7 + + + + + + + + + + CVE-2016-10030 on Ubuntu 20.04 (focal) - medium. + The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 ("success") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-05 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10030.html + https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee + https://www.schedmd.com/news.php?id=178 + + + + + + + + + + CVE-2016-10033 on Ubuntu 20.04 (focal) - medium. + The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-30 19:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10033.html + https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html + https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html + http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html + http://seclists.org/fulldisclosure/2016/Dec/78 + https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html + https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 + https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities + https://www.drupal.org/psa-2016-004 + https://www.exploit-db.com/exploits/40968/ + https://www.exploit-db.com/exploits/40970/ + + + + + + + + + + CVE-2016-10040 on Ubuntu 20.04 (focal) - low. + Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-07 15:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850954 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851058 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10040.html + http://www.openwall.com/lists/oss-security/2016/12/24/1 + + + + + + + + + + CVE-2016-10045 on Ubuntu 20.04 (focal) - medium. + The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-30 19:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10045.html + https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html + http://openwall.com/lists/oss-security/2016/12/28/1 + http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html + http://seclists.org/fulldisclosure/2016/Dec/81 + https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html + https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20 + https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities + https://www.exploit-db.com/exploits/40969/ + + + + sbeattie> update from debian resulted in a regression fix (5.2.14+dfsg-2.2) + + + + + + + + + CVE-2016-10074 on Ubuntu 20.04 (focal) - medium. + The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-30 19:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849626 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10074.html + https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html + http://packetstormsecurity.com/files/140290/SwiftMailer-Remote-Code-Execution.html + http://seclists.org/fulldisclosure/2016/Dec/86 + https://github.com/swiftmailer/swiftmailer/blob/5.x/CHANGES + https://www.exploit-db.com/exploits/40972/ + + + + + + + + + + CVE-2016-10087 on Ubuntu 20.04 (focal) - low. + The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-30 22:59:00 UTC + 2017-01-30 + Patrick Keshishian + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10087.html + https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba + https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb (libpng16) + https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ (libpng12) + http://www.openwall.com/lists/oss-security/2016/12/30/4 + https://ubuntu.com/security/notices/USN-3712-1 + https://ubuntu.com/security/notices/USN-3712-2 + + + + ratliff> "has existed in libpng since version 0.71 of June 26, 1995" chrisccoulson> Looks like this code is #ifdef'd out of Firefox and Thunderbirdhidden because it's behind a PNG_TEXT_SUPPORTED define, which isn't enabled + + + + + + + + + CVE-2016-10122 on Ubuntu 20.04 (focal) - medium. + Firejail does not properly clean environment variables, which allows local users to gain privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-13 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10122.html + http://www.openwall.com/lists/oss-security/2017/01/05/4 + https://github.com/netblue30/firejail/commit/3b81e1f2c331644ced87d26a943b22eed6242b8f + https://github.com/netblue30/firejail/commit/72bc0e145c67da24e555d868086953148c52b5fc + + + + + + + + + + CVE-2016-10128 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-24 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10128.html + https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834 + + + + + + + + + + CVE-2016-10129 on Ubuntu 20.04 (focal) - medium. + The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-24 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10129.html + https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a + + + + + + + + + + CVE-2016-10130 on Ubuntu 20.04 (focal) - medium. + The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-24 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10130.html + https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 + + + + + + + + + + CVE-2016-10148 on Ubuntu 20.04 (focal) - medium. + The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10148.html + http://www.openwall.com/lists/oss-security/2016/08/20/1 + https://core.trac.wordpress.org/changeset/38168 + https://core.trac.wordpress.org/ticket/37490 + https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html + + + + + + + + + + CVE-2016-10187 on Ubuntu 20.04 (focal) - medium. + The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-16 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853004 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10187.html + http://www.openwall.com/lists/oss-security/2017/01/29/8 + + + + + + + + + + CVE-2016-10188 on Ubuntu 20.04 (focal) - medium. + Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-14 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10188.html + https://bugs.bitlbee.org/ticket/1281 + http://www.openwall.com/lists/oss-security/2017/01/30/4 + + + + + + + + + + CVE-2016-10189 on Ubuntu 20.04 (focal) - medium. + BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-14 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10189.html + https://bugs.bitlbee.org/ticket/1282 + http://www.openwall.com/lists/oss-security/2017/01/30/4 + https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 + + + + + + + + + + CVE-2016-10201 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10201.html + http://seclists.org/bugtraq/2017/Feb/5 + https://www.foxmole.com/advisories/foxmole-2016-07-05.txt + http://www.openwall.com/lists/oss-security/2017/02/05/1 + + + + + + + + + + CVE-2016-10202 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10202.html + http://seclists.org/bugtraq/2017/Feb/5 + https://www.foxmole.com/advisories/foxmole-2016-07-05.txt + http://www.openwall.com/lists/oss-security/2017/02/05/1 + + + + + + + + + + CVE-2016-10203 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10203.html + http://seclists.org/bugtraq/2017/Feb/5 + https://www.foxmole.com/advisories/foxmole-2016-07-05.txt + http://www.openwall.com/lists/oss-security/2017/02/05/1 + + + + + + + + + + CVE-2016-10204 on Ubuntu 20.04 (focal) - medium. + SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10204.html + http://seclists.org/bugtraq/2017/Feb/5 + https://www.foxmole.com/advisories/foxmole-2016-07-05.txt + http://www.openwall.com/lists/oss-security/2017/02/05/1 + + + + + + + + + + CVE-2016-10205 on Ubuntu 20.04 (focal) - medium. + Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10205.html + http://seclists.org/bugtraq/2017/Feb/5 + https://www.foxmole.com/advisories/foxmole-2016-07-05.txt + http://www.openwall.com/lists/oss-security/2017/02/05/1 + + + + + + + + + + CVE-2016-10206 on Ubuntu 20.04 (focal) - medium. + Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854272 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10206.html + http://seclists.org/bugtraq/2017/Feb/5 + https://www.foxmole.com/advisories/foxmole-2016-07-05.txt + http://www.openwall.com/lists/oss-security/2017/02/05/1 + + + + + + + + + + CVE-2016-10210 on Ubuntu 20.04 (focal) - low. + libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + https://github.com/VirusTotal/yara/issues/576 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10210.html + + + + + + + + + + CVE-2016-10211 on Ubuntu 20.04 (focal) - low. + libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + https://github.com/VirusTotal/yara/issues/575 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10211.html + + + + + + + + + + CVE-2016-10222 on Ubuntu 20.04 (focal) - medium. + runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + https://bugs.webkit.org/show_bug.cgi?id=164123 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10222.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2016-10226 on Ubuntu 20.04 (focal) - medium. + JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + https://bugs.webkit.org/show_bug.cgi?id=165091 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10226.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2016-10228 on Ubuntu 20.04 (focal) - negligible. + The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-03-02 01:59:00 UTC + Jan Engelhardt + https://sourceware.org/bugzilla/show_bug.cgi?id=19519 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856503 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10228.html + + + + + + + + + + CVE-2016-10245 on Ubuntu 20.04 (focal) - medium. + Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-24 17:29:00 UTC + 2019-05-24 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10245.html + http://www.stack.nl/~dimitri/doxygen/manual/changelog.html#log_1_8_12 + https://bugzilla.gnome.org/show_bug.cgi?id=762934 + https://ubuntu.com/security/notices/USN-4002-1 + + + + + + + + + + + + + CVE-2016-10345 on Ubuntu 20.04 (focal) - medium. + In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-18 20:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10345.html + https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441 + https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG + + + + + + + + + + CVE-2016-10374 on Ubuntu 20.04 (focal) - low. + perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-17 19:29:00 UTC + Paul Wise + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862667 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10374.html + https://bugs.debian.org/862667 + + + + + + + + + + CVE-2016-10375 on Ubuntu 20.04 (focal) - medium. + Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-26 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10375.html + https://github.com/fbb-git/yodl/issues/1 + https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3 + + + + + + + + + + CVE-2016-10376 on Ubuntu 20.04 (focal) - medium. + Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-28 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863445 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10376.html + https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc + https://dev.gajim.org/gajim/gajim/issues/8378 + https://bugs.debian.org/863445 + https://mail.jabber.org/pipermail/standards/2016-August/031335.html + + + + + + + + + + CVE-2016-10506 on Ubuntu 20.04 (focal) - medium. + Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. It was discovered that OpenJPEG incorrectly handled certain j2k files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-30 09:29:00 UTC + Ke Liu + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10506.html + https://github.com/uclouvain/openjpeg/issues/731 + https://github.com/uclouvain/openjpeg/issues/732 + https://github.com/uclouvain/openjpeg/issues/777 + https://github.com/uclouvain/openjpeg/issues/778 + https://github.com/uclouvain/openjpeg/issues/779 + https://github.com/uclouvain/openjpeg/issues/780 + + + + + + + + + + CVE-2016-10515 on Ubuntu 20.04 (focal) - medium. + In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10515.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2016-10531 on Ubuntu 20.04 (focal) - medium. + marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-31 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10531.html + https://github.com/chjj/marked/pull/592 + https://github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523 + https://nodesecurity.io/advisories/101 + + + + + + + + + + CVE-2016-10539 on Ubuntu 20.04 (focal) - medium. + negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-31 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10539.html + https://nodesecurity.io/advisories/106 + + + + + + + + + + CVE-2016-10540 on Ubuntu 20.04 (focal) - medium. + Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. It was discovered that Minimatch did not perform necessary bounds checking on regular expressions. An attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-31 20:29:00 UTC + mikesalvatore + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10540.html + https://nodesecurity.io/advisories/118 + + + + + + + + + + CVE-2016-10542 on Ubuntu 20.04 (focal) - medium. + ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-31 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10542.html + https://github.com/nodejs/node/issues/7388 + https://nodesecurity.io/advisories/120 + + + + + + + + + + CVE-2016-10723 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-21 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10723.html + https://patchwork.kernel.org/patch/10395909/ + https://patchwork.kernel.org/patch/9842889/ + https://www.spinics.net/lists/linux-mm/msg117896.html + https://lore.kernel.org/lkml/cb2d635c-c14d-c2cc-868a-d4c447364f0d@i-love.sakura.ne.jp/ + https://lore.kernel.org/lkml/195a512f-aecc-f8cf-f409-6c42ee924a8c@i-love.sakura.ne.jp/ + + + + tyhicks> 9bfe5ded054b8e28a94c78580f233d6879a00146 may be an incomplete fix; see the lore.kernel.org references above tyhicks> As of 2019-01-24, we're deferring this issue since there's not a complete, low risk fix available + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2016-10729 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-24 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10729.html + https://www.exploit-db.com/exploits/39217/ + + + + + + + + + + CVE-2016-10730 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-24 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10730.html + https://www.exploit-db.com/exploits/39244/ + + + + + + + + + + CVE-2016-10735 on Ubuntu 20.04 (focal) - low. + In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-09 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10735.html + https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ + https://github.com/twbs/bootstrap/issues/20184 + https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906 + https://github.com/twbs/bootstrap/pull/23679 + https://github.com/twbs/bootstrap/pull/23687 + https://github.com/twbs/bootstrap/pull/26460 + + + + + + + + + + + + + CVE-2016-10739 on Ubuntu 20.04 (focal) - low. + In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-21 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920047 + https://bugzilla.redhat.com/show_bug.cgi?id=1347549 + https://sourceware.org/bugzilla/show_bug.cgi?id=20018 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10739.html + + + + mdeslaur> glibc uses this internally to parse config files, fixing this mdeslaur> may introduce unwanted regressions and changes in behaviour leosilva> See CVE-2019-18348 for Python that is affected by this issue. + + + + + + + + + CVE-2016-10894 on Ubuntu 20.04 (focal) - medium. + xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-16 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830726 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10894.html + https://bugs.debian.org/830726 + + + + + + + + + + CVE-2016-10937 on Ubuntu 20.04 (focal) - medium. + IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. It was discovered that IMAPFilter incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-08 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939702 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10937.html + https://github.com/lefcha/imapfilter/issues/142 + https://bugs.debian.org/939702 + + + + + + + + + + CVE-2016-11086 on Ubuntu 20.04 (focal) - medium. + lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-24 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-11086.html + https://github.com/oauth-xx/oauth-ruby/issues/137 + + + + + + + + + + CVE-2016-1235 on Ubuntu 20.04 (focal) - medium. + The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. It was discovered that OAR incorrectly handled OpenSSH options. An attacker could possibly use this issue to obtain sensitive information or gain privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-04-11 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819952 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1235.html + https://raw.githubusercontent.com/oar-team/oar/ce77ffed620fdce94881c9b35064507777c24a1c/debian/patches/004-fix-oarsh-security-issue + + + + + + + + + + CVE-2016-1241 on Ubuntu 20.04 (focal) - medium. + Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-07 19:28:00 UTC + https://bugs.tryton.org/issue5795 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1241.html + + + + ebarretto> password_hash introduced in 3.2.x + + + + + + + + + CVE-2016-1242 on Ubuntu 20.04 (focal) - medium. + file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-07 19:28:00 UTC + https://bugs.tryton.org/issue5808 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1242.html + + + + + + + + + + CVE-2016-1249 on Ubuntu 20.04 (focal) - low. + The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 02:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844475 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1249.html + http://www.openwall.com/lists/oss-security/2016/11/16/1 + + + + + + + + + + CVE-2016-1251 on Ubuntu 20.04 (focal) - low. + There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-11-29 20:59:00 UTC + Pali Rohár + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1251.html + http://www.openwall.com/lists/oss-security/2016/11/28/2 + https://tracker.debian.org/news/819888 + + + + mdeslaur> only an issue with mysql_server_prepare=1, which is not the mdeslaur> default. + + + + + + + + + CVE-2016-1585 on Ubuntu 20.04 (focal) - medium. + In all versions of AppArmor mount rules are accidentally widened when compiled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-22 16:29:00 UTC + https://bugs.launchpad.net/apparmor/+bug/1597017 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1585.html + + + + mdeslaur> no fix as of 2020-10-19 + + + + + + + + + CVE-2016-1927 on Ubuntu 20.04 (focal) - medium. + The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-02-20 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1927.html + https://www.phpmyadmin.net/security/PMASA-2016-4/ + + + + seth-arnold> previous passwords made with this tool should be regenerated + + + + + + + + + CVE-2016-20011 on Ubuntu 20.04 (focal) - medium. + libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989149 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-20011.html + https://bugzilla.gnome.org/show_bug.cgi?id=772647 + https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 + + + + + + + + + + CVE-2016-2038 on Ubuntu 20.04 (focal) - low. + phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-02-20 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2038.html + https://www.phpmyadmin.net/security/PMASA-2016-1/ + + + + + + + + + + CVE-2016-2039 on Ubuntu 20.04 (focal) - medium. + libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-02-20 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2039.html + https://www.phpmyadmin.net/security/PMASA-2016-2/ + + + + + + + + + + CVE-2016-2040 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-02-20 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2040.html + https://www.phpmyadmin.net/security/PMASA-2016-3/ + + + + + + + + + + CVE-2016-2041 on Ubuntu 20.04 (focal) - medium. + libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-02-20 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2041.html + https://www.phpmyadmin.net/security/PMASA-2016-5/ + + + + + + + + + + CVE-2016-2042 on Ubuntu 20.04 (focal) - low. + phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-02-20 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2042.html + https://www.phpmyadmin.net/security/PMASA-2016-6/ + + + + + + + + + + CVE-2016-2043 on Ubuntu 20.04 (focal) - low. + Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-02-20 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2043.html + https://www.phpmyadmin.net/security/PMASA-2016-7/ + + + + + + + + + + CVE-2016-2044 on Ubuntu 20.04 (focal) - low. + libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-02-20 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2044.html + https://www.phpmyadmin.net/security/PMASA-2016-8/ + + + + + + + + + + CVE-2016-2045 on Ubuntu 20.04 (focal) - low. + Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-02-20 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2045.html + https://www.phpmyadmin.net/security/PMASA-2016-9/ + + + + + + + + + + CVE-2016-2086 on Ubuntu 20.04 (focal) - low. + Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-04-07 21:59:00 UTC + Régis Leroy + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2086.html + https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ + https://bugzilla.redhat.com/show_bug.cgi?id=1306200 + + + + + + + + + + CVE-2016-2087 on Ubuntu 20.04 (focal) - low. + Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 17:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852275 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2087.html + http://packetstormsecurity.com/files/136564/Hexchat-IRC-Client-2.11.0-Directory-Traversal.html + https://www.exploit-db.com/exploits/39656/ + + + + mdeslaur> patch is reverted in debian's hexchat package because it was mdeslaur> causing a regression for some use-cases. mdeslaur> logging the server name isn't the default configuration. + + + + + + + + + + + + CVE-2016-2099 on Ubuntu 20.04 (focal) - medium. + Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. It was discovered that Xerces-C XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-05-13 14:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823863 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2099.html + https://issues.apache.org/jira/browse/XERCESC-2066 + + + + + + + + + + CVE-2016-2120 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-01 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2120.html + https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/ + + + + + + + + + + CVE-2016-2141 on Ubuntu 20.04 (focal) - medium. + JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-30 16:59:00 UTC + Dennis Reed + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2141.html + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2141 + https://access.redhat.com/articles/2360521 + + + + + + + + + + CVE-2016-2175 on Ubuntu 20.04 (focal) - medium. + Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-01 20:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2175.html + http://seclists.org/oss-sec/2016/q2/419 + + + + + + + + + + CVE-2016-2216 on Ubuntu 20.04 (focal) - low. + The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-04-07 21:59:00 UTC + Сковорода Никита Андреевич and Amit Klein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2216.html + https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ + + + + + + + + + + CVE-2016-2226 on Ubuntu 20.04 (focal) - low. + Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 20:59:00 UTC + 2017-02-24 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840358 (ht) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840360 (libiberty) + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2226.html + https://ubuntu.com/security/notices/USN-3337-1 + https://ubuntu.com/security/notices/USN-3368-1 + https://ubuntu.com/security/notices/USN-3367-1 + + + + + + + + + + + + + + + + + + CVE-2016-2233 on Ubuntu 20.04 (focal) - low. + Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2233.html + http://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-Handling-Buffer-Overflow.html + https://www.exploit-db.com/exploits/39657/ + + + + + + + + + + CVE-2016-2347 on Ubuntu 20.04 (focal) - medium. + Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-21 20:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2347.html + http://www.talosintel.com/reports/TALOS-2016-0095/ + + + + + + + + + + CVE-2016-2379 on Ubuntu 20.04 (focal) - low. + The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-29 20:59:00 UTC + Yves Younan + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2379.html + http://www.talosintelligence.com/reports/TALOS-2016-0122/ + https://pidgin.im/news/security/?id=95 + https://security.gentoo.org/glsa/201701-38 + + + + mdeslaur> fundamental problem with the Mxit protocol + + + + + + + + + CVE-2016-2385 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-04-11 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2385.html + https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643 + http://www.openwall.com/lists/oss-security/2016/02/15/4 + + + + + + + + + + CVE-2016-2559 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-03-01 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2559.html + https://www.phpmyadmin.net/security/PMASA-2016-10/ + https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c + + + + + + + + + + CVE-2016-2560 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-03-01 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2560.html + https://www.phpmyadmin.net/security/PMASA-2016-11/ + https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f + https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32 + https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc + https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4 + https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078 + + + + + + + + + + CVE-2016-2561 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-03-01 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2561.html + https://www.phpmyadmin.net/security/PMASA-2016-12/ + https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e + https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b + https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef + https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f + https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775 + https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372 + + + + + + + + + + CVE-2016-2562 on Ubuntu 20.04 (focal) - medium. + The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-03-01 11:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2562.html + https://www.phpmyadmin.net/security/PMASA-2016-13/ + https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976 + + + + + + + + + + CVE-2016-2568 on Ubuntu 20.04 (focal) - low. + pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-13 18:59:00 UTC + Federico Manuel Bento + https://bugzilla.redhat.com/show_bug.cgi?id=1299955 + https://bugzilla.redhat.com/show_bug.cgi?id=1300746 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2568.html + http://seclists.org/oss-sec/2016/q1/443 + https://lore.kernel.org/patchwork/patch/793178/ + + + + mdeslaur> no fix available as of 2021-05-26 + + + + + + + + + CVE-2016-2775 on Ubuntu 20.04 (focal) - medium. + ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-19 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2775.html + https://kb.isc.org/article/AA-01393/74/CVE-2016-2775 + + + + mdeslaur> only if lwres is configured (not the default) mdeslaur> lwresd package is in universe + + + + + + + + + CVE-2016-2779 on Ubuntu 20.04 (focal) - low. + runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-07 15:59:00 UTC + Federico Bento + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922 + https://bugzilla.redhat.com/show_bug.cgi?id=1312852 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2779.html + http://www.openwall.com/lists/oss-security/2016/02/27/1 + http://marc.info/?l=util-linux-ng&m=145694736107128&w=2 + + + + mdeslaur> 2.31 introduced a --pty option that can be used + + + + + + + + + CVE-2016-2781 on Ubuntu 20.04 (focal) - low. + chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-07 15:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 + https://bugzilla.redhat.com/show_bug.cgi?id=1312863 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2781.html + http://seclists.org/oss-sec/2016/q1/452 + https://lore.kernel.org/patchwork/patch/793178/ + + + + mdeslaur> as of 2017-08-01, no viable solution + + + + + + + + + CVE-2016-2854 on Ubuntu 20.04 (focal) - low. + The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-05-02 10:59:00 UTC + https://launchpad.net/bugs/1554262 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2854.html + http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/ + https://sourceforge.net/p/aufs/mailman/message/34864744/ + + + + sbeattie> requires aufs module inserted with allow_userns option, which is not the default sbeattie> in upstream aufs on 2016-02-19, marking kernel's that imported aufs after that date as not-affected + + + + + + + + + + + + + + + + CVE-2016-2860 on Ubuntu 20.04 (focal) - medium. + The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-05-13 16:59:00 UTC + Peter Iannucci + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2860.html + https://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt + + + + + + + + + + CVE-2016-3066 on Ubuntu 20.04 (focal) - low. + The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-06 18:29:00 UTC + Daniel P. Berrange + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3066.html + https://bugzilla.redhat.com/show_bug.cgi?id=1320263 + + + + seth-arnold> Hans de Goede comments in the Red Hat bug that the clipboard synchronization can be turned off at the server. I'm marking this 'low' as a result of the configuration option being available. + + + + + + + + + CVE-2016-3088 on Ubuntu 20.04 (focal) - medium. + The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-01 20:59:00 UTC + Simon Zuckerbraun and Andrea Micalizzi + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3088.html + http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt + + + + tyhicks> Affects "Apache ActiveMQ 5.0.0 - 5.13.2" msalvatore> No upstream patch available for 5.13. Fileserver feature has been completely msalvatore> removed starting with 5.14.0 + + + + + + + + + CVE-2016-3092 on Ubuntu 20.04 (focal) - medium. + The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-04 22:59:00 UTC + 2016-06-23 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802312 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3092.html + http://markmail.org/message/oyxfv73jb2g7rjg3 + https://ubuntu.com/security/notices/USN-3024-1 + https://ubuntu.com/security/notices/USN-3027-1 + + + + + + + + + + + + + CVE-2016-3104 on Ubuntu 20.04 (focal) - low. + mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-14 18:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3104.html + https://jira.mongodb.org/browse/SERVER-24378 + + + + ratliff> The mongodb advisory recommend upgrading to latest 2.6. No 2.4 patch + + + + + + + + + CVE-2016-3125 on Ubuntu 20.04 (focal) - medium. + The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-04-05 20:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3125.html + http://bugs.proftpd.org/show_bug.cgi?id=4230 + http://www.openwall.com/lists/oss-security/2016/03/11/14 + http://proftpd.org/docs/RELEASE_NOTES-1.3.5b + + + + + + + + + + CVE-2016-3153 on Ubuntu 20.04 (focal) - medium. + SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-04-08 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3153.html + http://www.openwall.com/lists/oss-security/2016/03/15/2 + + + + + + + + + + CVE-2016-3154 on Ubuntu 20.04 (focal) - medium. + The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-04-08 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3154.html + http://www.openwall.com/lists/oss-security/2016/03/15/2 + + + + + + + + + + CVE-2016-3616 on Ubuntu 20.04 (focal) - low. + The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-13 18:59:00 UTC + 2017-02-13 + mdeslaur + Aladdin Mubaied + https://bugzilla.redhat.com/show_bug.cgi?id=1319661 + https://bugzilla.redhat.com/show_bug.cgi?id=1318509 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3616.html + https://ubuntu.com/security/notices/USN-3706-1 + https://ubuntu.com/security/notices/USN-3706-2 + + + + mdeslaur> only affects the cjpeg tool, which isn't shipped in libjpeg6b + + + + + + + + + + + + CVE-2016-3674 on Ubuntu 20.04 (focal) - medium. + Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-05-17 14:08:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819455 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3674.html + http://x-stream.github.io/changes.html#1.4.9 + + + + + + + + + + CVE-2016-3720 on Ubuntu 20.04 (focal) - medium. + XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-10 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3720.html + https://github.com/FasterXML/jackson-dataformat-xml/commit/f0f19a4c924d9db9a1e2830434061c8640092cc0 (2.7.4) + + + + + + + + + + CVE-2016-3861 on Ubuntu 20.04 (focal) - medium. + LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-11 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3861.html + http://source.android.com/security/bulletin/2016-09-01.html + https://android.googlesource.com/platform/frameworks/av/+/3944c65637dfed14a5a895685edfa4bacaf9f76e + https://android.googlesource.com/platform/frameworks/base/+/866dc26ad4a98cc835d075b627326e7d7e52ffa1 + https://android.googlesource.com/platform/frameworks/native/+/1f4b49e64adf4623eefda503bca61e253597b9bf + https://android.googlesource.com/platform/system/core/+/ecf5fd58a8f50362ce9e8d4245a33d56f29f142b + + + + + + + + + + CVE-2016-3956 on Ubuntu 20.04 (focal) - medium. + The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. It was discovered that the npm command-line interface mishandled certain sensitive information. An attacker could use this vulnerability to collect authentication information that could be used to impersonate other users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-02 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3956.html + https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/ + https://github.com/npm/npm/issues/8380 + http://www-01.ibm.com/support/docview.wss?uid=swg21980827 + http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability + + + + + + + + + + CVE-2016-4021 on Ubuntu 20.04 (focal) - low. + The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. It was discovered that PGPdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-05-26 14:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773747 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4021.html + https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt + + + + + + + + + + CVE-2016-4029 on Ubuntu 20.04 (focal) - medium. + WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-08-07 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4029.html + http://codex.wordpress.org/Version_4.5 + https://core.trac.wordpress.org/query?status=closed&milestone=4.5 + + + + + + + + + + CVE-2016-4055 on Ubuntu 20.04 (focal) - medium. + The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." It was discovered that moment mishandled certain regular expressions. An attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4055.html + + + + + + + + + + CVE-2016-4216 on Ubuntu 20.04 (focal) - medium. + XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-13 02:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4216.html + https://helpx.adobe.com/security/products/xmpcore/apsb16-24.html + + + + + + + + + + CVE-2016-4303 on Ubuntu 20.04 (focal) - medium. + The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. It was discovered that iperf mishandled certain UTF8 and UTF16 strings. A remote attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-26 14:59:00 UTC + Dave McDaniel + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827116 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4303.html + https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc + + + + sbeattie> embedded copy of cjson? + + + + + + + + + CVE-2016-4338 on Ubuntu 20.04 (focal) - medium. + The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter. It was discovered that Zabbix incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code or SQL commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823329 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4338.html + http://seclists.org/bugtraq/2016/May/11 + https://support.zabbix.com/browse/ZBX-10741 + + + + + + + + + + CVE-2016-4412 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4412.html + https://www.phpmyadmin.net/security/PMASA-2016-57/ + + + + + + + + + + CVE-2016-4414 on Ubuntu 20.04 (focal) - low. + The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-06-13 19:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4414.html + https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100 + http://www.openwall.com/lists/oss-security/2016/04/30/2 + + + + sbeattie> affect quassel 0.10 through 0.12.3) + + + + + + + + + CVE-2016-4423 on Ubuntu 20.04 (focal) - medium. + The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-01 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4423.html + https://github.com/symfony/symfony/pull/18733 + https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session + + + + + + + + + + CVE-2016-4429 on Ubuntu 20.04 (focal) - low. + Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-06-10 15:59:00 UTC + 2016-06-10 + leosilva + Aldy Hernandez + https://sourceware.org/bugzilla/show_bug.cgi?id=20112 + https://bugzilla.redhat.com/show_bug.cgi?id=1337136 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4429.html + https://ubuntu.com/security/notices/USN-3239-1 + https://ubuntu.com/security/notices/USN-3759-1 + https://ubuntu.com/security/notices/USN-3759-2 + + + + + + + + + + + + + + CVE-2016-4434 on Ubuntu 20.04 (focal) - medium. + Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-30 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825501 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4434.html + + + + + + + + + + CVE-2016-4437 on Ubuntu 20.04 (focal) - medium. + Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-07 14:06:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4437.html + + + + + + + + + + CVE-2016-4463 on Ubuntu 20.04 (focal) - medium. + Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. It was discovered that Xerces-C XML Parser fails to successfully parse a DTD that is too deeply nested. An unauthenticated attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-08 19:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828990 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4463.html + http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt + + + + + + + + + + CVE-2016-4472 on Ubuntu 20.04 (focal) - medium. + The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-30 17:59:00 UTC + 2016-05-18 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4472.html + https://ubuntu.com/security/notices/USN-3013-1 + + + + mdeslaur> fixed in USN-2983-1 in the CVE-2015-1283-refix.patch patch ebarretto> tla uses system expat as of 1.3.5+dfsg-15 + + + + + + + + + + + + + + + + + CVE-2016-4484 on Ubuntu 20.04 (focal) - low. + The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + Ismael Ripoll and Hector Marco-Gisbert + https://launchpad.net/bugs/1660701 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4484.html + + + + + + + + + + CVE-2016-4487 on Ubuntu 20.04 (focal) - low. + Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 20:59:00 UTC + 2017-02-24 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840358 (ht) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840360 (libiberty) + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4487.html + https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html + https://ubuntu.com/security/notices/USN-3337-1 + https://ubuntu.com/security/notices/USN-3368-1 + https://ubuntu.com/security/notices/USN-3367-1 + + + + mdeslaur> same binutils commit as CVE-2016-2226 + + + + + + + + + + + + + + + + + CVE-2016-4488 on Ubuntu 20.04 (focal) - low. + Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 20:59:00 UTC + 2017-02-24 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840358 (ht) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840360 (libiberty) + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4488.html + https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html + https://ubuntu.com/security/notices/USN-3337-1 + https://ubuntu.com/security/notices/USN-3368-1 + https://ubuntu.com/security/notices/USN-3367-1 + + + + mdeslaur> same commit as CVE-2016-4487 mdeslaur> same binutils commit as CVE-2016-2226 + + + + + + + + + + + + + + + + + CVE-2016-4489 on Ubuntu 20.04 (focal) - low. + Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 20:59:00 UTC + 2017-02-24 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840358 (ht) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840360 (libiberty) + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4489.html + https://ubuntu.com/security/notices/USN-3337-1 + https://ubuntu.com/security/notices/USN-3368-1 + https://ubuntu.com/security/notices/USN-3367-1 + + + + mdeslaur> same binutils commit as CVE-2016-2226 + + + + + + + + + + + + + + + + + CVE-2016-4490 on Ubuntu 20.04 (focal) - low. + Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 20:59:00 UTC + 2017-02-24 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840358 (ht) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840360 (libiberty) + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4490.html + https://ubuntu.com/security/notices/USN-3337-1 + https://ubuntu.com/security/notices/USN-3368-1 + https://ubuntu.com/security/notices/USN-3367-1 + + + + mdeslaur> same binutils commit as CVE-2016-2226 + + + + + + + + + + + + + + + + + CVE-2016-4491 on Ubuntu 20.04 (focal) - low. + The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 20:59:00 UTC + 2017-02-24 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4491.html + https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html + https://ubuntu.com/security/notices/USN-3337-1 + https://ubuntu.com/security/notices/USN-3368-1 + https://ubuntu.com/security/notices/USN-3367-1 + + + + + + + + + + + + + + + + + + CVE-2016-4492 on Ubuntu 20.04 (focal) - low. + Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 20:59:00 UTC + 2017-02-24 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840358 (ht) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840360 (libiberty) + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4492.html + https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html + https://ubuntu.com/security/notices/USN-3337-1 + https://ubuntu.com/security/notices/USN-3368-1 + https://ubuntu.com/security/notices/USN-3367-1 + + + + mdeslaur> same binutils commit as CVE-2016-2226 + + + + + + + + + + + + + + + + + CVE-2016-4493 on Ubuntu 20.04 (focal) - low. + The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 20:59:00 UTC + 2017-02-24 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4493.html + https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html + https://ubuntu.com/security/notices/USN-3337-1 + https://ubuntu.com/security/notices/USN-3368-1 + https://ubuntu.com/security/notices/USN-3367-1 + + + + mdeslaur> same commit as CVE-2016-4492 + + + + + + + + + + + + + + + + + CVE-2016-4536 on Ubuntu 20.04 (focal) - medium. + The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-05-13 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4536.html + https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt + + + + + + + + + + CVE-2016-4561 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-05-10 19:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4561.html + http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7 + http://www.openwall.com/lists/oss-security/2016/05/06/8 + + + + + + + + + + CVE-2016-4566 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-05-22 01:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823640 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4566.html + https://wordpress.org/news/2016/05/wordpress-4-5-2/ + http://www.openwall.com/lists/oss-security/2016/05/07/2 + + + + + + + + + + CVE-2016-4567 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-05-22 01:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823649 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4567.html + https://core.trac.wordpress.org/changeset/37370 + http://www.openwall.com/lists/oss-security/2016/05/07/2 + + + + + + + + + + CVE-2016-4570 on Ubuntu 20.04 (focal) - medium. + The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-03 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4570.html + http://www.openwall.com/lists/oss-security/2016/05/07/8 + + + + + + + + + + CVE-2016-4571 on Ubuntu 20.04 (focal) - medium. + The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-03 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4571.html + http://www.openwall.com/lists/oss-security/2016/05/07/8 + + + + + + + + + + CVE-2016-4855 on Ubuntu 20.04 (focal) - negligible. + Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-05-12 18:29:00 UTC + https://github.com/ADOdb/ADOdb/issues/274 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4855.html + https://jvn.jp/en/jp/JVN48237713/ + + + + + + + + + + CVE-2016-4970 on Ubuntu 20.04 (focal) - medium. + handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-13 14:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827620 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4970 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4970.html + + + + seth-arnold> Users can use -Djdk.tls.rejectClientInitiatedRenegotiation=true to disable renegotiation and avoid this issue. seth-arnold> Versions affected: Netty 4.0.0.Final - 4.0.36.Final and 4.1.0.Final + + + + + + + + + CVE-2016-4972 on Ubuntu 20.04 (focal) - medium. + OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-26 16:59:00 UTC + Kirill Zaitsev + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828062 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828063 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828064 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4972.html + https://marc.info/?l=oss-security&m=146670562610827&w=2 + + + + + + + + + + + + + + CVE-2016-4973 on Ubuntu 20.04 (focal) - low. + Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-07 20:29:00 UTC + Yaakov Selkowitz + https://bugzilla.redhat.com/show_bug.cgi?id=1324759 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4973.html + + + + mdeslaur> ubuntu uses SSP from glibc, marking gcc as not-affected + + + + + + + + + CVE-2016-5000 on Ubuntu 20.04 (focal) - negligible. + The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-08-05 14:59:00 UTC + Mauro Gentile + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5000.html + https://marc.info/?l=oss-security&m=146921513313216&w=2 + + + + seth-arnold> Debian says the vulnerable example isn't packaged + + + + + + + + + CVE-2016-5007 on Ubuntu 20.04 (focal) - medium. + Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-25 17:29:00 UTC + Clément Notin + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5007.html + https://pivotal.io/security/cve-2016-5007 + + + + + + + + + + CVE-2016-5011 on Ubuntu 20.04 (focal) - low. + The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-11 15:59:00 UTC + Christian Moch and Michael Gruhn + https://bugzilla.redhat.com/show_bug.cgi?id=1349536 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830802 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5011.html + + + + + + + + + + CVE-2016-5027 on Ubuntu 20.04 (focal) - medium. + dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 20:59:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1330237 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5027.html + + + + + + + + + + CVE-2016-5028 on Ubuntu 20.04 (focal) - medium. + The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5028.html + + + + + + + + + + CVE-2016-5029 on Ubuntu 20.04 (focal) - medium. + The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5029.html + + + + + + + + + + CVE-2016-5030 on Ubuntu 20.04 (focal) - medium. + The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5030.html + + + + + + + + + + CVE-2016-5031 on Ubuntu 20.04 (focal) - medium. + The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5031.html + + + + + + + + + + CVE-2016-5032 on Ubuntu 20.04 (focal) - medium. + The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5032.html + + + + + + + + + + CVE-2016-5033 on Ubuntu 20.04 (focal) - medium. + The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5033.html + + + + + + + + + + CVE-2016-5035 on Ubuntu 20.04 (focal) - medium. + The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5035.html + + + + + + + + + + CVE-2016-5037 on Ubuntu 20.04 (focal) - untriaged. + The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5037.html + + + + + + + + + + CVE-2016-5040 on Ubuntu 20.04 (focal) - untriaged. + libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5040.html + + + + + + + + + + CVE-2016-5041 on Ubuntu 20.04 (focal) - untriaged. + dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2017 Canonical Ltd. + 2017-04-10 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5041.html + + + + + + + + + + CVE-2016-5043 on Ubuntu 20.04 (focal) - untriaged. + The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5043.html + + + + + + + + + + CVE-2016-5044 on Ubuntu 20.04 (focal) - untriaged. + The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5044.html + + + + + + + + + + CVE-2016-5097 on Ubuntu 20.04 (focal) - medium. + phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-05 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5097.html + https://www.phpmyadmin.net/security/PMASA-2016-14/ + + + + + + + + + + CVE-2016-5099 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-05 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5099.html + https://www.phpmyadmin.net/security/PMASA-2016-16/ + + + + + + + + + + CVE-2016-5115 on Ubuntu 20.04 (focal) - low. + The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-03 15:59:00 UTC + Gustavo Grieco + https://trac.mplayerhq.hu/ticket/2298 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5115.html + + + + mdeslaur> no details as of 2016-10-18 ebarretto> no details as of 2019-03-01 + + + + + + + + + CVE-2016-5300 on Ubuntu 20.04 (focal) - medium. + The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-16 18:59:00 UTC + 2016-06-06 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5300.html + http://seclists.org/oss-sec/2016/q2/468 + https://ubuntu.com/security/notices/USN-3013-1 + https://ubuntu.com/security/notices/USN-3010-1 + + + + ebarretto> tla uses system expat as of 1.3.5+dfsg-15 + + + + + + + + + + + + + CVE-2016-5301 on Ubuntu 20.04 (focal) - medium. + The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. It was discovered that libtorrent improperly handles chunked headers. A remote Attacker could possibly use this to cause a crash resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-30 17:59:00 UTC + https://github.com/arvidn/libtorrent/issues/780 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826380 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5301.html + + + + + + + + + + CVE-2016-5397 on Ubuntu 20.04 (focal) - medium. + The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-12 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894577 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5397.html + https://issues.apache.org/jira/browse/THRIFT-3893 + https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e + + + + + + + + + + CVE-2016-5404 on Ubuntu 20.04 (focal) - low. + The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. It was discovered that FreeIPA incorrectly handled certificates. An attacker could possibly use this issue to cause a denial of service by revoking arbitrary certificates. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-09-07 20:59:00 UTC + Fraser Tweedale + https://fedorahosted.org/freeipa/ticket/6232 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5404.html + + + + + + + + + + CVE-2016-5407 on Ubuntu 20.04 (focal) - low. + The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840438 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5407.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + https://lists.x.org/archives/xorg-announce/2016-October/002720.html + + + + msalvatore> patch released in 2:1.0.10-1+deb8u1 + + + + + + + + + CVE-2016-5416 on Ubuntu 20.04 (focal) - low. + 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-08 19:29:00 UTC + Viktor Ashirov + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5416.html + https://fedorahosted.org/389/ticket/48852 + https://bugzilla.redhat.com/show_bug.cgi?id=1349540 + + + + leosilva> has not patch available. + + + + + + + + + CVE-2016-5537 on Ubuntu 20.04 (focal) - medium. + Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-10-25 14:30:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852029 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5537.html + + + + + + + + + + CVE-2016-5598 on Ubuntu 20.04 (focal) - medium. + Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-10-25 14:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5598.html + + + + + + + + + + CVE-2016-5636 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-02 14:59:00 UTC + 2016-09-02 + Insu Yun + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5636.html + https://bugs.python.org/issue26171 + https://bugs.python.org/msg278228 + https://ubuntu.com/security/notices/USN-3134-1 + + + + sbeattie> issue is fixed for xenial/python3.5 and xenial/python2.7 for packages in xenial-updates, but not xenial-security sbeattie> may also need https://hg.python.org/cpython/rev/2edbdb79cd6d (see comment on python bug above) for pre-2.7.8 code and possibly 3.x code. + + + + + + + + + CVE-2016-5637 on Ubuntu 20.04 (focal) - medium. + The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted BPG image, related to a "type confusion" issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-15 18:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5637.html + http://www.kb.cert.org/vuls/id/123799 + + + + ebarretto> This CVE doesn't have much information and it appears to be ebarretto> a duplicate of CVE-2016-8710, so we are using the information ebarretto> available on CVE-2016-8710. + + + + + + + + + + + + CVE-2016-5697 on Ubuntu 20.04 (focal) - medium. + Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828076 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5697.html + + + + + + + + + + CVE-2016-5699 on Ubuntu 20.04 (focal) - medium. + CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-02 14:59:00 UTC + 2016-09-02 + Guido Vranken + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5699.html + https://bugs.python.org/issue22928 + https://ubuntu.com/security/notices/USN-3134-1 + + + + + + + + + + CVE-2016-5701 on Ubuntu 20.04 (focal) - medium. + setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5701.html + https://www.phpmyadmin.net/security/PMASA-2016-17/ + + + + + + + + + + CVE-2016-5702 on Ubuntu 20.04 (focal) - medium. + phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5702.html + https://www.phpmyadmin.net/security/PMASA-2016-18/ + + + + + + + + + + CVE-2016-5703 on Ubuntu 20.04 (focal) - medium. + SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Brian "geeknik" Carpenter + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5703.html + https://www.phpmyadmin.net/security/PMASA-2016-19/ + + + + + + + + + + CVE-2016-5704 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Nils Juenemann + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5704.html + https://www.phpmyadmin.net/security/PMASA-2016-20/ + + + + + + + + + + CVE-2016-5705 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Nils Juenemann and Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5705.html + https://www.phpmyadmin.net/security/PMASA-2016-21/ + + + + + + + + + + CVE-2016-5706 on Ubuntu 20.04 (focal) - low. + js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Deniz Cevik + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5706.html + https://www.phpmyadmin.net/security/PMASA-2016-22/ + + + + + + + + + + CVE-2016-5730 on Ubuntu 20.04 (focal) - medium. + phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5730.html + https://www.phpmyadmin.net/security/PMASA-2016-23/ + + + + + + + + + + CVE-2016-5731 on Ubuntu 20.04 (focal) - low. + Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5731.html + https://www.phpmyadmin.net/security/PMASA-2016-24/ + + + + + + + + + + CVE-2016-5732 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Emanuel Bronshtein and Nils Juenemann + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5732.html + https://www.phpmyadmin.net/security/PMASA-2016-25/ + + + + + + + + + + CVE-2016-5733 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Emanuel Bronshtein, Nils Juenemann, Mario Heiderich + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5733.html + https://www.phpmyadmin.net/security/PMASA-2016-26/ + + + + + + + + + + CVE-2016-5734 on Ubuntu 20.04 (focal) - medium. + phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Michal Čihař + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5734.html + https://www.phpmyadmin.net/security/PMASA-2016-27/ + + + + + + + + + + CVE-2016-5735 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-23 04:29:00 UTC + Choi Jaeseung + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5735.html + https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285 + http://sf.snu.ac.kr/gil.hur/publications/shovel.pdf + + + + + + + + + + CVE-2016-5739 on Ubuntu 20.04 (focal) - medium. + The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-03 01:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5739.html + https://www.phpmyadmin.net/security/PMASA-2016-28/ + + + + + + + + + + CVE-2016-5824 on Ubuntu 20.04 (focal) - low. + libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-27 22:59:00 UTC + 2017-01-27 + https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5824.html + http://seclists.org/oss-sec/2016/q2/604 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2016-5824 + https://ubuntu.com/security/notices/USN-3897-1 + https://bugzilla.mozilla.org/attachment.cgi?id=8757553 + + + + sbeattie> reproducer in mozilla attachment + + + + + + + + + CVE-2016-5832 on Ubuntu 20.04 (focal) - medium. + The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-29 14:10:00 UTC + Yassine Aboukir + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5832.html + https://wordpress.org/news/2016/06/wordpress-4-5-3/ + https://marc.info/?l=oss-security&m=146670813911482&w=2 + + + + + + + + + + CVE-2016-5833 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-29 14:10:00 UTC + Jouko Pynnonen + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5833.html + https://wordpress.org/news/2016/06/wordpress-4-5-3/ + https://marc.info/?l=oss-security&m=146670813911482&w=2 + + + + + + + + + + CVE-2016-5834 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-29 14:10:00 UTC + Divyesh Prajapati + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5834.html + https://wordpress.org/news/2016/06/wordpress-4-5-3/ + https://marc.info/?l=oss-security&m=146670813911482&w=2 + + + + + + + + + + CVE-2016-5835 on Ubuntu 20.04 (focal) - medium. + WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-29 14:10:00 UTC + John Blackbourn and Dan Moen + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5835.html + https://wordpress.org/news/2016/06/wordpress-4-5-3/ + https://marc.info/?l=oss-security&m=146670813911482&w=2 + + + + + + + + + + CVE-2016-5836 on Ubuntu 20.04 (focal) - medium. + The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-29 14:10:00 UTC + Jennifer Dodd + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5836.html + https://wordpress.org/news/2016/06/wordpress-4-5-3/ + https://marc.info/?l=oss-security&m=146670813911482&w=2 + + + + + + + + + + CVE-2016-5837 on Ubuntu 20.04 (focal) - medium. + WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-29 14:10:00 UTC + David Herrera + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5837.html + https://wordpress.org/news/2016/06/wordpress-4-5-3/ + https://marc.info/?l=oss-security&m=146670813911482&w=2 + + + + + + + + + + CVE-2016-5838 on Ubuntu 20.04 (focal) - medium. + WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-29 14:10:00 UTC + Michael Adams + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5838.html + https://wordpress.org/news/2016/06/wordpress-4-5-3/ + https://marc.info/?l=oss-security&m=146670813911482&w=2 + + + + + + + + + + CVE-2016-5839 on Ubuntu 20.04 (focal) - medium. + WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-06-29 14:10:00 UTC + Peter Westwood + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5839.html + https://wordpress.org/news/2016/06/wordpress-4-5-3/ + https://marc.info/?l=oss-security&m=146670813911482&w=2 + + + + + + + + + + CVE-2016-6127 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-03 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6127.html + + + + + + + + + + CVE-2016-6131 on Ubuntu 20.04 (focal) - low. + The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-07 15:59:00 UTC + 2017-02-07 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840889 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6131.html + https://ubuntu.com/security/notices/USN-3337-1 + https://ubuntu.com/security/notices/USN-3368-1 + https://ubuntu.com/security/notices/USN-3367-1 + + + + + + + + + + + + + + + + + + CVE-2016-6170 on Ubuntu 20.04 (focal) - low. + ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-07-06 14:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830810 + https://bugzilla.redhat.com/show_bug.cgi?id=1353563 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6170.html + https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html + https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html + https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html + https://github.com/sischkg/xfer-limit/blob/master/README.md + http://www.openwall.com/lists/oss-security/2016/07/06/3 + https://kb.isc.org/article/AA-01390/0/Operational-Notification%3A-A-party-that-is-allowed-control-over-zone-data-can-overwhelm-a-server-by-transferring-huge-quantities-of-data.html + + + + + + + + + + CVE-2016-6171 on Ubuntu 20.04 (focal) - medium. + Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-09 15:59:00 UTC + https://gitlab.labs.nic.cz/labs/knot/issues/464 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6171.html + https://gitlab.labs.nic.cz/labs/knot/merge_requests/541 + + + + + + + + + + CVE-2016-6172 on Ubuntu 20.04 (focal) - medium. + PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-26 16:59:00 UTC + https://github.com/PowerDNS/pdns/issues/4128 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6172.html + http://www.openwall.com/lists/oss-security/2016/07/06/4 + + + + + + + + + + CVE-2016-6199 on Ubuntu 20.04 (focal) - medium. + ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-07 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6199.html + https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726 + https://philwantsfish.github.io/security/java-deserialization-github + + + + pfsmorigo> GUI was deprecated after version 4.0 + + + + + + + + + CVE-2016-6254 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet. It was discovered that collectd mishandled certain malformed packets. A remote attacker could use this vulnerablility to cause collectd to crash or possibly execuite arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-08-19 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6254.html + + + + + + + + + + CVE-2016-6265 on Ubuntu 20.04 (focal) - medium. + Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-22 15:59:00 UTC + Marco Grassi + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832031 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6265.html + http://bugs.ghostscript.com/show_bug.cgi?id=696941 + + + + + + + + + + CVE-2016-6298 on Ubuntu 20.04 (focal) - medium. + The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-01 23:59:00 UTC + Dennis Detering + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6298.html + https://github.com/latchset/jwcrypto/issues/65 + https://github.com/latchset/jwcrypto/pull/66 + https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba + + + + + + + + + + CVE-2016-6318 on Ubuntu 20.04 (focal) - negligible. + Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-09-07 19:28:00 UTC + Raed Albuliwi + https://bugs.launchpad.net/ubuntu/+source/cracklib2/+bug/1617155 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6318.html + http://seclists.org/oss-sec/2016/q3/290 + + + + tyhicks> Ubuntu's chfn limits the total GECOS field length to 84 characters which is well within cracklib2's buffer size of 2048. tyhicks> libpam-cracklib is not part of the default install so PAM cracklib support is not enabled in the majority of Ubuntu installs tyhicks> Ubuntu's /etc/login.defs only allows unprivileged users to set their room number, work phone, and home phone + + + + + + + + + CVE-2016-6342 on Ubuntu 20.04 (focal) - medium. + elog 3.1.1 allows remote attackers to post data as any username in the logbook. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-27 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6342.html + https://bugzilla.redhat.com/show_bug.cgi?id=1371328 + + + + + + + + + + CVE-2016-6345 on Ubuntu 20.04 (focal) - medium. + RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-07 18:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6345.html + https://bugzilla.redhat.com/show_bug.cgi?id=1372117 + + + + + + + + + + CVE-2016-6346 on Ubuntu 20.04 (focal) - low. + RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-09-07 18:59:00 UTC + Mikhail Egorov + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6346.html + https://bugzilla.redhat.com/show_bug.cgi?id=1372120 + + + + + + + + + + CVE-2016-6347 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-20 17:59:00 UTC + Mikhail Egorov + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6347.html + https://bugzilla.redhat.com/show_bug.cgi?id=1372124 + + + + + + + + + + CVE-2016-6348 on Ubuntu 20.04 (focal) - medium. + JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-12 22:59:00 UTC + Mikhail Egorov + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6348.html + https://bugzilla.redhat.com/show_bug.cgi?id=1372129 + + + + + + + + + + CVE-2016-6354 on Ubuntu 20.04 (focal) - low. + Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-09-21 14:25:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832768 + https://bugzilla.redhat.com/show_bug.cgi?id=1360743 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6354.html + http://seclists.org/oss-sec/2016/q3/97 + + + + mdeslaur> introduced in 2.5.36 by mdeslaur> https://github.com/westes/flex/commit/9ba3187a537d6a58d345f2874d06087fd4050399 sbeattie> redhat bug claims that it's not exploitable due to followup code sbeattie> also, simply replacing yy_size_t with int on num_to_read as in the upstream patch causes even more signed comparison warnings in flex generated sources; there's a comparison against a size_t variable in YY_INPUT for one. The "correct" fix for this likely includes the additional commit mentioned in the oss-security post. sbeattie> fixing will also require recompiling anything with generated code from the versions of flex in vivid through xenial. + + + + + + + + + CVE-2016-6494 on Ubuntu 20.04 (focal) - low. + The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-10-03 18:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6494.html + http://www.openwall.com/lists/oss-security/2016/07/29/4 + + + + + + + + + + CVE-2016-6519 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-21 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838017 + https://bugs.launchpad.net/manila-ui/+bug/1597738 + https://bugzilla.suse.com/show_bug.cgi?id=988935 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6519.html + http://www.openwall.com/lists/oss-security/2016/09/15/7 + https://github.com/openstack/manila-ui/blob/d5fe23e4ba30846acdd09fa1dc61a415016a7e26/manila_ui/dashboards/project/shares/shares/tabs.py#L49 + + + + + + + + + + CVE-2016-6525 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-22 15:59:00 UTC + https://bugs.debian.org/833417 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6525.html + http://bugs.ghostscript.com/show_bug.cgi?id=696954 + http://www.openwall.com/lists/oss-security/2016/08/03/8 + + + + + + + + + + CVE-2016-6607 on Ubuntu 20.04 (focal) - medium. + XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6607.html + http://www.phpmyadmin.net/security/PMASA-2016-30/ + + + + + + + + + + CVE-2016-6609 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6609.html + http://www.phpmyadmin.net/security/PMASA-2016-32/ + + + + + + + + + + CVE-2016-6610 on Ubuntu 20.04 (focal) - negligible. + A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6610.html + http://www.phpmyadmin.net/security/PMASA-2016-33/ + + + + + + + + + + CVE-2016-6611 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6611.html + http://www.phpmyadmin.net/security/PMASA-2016-34/ + + + + + + + + + + CVE-2016-6612 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6612.html + http://www.phpmyadmin.net/security/PMASA-2016-35/ + + + + + + + + + + CVE-2016-6613 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6613.html + http://www.phpmyadmin.net/security/PMASA-2016-36/ + + + + + + + + + + CVE-2016-6614 on Ubuntu 20.04 (focal) - low. + An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6614.html + http://www.phpmyadmin.net/security/PMASA-2016-37/ + + + + ratliff> Upstream notes mitigating factors + + + + + + + + + CVE-2016-6615 on Ubuntu 20.04 (focal) - negligible. + XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6615.html + http://www.phpmyadmin.net/security/PMASA-2016-38/ + + + + + + + + + + CVE-2016-6616 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6616.html + http://www.phpmyadmin.net/security/PMASA-2016-39/ + + + + + + + + + + CVE-2016-6618 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6618.html + http://www.phpmyadmin.net/security/PMASA-2016-41/ + + + + + + + + + + CVE-2016-6619 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6619.html + http://www.phpmyadmin.net/security/PMASA-2016-42/ + + + + + + + + + + CVE-2016-6620 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6620.html + http://www.phpmyadmin.net/security/PMASA-2016-43/ + + + + + + + + + + CVE-2016-6621 on Ubuntu 20.04 (focal) - medium. + The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-31 19:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6621.html + https://github.com/phpmyadmin/phpmyadmin/issues/12481 + + + + + + + + + + CVE-2016-6622 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6622.html + http://www.phpmyadmin.net/security/PMASA-2016-45/ + + + + + + + + + + CVE-2016-6623 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6623.html + http://www.phpmyadmin.net/security/PMASA-2016-46/ + + + + + + + + + + CVE-2016-6624 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6624.html + http://www.phpmyadmin.net/security/PMASA-2016-47/ + + + + + + + + + + CVE-2016-6625 on Ubuntu 20.04 (focal) - low. + An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6625.html + http://www.phpmyadmin.net/security/PMASA-2016-48/ + + + + + + + + + + CVE-2016-6626 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6626.html + http://www.phpmyadmin.net/security/PMASA-2016-49/ + + + + + + + + + + CVE-2016-6627 on Ubuntu 20.04 (focal) - low. + An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6627.html + http://www.phpmyadmin.net/security/PMASA-2016-50/ + + + + + + + + + + CVE-2016-6628 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6628.html + http://www.phpmyadmin.net/security/PMASA-2016-51/ + + + + + + + + + + CVE-2016-6629 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6629.html + http://www.phpmyadmin.net/security/PMASA-2016-52/ + + + + + + + + + + CVE-2016-6630 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6630.html + http://www.phpmyadmin.net/security/PMASA-2016-53/ + + + + + + + + + + CVE-2016-6632 on Ubuntu 20.04 (focal) - low. + An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6632.html + http://www.phpmyadmin.net/security/PMASA-2016-55/ + + + + + + + + + + CVE-2016-6633 on Ubuntu 20.04 (focal) - low. + An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6633.html + https://www.phpmyadmin.net/security/PMASA-2016-56/ + + + + + + + + + + CVE-2016-6634 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-08-07 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6634.html + http://codex.wordpress.org/Version_4.5 + https://core.trac.wordpress.org/query?status=closed&milestone=4.5 + + + + + + + + + + CVE-2016-6635 on Ubuntu 20.04 (focal) - medium. + Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-08-07 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6635.html + http://codex.wordpress.org/Version_4.5 + + + + + + + + + + CVE-2016-6762 on Ubuntu 20.04 (focal) - medium. + An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-12 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6762.html + https://source.android.com/security/bulletin/2016-12-01.html + + + + + + + + + + CVE-2016-6801 on Ubuntu 20.04 (focal) - medium. + Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-21 14:25:00 UTC + Lukas Reschke + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6801.html + http://svn.apache.org/r1758791 (2.4.x) + http://svn.apache.org/r1758771 (2.6.x) + http://svn.apache.org/r1758764 (2.8.x) + + + + + + + + + + CVE-2016-6802 on Ubuntu 20.04 (focal) - medium. + Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-20 19:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6802.html + http://openwall.com/lists/oss-security/2016/09/13/3 + + + + + + + + + + CVE-2016-6810 on Ubuntu 20.04 (focal) - medium. + In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-10 15:29:00 UTC + Toshitsugu Yoneyama + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6810.html + http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt + + + + + + + + + + CVE-2016-6814 on Ubuntu 20.04 (focal) - medium. + When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability. It was discovered that Apache Groovy incorrectly handled incorrectly handled serialization mechanisms. An attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851408 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6814.html + http://www.openwall.com/lists/oss-security/2017/01/14/3 + + + + ebarretto> groovy in Xenial is currently FTBFS. Also there's no more support ebarretto> from upstream to that version (1.8.6) + + + + + + + + + CVE-2016-6830 on Ubuntu 20.04 (focal) - medium. + The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-10 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6830.html + http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html + http://www.openwall.com/lists/oss-security/2016/08/18/2 + + + + + + + + + + CVE-2016-6831 on Ubuntu 20.04 (focal) - low. + The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-10 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6831.html + http://www.openwall.com/lists/oss-security/2016/08/18/2 + + + + ratliff> Fixed in same upstream patch as CVE-2016-6830 + + + + + + + + + CVE-2016-6896 on Ubuntu 20.04 (focal) - medium. + Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6896.html + http://seclists.org/oss-sec/2016/q3/347 + https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html + + + + + + + + + + CVE-2016-6897 on Ubuntu 20.04 (focal) - medium. + Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6897.html + http://seclists.org/oss-sec/2016/q3/347 + https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html + + + + + + + + + + CVE-2016-7030 on Ubuntu 20.04 (focal) - medium. + FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on. It was discovered that FreeIPA incorrectly handled authentication attempts. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 15:29:00 UTC + Petr Spacek + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7030.html + https://bugzilla.redhat.com/show_bug.cgi?id=1370493 + https://bugzilla.redhat.com/show_bug.cgi?id=1404910 (regression bug) + + + + + + + + + + CVE-2016-7046 on Ubuntu 20.04 (focal) - low. + Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-10-03 21:59:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7046 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7046.html + + + + + + + + + + CVE-2016-7050 on Ubuntu 20.04 (focal) - medium. + SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-08 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7050.html + + + + ebarretto> The SerializableProvider has been disabled by default in 3.0.17 + + + + + + + + + CVE-2016-7051 on Ubuntu 20.04 (focal) - medium. + XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-14 18:59:00 UTC + Adith Sudhakar + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7051.html + https://bugzilla.redhat.com/show_bug.cgi?id=1378673 + + + + + + + + + + CVE-2016-7068 on Ubuntu 20.04 (focal) - low. + An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-11 13:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1656931 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7068.html + https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/ + + + + + + + + + + + + + CVE-2016-7069 on Ubuntu 20.04 (focal) - untriaged. + An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-09-11 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872854 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7069.html + https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html + https://downloads.powerdns.com/patches/2017-01 + + + + + + + + + + CVE-2016-7072 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-10 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7072.html + https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/ + + + + + + + + + + CVE-2016-7073 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-11 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7073.html + https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ + + + + + + + + + + + + + CVE-2016-7074 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-11 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7074.html + https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ + + + + + + + + + + + + + CVE-2016-7075 on Ubuntu 20.04 (focal) - untriaged. + It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-09-10 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795652 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7075.html + https://github.com/kubernetes/kubernetes/issues/34517 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2016-7099 on Ubuntu 20.04 (focal) - medium. + The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a man-in-the-middle-attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-10-10 16:59:00 UTC + mikesalvatore + Alexander Minozhenko and James Bunton + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7099.html + https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ + + + + + + + + + + CVE-2016-7102 on Ubuntu 20.04 (focal) - low. + ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7102.html + https://owncloud.org/security/advisory/?id=oc-sa-2016-016 + + + + tyhicks> May be specific to Windows + + + + + + + + + CVE-2016-7103 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7103.html + https://nodesecurity.io/advisories/127 + https://github.com/jquery/jquery-ui/pull/1622 + https://github.com/jquery/jquery-ui/pull/1632 + https://github.com/jquery/api.jqueryui.com/issues/281 + + + + + + + + + + CVE-2016-7115 on Ubuntu 20.04 (focal) - low. + Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet. It was discovered that mactelnet mishandled certain input. If a victim were tricked into connecting to a malicious telnet server, a remote, unauthenticated attacker could execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-08-30 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7115.html + https://github.com/haakonnessjoen/MAC-Telnet/commit/b69d11727d4f0f8cf719c79e3fb700f55ca03e9a + https://github.com/haakonnessjoen/MAC-Telnet/pull/20 + + + + + + + + + + CVE-2016-7142 on Ubuntu 20.04 (focal) - medium. + The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-26 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836706 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7142.html + http://www.inspircd.org/2016/09/03/v2023-released.html + http://www.openwall.com/lists/oss-security/2016/09/04/3 + + + + + + + + + + CVE-2016-7143 on Ubuntu 20.04 (focal) - medium. + The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. It was discovered that Charybdis incorrectly handled AUTHENTICATE parameters. An attacker could possibly use this issue to log in as another user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-21 14:25:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836714 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7143.html + + + + + + + + + + CVE-2016-7151 on Ubuntu 20.04 (focal) - medium. + Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-15 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7151.html + https://github.com/aquynh/capstone/commit/87a25bb543c8e4c09b48d4b4a6c7db31ce58df06 + https://github.com/aquynh/capstone/pull/725 + + + + + + + + + + CVE-2016-7164 on Ubuntu 20.04 (focal) - low. + The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-07 15:59:00 UTC + https://github.com/arvidn/libtorrent/issues/1021 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7164.html + + + + + + + + + + CVE-2016-7168 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-05 02:59:00 UTC + Cengiz Han Sahin + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7168.html + https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/ + + + + + + + + + + CVE-2016-7169 on Ubuntu 20.04 (focal) - medium. + Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-05 02:59:00 UTC + Dominik Schilling + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7169.html + https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/ + + + + + + + + + + CVE-2016-7395 on Ubuntu 20.04 (focal) - medium. + SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-09-11 10:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7395.html + https://codereview.chromium.org/2006143009 + https://crbug.com/613918 + https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html + + + + chrisccoulson> Fixed in the Skia bundled with Firefox since at least 50.0. Thunderbird has an older version of Skia in which this code doesn't exist + + + + + + + + + + + + CVE-2016-7398 on Ubuntu 20.04 (focal) - medium. + A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7398.html + https://bugs.php.net/bug.php?id=73055 + https://bugs.php.net/bug.php?id=73055&edit=1 + https://github.com/m6w6/ext-http/commit/17137d4ab1ce81a2cee0fae842340a344ef3da83 + + + + + + + + + + CVE-2016-7404 on Ubuntu 20.04 (focal) - medium. + OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-21 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7404.html + https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22 + + + + + + + + + + CVE-2016-7406 on Ubuntu 20.04 (focal) - low. + Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7406.html + https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb + http://www.openwall.com/lists/oss-security/2016/09/14/7 + + + + + + + + + + CVE-2016-7407 on Ubuntu 20.04 (focal) - medium. + The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7407.html + https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e + http://www.openwall.com/lists/oss-security/2016/09/14/7 + + + + + + + + + + CVE-2016-7408 on Ubuntu 20.04 (focal) - low. + The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7408.html + https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6 + http://www.openwall.com/lists/oss-security/2016/09/14/7 + + + + + + + + + + CVE-2016-7409 on Ubuntu 20.04 (focal) - low. + The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7409.html + https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04 + http://www.openwall.com/lists/oss-security/2016/09/14/7 + + + + + + + + + + CVE-2016-7438 on Ubuntu 20.04 (focal) - medium. + The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 16:59:00 UTC + Gorka Irazoqui Apecechea and Xiaofei Guo + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7438.html + https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html + + + + + + + + + + CVE-2016-7439 on Ubuntu 20.04 (focal) - medium. + The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 16:59:00 UTC + Gorka Irazoqui Apecechea and Xiaofei Guo + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7439.html + https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html + + + + + + + + + + CVE-2016-7550 on Ubuntu 20.04 (focal) - medium. + asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-23 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838833 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7550.html + http://downloads.asterisk.org/pub/security/AST-2016-006.html + + + + + + + + + + CVE-2016-7551 on Ubuntu 20.04 (focal) - medium. + chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-17 16:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7551.html + http://downloads.asterisk.org/pub/security/AST-2016-007.html + + + + + + + + + + CVE-2016-7569 on Ubuntu 20.04 (focal) - medium. + Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-27 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7569.html + http://www.openwall.com/lists/oss-security/2016/09/28 + + + + + + + + + + CVE-2016-7944 on Ubuntu 20.04 (focal) - low. + Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + Tobias Stoeckmann + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840442 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7944.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + https://lists.x.org/archives/xorg-announce/2016-October/002720.html + + + + msalvatore> patch released in 1:5.0.1-2+deb8u1 + + + + + + + + + CVE-2016-7945 on Ubuntu 20.04 (focal) - low. + Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + Tobias Stoeckmann + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7945.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + https://lists.x.org/archives/xorg-announce/2016-October/002720.html + + + + sbeattie> same commit for CVE-2016-7946 mdeslaur> possible regression: https://bugs.freedesktop.org/show_bug.cgi?id=98204 + + + + + + + + + CVE-2016-7946 on Ubuntu 20.04 (focal) - low. + X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + Tobias Stoeckmann + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840440 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7946.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + https://lists.x.org/archives/xorg-announce/2016-October/002720.html + + + + sbeattie> same commit as CVE-2016-7945 mdeslaur> possible regression: https://bugs.freedesktop.org/show_bug.cgi?id=98204 + + + + + + + + + CVE-2016-7947 on Ubuntu 20.04 (focal) - low. + Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + Tobias Stoeckmann + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7947.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + https://lists.x.org/archives/xorg-announce/2016-October/002720.html + + + + mdeslaur> https://wiki.ubuntu.com/1204_HWE_EOL + + + + + + + + + CVE-2016-7948 on Ubuntu 20.04 (focal) - low. + X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + Tobias Stoeckmann + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7948.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + https://lists.x.org/archives/xorg-announce/2016-October/002720.html + + + + mdeslaur> https://wiki.ubuntu.com/1204_HWE_EOL sbeattie> same commit as CVE-2016-7947 + + + + + + + + + CVE-2016-7949 on Ubuntu 20.04 (focal) - low. + Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + Tobias Stoeckmann + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7949.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + https://lists.x.org/archives/xorg-announce/2016-October/002720.html + + + + + + + + + + CVE-2016-7950 on Ubuntu 20.04 (focal) - low. + The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + Tobias Stoeckmann + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7950.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + https://lists.x.org/archives/xorg-announce/2016-October/002720.html + + + + + + + + + + CVE-2016-7951 on Ubuntu 20.04 (focal) - low. + Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + Tobias Stoeckmann + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7951.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + https://lists.x.org/archives/xorg-announce/2016-October/002720.html + + + + sbeattie> same commit as CVE-2016-7952 msalatore> patch released in 2:1.2.2-1+deb8u1 + + + + + + + + + CVE-2016-7952 on Ubuntu 20.04 (focal) - low. + X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + Tobias Stoeckmann + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7952.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + https://lists.x.org/archives/xorg-announce/2016-October/002720.html + + + + sbeattie> same commit as CVE-2016-7951 msalatore> patch released in 2:1.2.2-1+deb8u1 + + + + + + + + + CVE-2016-7953 on Ubuntu 20.04 (focal) - low. + Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-13 20:59:00 UTC + Tobias Stoeckmann + https://launchpad.net/bugs/1691532 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840445 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7953.html + http://www.openwall.com/lists/oss-security/2016/10/04/4 + + + + + + + + + + CVE-2016-7954 on Ubuntu 20.04 (focal) - medium. + Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-22 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7954.html + http://www.openwall.com/lists/oss-security/2016/10/04/5 + http://www.openwall.com/lists/oss-security/2016/10/05/3 + + + + sbeattie> does not look like upstream is able to fix for 1.x due to lockfile format. ebarretto> No available fix for 1.x as of 2018-12-05 + + + + + + + + + CVE-2016-7969 on Ubuntu 20.04 (focal) - low. + The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." It was discovered that LibASS incorrectly handled certain ASS files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 16:59:00 UTC + https://github.com/libass/libass/pull/240 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7969.html + http://www.openwall.com/lists/oss-security/2016/10/05/2 + + + + + + + + + + CVE-2016-7970 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. It was discovered that LibASS incorrectly handled certain ASS files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 16:59:00 UTC + Brandon Perry + https://github.com/libass/libass/pull/240 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7970.html + http://www.openwall.com/lists/oss-security/2016/10/05/2 + + + + sbeattie> vulnerable code introduced in 0.13.0 + + + + + + + + + CVE-2016-7972 on Ubuntu 20.04 (focal) - medium. + The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. It was discovered that LibASS incorrectly handled certain ASS files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 16:59:00 UTC + Brandon Perry + https://github.com/libass/libass/pull/240 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7972.html + http://www.openwall.com/lists/oss-security/2016/10/05/2 + + + + + + + + + + CVE-2016-7980 on Ubuntu 20.04 (focal) - medium. + Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7980.html + https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x) + https://core.spip.net/projects/spip/repository/revisions/23202 (3.0.x) + + + + + + + + + + CVE-2016-7981 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7981.html + https://core.spip.net/projects/spip/repository/revisions/23200 + https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x) + https://core.spip.net/projects/spip/repository/revisions/23202 (3.0.x) + + + + + + + + + + CVE-2016-7982 on Ubuntu 20.04 (focal) - medium. + Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7982.html + https://core.spip.net/projects/spip/repository/revisions/23200 + https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x) + https://core.spip.net/projects/spip/repository/revisions/23202 (3.0.x) + + + + + + + + + + CVE-2016-7998 on Ubuntu 20.04 (focal) - medium. + The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 17:59:00 UTC + Nicolas Chatelain + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7998.html + http://www.openwall.com/lists/oss-security/2016/10/12/9 + + + + + + + + + + CVE-2016-7999 on Ubuntu 20.04 (focal) - medium. + ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 17:59:00 UTC + Nicolas Chatelain + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7999.html + + + + + + + + + + CVE-2016-8568 on Ubuntu 20.04 (focal) - medium. + The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. It was discovered that libgit2 mishandled certain malformed git objects. A remove attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-03 15:59:00 UTC + mikesalvatore + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8568.html + + + + + + + + + + CVE-2016-8569 on Ubuntu 20.04 (focal) - low. + The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. It was discovered that libgit2 mishandled certain malformed git objects. A remove attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-03 15:59:00 UTC + mikesalvatore + https://github.com/libgit2/libgit2/issues/3937 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8569.html + + + + + + + + + + CVE-2016-8579 on Ubuntu 20.04 (focal) - medium. + docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-10-28 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840711 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8579.html + https://github.com/appc/docker2aci/issues/203 + https://github.com/lucab/docker2aci/commit/54331ec7020e102935c31096f336d31f6400064f + + + + + + + + + + CVE-2016-8605 on Ubuntu 20.04 (focal) - low. + The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-12 22:59:00 UTC + Ludovic Courtès + http://bugs.gnu.org/24659 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8605.html + + + + + + + + + + CVE-2016-8606 on Ubuntu 20.04 (focal) - low. + The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-12 22:59:00 UTC + Christopher Allan Webber + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8606.html + + + + + + + + + + CVE-2016-8614 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-31 21:29:00 UTC + Robin Schneider + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8614.html + https://github.com/ansible/ansible-modules-core/issues/5237 + https://github.com/ansible/ansible-modules-core/pull/5353 + https://github.com/ansible/ansible-modules-core/pull/5357 + + + + + + + + + + CVE-2016-8637 on Ubuntu 20.04 (focal) - medium. + A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-01 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8637.html + + + + + + + + + + CVE-2016-8640 on Ubuntu 20.04 (focal) - medium. + A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-01 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8640.html + https://github.com/geopython/pycsw/pull/474/files + https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch + + + + + + + + + + CVE-2016-8647 on Ubuntu 20.04 (focal) - low. + An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-26 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844691 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8647.html + https://github.com/ansible/ansible-modules-core/pull/5388 + + + + sbeattie> fails on mysql forks percona 5.7 and newer, all mariadb + + + + + + + + + CVE-2016-8660 on Ubuntu 20.04 (focal) - medium. + The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-10-16 21:59:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1384851 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8660.html + http://www.openwall.com/lists/oss-security/2016/10/13/8 + https://marc.info/?l=linux-xfs&m=149498118228320&w=2 + https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2 + https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/ + + + + tyhicks> As of 2018-09-12, there is no upstream fix available and upstream disputes the security impact of this issue (see linux-fsdevel reference above) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2016-8674 on Ubuntu 20.04 (focal) - medium. + The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-15 21:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840957 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8674.html + http://bugs.ghostscript.com/show_bug.cgi?id=697015 + http://bugs.ghostscript.com/show_bug.cgi?id=697019 + + + + + + + + + + CVE-2016-8679 on Ubuntu 20.04 (focal) - medium. + The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-15 21:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840958 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8679.html + http://www.openwall.com/lists/oss-security/2016/10/08/11 + https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13 + https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2 + + + + + + + + + + CVE-2016-8680 on Ubuntu 20.04 (focal) - medium. + The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-15 21:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840960 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8680.html + http://www.openwall.com/lists/oss-security/2016/10/08/12 + https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2 + + + + + + + + + + CVE-2016-8681 on Ubuntu 20.04 (focal) - medium. + The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-15 21:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840961 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8681.html + https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13 + https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2 + http://www.openwall.com/lists/oss-security/2016/10/08/13 + + + + + + + + + + CVE-2016-8686 on Ubuntu 20.04 (focal) - low. + The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-31 22:59:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8686.html + https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure + + + + tyhicks> inkscape in xenial and earlier embeds libpotrace (LP: #1156664) mdeslaur> potrace in inkscape works on bitmaps already loaded, not mdeslaur> arbitrary images. Marking as not-affected for inkscape. + + + + + + + + + CVE-2016-8859 on Ubuntu 20.04 (focal) - medium. + Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-13 18:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8859.html + http://www.openwall.com/lists/oss-security/2016/10/19/1 + + + + + + + + + + + + + CVE-2016-9011 on Ubuntu 20.04 (focal) - low. + The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-23 18:59:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9011.html + http://www.openwall.com/lists/oss-security/2016/10/18/9 + https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c + https://github.com/asarubbo/poc/blob/master/00015-libwmf-memalloc-wmf_malloc (reproducer) + https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=842090;filename=libwmf-0.2.8.4-CVE-2016-9011-debian.patch;msg=10 + + + + leosilva> debian fixed that with the debian proposed patch. + + + + + + + + + CVE-2016-9036 on Ubuntu 20.04 (focal) - medium. + An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-23 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9036.html + https://github.com/tarantool/tarantool/issues/1991 + https://github.com/tarantool/tarantool/commit/feb8ff9223e240afd3e195026bb42aded49f9a6c + + + + + + + + + + CVE-2016-9037 on Ubuntu 20.04 (focal) - medium. + An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-23 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9037.html + https://github.com/tarantool/tarantool/issues/1992 + https://github.com/tarantool/tarantool/commit/6dff383817ba490fff93aa1a7b32c8ad4476feec + + + + + + + + + + CVE-2016-9082 on Ubuntu 20.04 (focal) - low. + Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-03 15:59:00 UTC + Gustavo Grieco + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842289 + https://bugs.freedesktop.org/show_bug.cgi?id=98165 + https://bugs.launchpad.net/ubuntu/+source/cairo/+bug/1639372 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9082.html + http://www.openwall.com/lists/oss-security/2016/10/06/1 + + + + + + + + + + CVE-2016-9113 on Ubuntu 20.04 (focal) - low. + There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-10-30 22:59:00 UTC + https://github.com/uclouvain/openjpeg/issues/856 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9113.html + + + + + + + + + + CVE-2016-9114 on Ubuntu 20.04 (focal) - low. + There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-10-30 22:59:00 UTC + https://github.com/uclouvain/openjpeg/issues/857 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9114.html + + + + + + + + + + CVE-2016-9115 on Ubuntu 20.04 (focal) - low. + Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-10-30 22:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844554 + https://bugzilla.redhat.com/show_bug.cgi?id=1390231 + https://github.com/uclouvain/openjpeg/issues/858 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9115.html + https://vuldb.com/?id.93190 + + + + + + + + + + CVE-2016-9116 on Ubuntu 20.04 (focal) - low. + NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-10-30 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9116.html + https://github.com/uclouvain/openjpeg/issues/859 + + + + + + + + + + CVE-2016-9117 on Ubuntu 20.04 (focal) - low. + NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-10-30 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9117.html + https://github.com/uclouvain/openjpeg/issues/860 + + + + + + + + + + CVE-2016-9139 on Ubuntu 20.04 (focal) - low. + Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-17 02:59:00 UTC + Jakub Żoczek + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9139.html + https://www.otrs.com/security-advisory-2016-02-security-update-otrs/ + http://www.openwall.com/lists/oss-security/2016/11/01/5 + + + + + + + + + + CVE-2016-9179 on Ubuntu 20.04 (focal) - low. + lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. It was discovered that Lynx incorrectly handled certain URLs. A remote attacker could possibly use this issue to connect to a different host. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-22 21:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9179.html + http://www.openwall.com/lists/oss-security/2016/11/03/4 + + + + ratliff> note that the URL must end in / or the attack won't work + + + + + + + + + CVE-2016-9180 on Ubuntu 20.04 (focal) - low. + perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-22 21:59:00 UTC + Doran Moppert + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842893 + https://rt.cpan.org/Public/Bug/Display.html?id=118097 + https://bugzilla.redhat.com/show_bug.cgi?id=1379553 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9180.html + http://www.openwall.com/lists/oss-security/2016/11/02/1 + + + + mdeslaur> as of 2017-08-01, no upstream fix + + + + + + + + + CVE-2016-9181 on Ubuntu 20.04 (focal) - medium. + perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-22 21:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842891 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9181.html + https://rt.cpan.org/Public/Bug/Display.html?id=118099 + https://bugzilla.redhat.com/show_bug.cgi?id=1379556 + http://www.openwall.com/lists/oss-security/2016/11/02/1 + + + + + + + + + + CVE-2016-9276 on Ubuntu 20.04 (focal) - medium. + The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-23 18:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844011 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9276.html + https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/ + https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c + + + + + + + + + + CVE-2016-9400 on Ubuntu 20.04 (focal) - medium. + The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-22 16:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844546 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9400.html + https://www.teeworlds.com/?page=news&id=12086 + http://www.openwall.com/lists/oss-security/2016/11/16/8 + + + + + + + + + + CVE-2016-9480 on Ubuntu 20.04 (focal) - medium. + libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-11-29 23:59:00 UTC + Shi Ji + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9480.html + https://sourceforge.net/p/libdwarf/bugs/5/ + https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/ + https://www.prevanders.net/dwarfbug.html + + + + + + + + + + CVE-2016-9487 on Ubuntu 20.04 (focal) - medium. + EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9487.html + https://github.com/IDPF/epubcheck/releases/tag/v4.0.2 + + + + + + + + + + CVE-2016-9558 on Ubuntu 20.04 (focal) - medium. + (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-28 18:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845408 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9558.html + https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c + + + + + + + + + + CVE-2016-9575 on Ubuntu 20.04 (focal) - medium. + Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. It was discovered that FreeIPA incorrectly handled user's permissions. An authenticated attacker could possibly use this issue to modify other user's profiles or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 13:29:00 UTC + Liam Campbell + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9575.html + https://bugzilla.redhat.com/show_bug.cgi?id=1395311 + + + + + + + + + + CVE-2016-9584 on Ubuntu 20.04 (focal) - low. + libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 17:59:00 UTC + Agustin Mista + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9584.html + http://www.openwall.com/lists/oss-security/2016/12/15/5 + + + + + + + + + + CVE-2016-9590 on Ubuntu 20.04 (focal) - low. + puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-26 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851293 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9590.html + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590 + + + + + + + + + + CVE-2016-9606 on Ubuntu 20.04 (focal) - medium. + JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-09 20:29:00 UTC + Moritz Bechler + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851430 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9606.html + https://issues.jboss.org/browse/RESTEASY-1618 + https://bugzilla.redhat.com/show_bug.cgi?id=1400644 + + + + sbeattie> in some places, incorrectly referred to as CVE-2016-9571 due to a double assignment msalvatore> Can be mitigated by adding authentiation and authorization to any endpoint expecting Yaml content or disabling YamlProvider. + + + + + + + + + CVE-2016-9642 on Ubuntu 20.04 (focal) - medium. + JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-03 15:59:00 UTC + 2017-02-03 + Gustavo Grieco + https://bugs.webkit.org/show_bug.cgi?id=164000 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9642.html + http://www.openwall.com/lists/oss-security/2016/11/26/4 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + + + + + + + + + + CVE-2016-9643 on Ubuntu 20.04 (focal) - medium. + The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-07 16:59:00 UTC + 2017-03-07 + Gustavo Grieco + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9643.html + http://www.openwall.com/lists/oss-security/2016/11/26/5 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + + + + + + + + + + CVE-2016-9645 on Ubuntu 20.04 (focal) - medium. + The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-10 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9645.html + https://ikiwiki.info/security/#cve-2016-9645 + http://www.openwall.com/lists/oss-security/2016/12/29/3 + + + + + + + + + + CVE-2016-9646 on Ubuntu 20.04 (focal) - medium. + ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-13 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9646.html + https://ikiwiki.info/security/#cve-2016-9646 + http://www.openwall.com/lists/oss-security/2016/12/29/3 + + + + + + + + + + CVE-2016-9772 on Ubuntu 20.04 (focal) - medium. + OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-06 17:59:00 UTC + Mark Vitale + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9772.html + https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt + http://www.openwall.com/lists/oss-security/2016/12/01/12 + + + + + + + + + + CVE-2016-9797 on Ubuntu 20.04 (focal) - negligible. + In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-03 06:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9797.html + https://www.spinics.net/lists/linux-bluetooth/msg68892.html + + + + mdeslaur> as of 2020-02-07, appears unfixed mdeslaur> crash in hcidump command line tool only + + + + + + + + + CVE-2016-9798 on Ubuntu 20.04 (focal) - negligible. + In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-03 06:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9798.html + https://www.spinics.net/lists/linux-bluetooth/msg68892.html + + + + mdeslaur> as of 2020-02-07, appears unfixed mdeslaur> crash in hcidump command line tool only + + + + + + + + + CVE-2016-9799 on Ubuntu 20.04 (focal) - negligible. + In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-03 06:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9799.html + https://www.spinics.net/lists/linux-bluetooth/msg68898.html + + + + mdeslaur> as of 2020-02-07, appears unfixed mdeslaur> crash in hcidump command line tool only + + + + + + + + + CVE-2016-9800 on Ubuntu 20.04 (focal) - negligible. + In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-03 06:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9800.html + https://www.spinics.net/lists/linux-bluetooth/msg68892.html + + + + mdeslaur> as of 2020-02-07, appears unfixed mdeslaur> crash in hcidump command line tool only + + + + + + + + + CVE-2016-9801 on Ubuntu 20.04 (focal) - negligible. + In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-03 06:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9801.html + https://www.spinics.net/lists/linux-bluetooth/msg68892.html + + + + mdeslaur> as of 2020-02-07, appears unfixed mdeslaur> crash in hcidump command line tool only + + + + + + + + + CVE-2016-9802 on Ubuntu 20.04 (focal) - negligible. + In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-03 06:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9802.html + https://www.spinics.net/lists/linux-bluetooth/msg68898.html + + + + mdeslaur> as of 2020-02-07, appears unfixed mdeslaur> crash in hcidump command line tool only + + + + + + + + + CVE-2016-9803 on Ubuntu 20.04 (focal) - negligible. + In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-03 06:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9803.html + https://www.spinics.net/lists/linux-bluetooth/msg68892.html + + + + mdeslaur> as of 2020-02-07, appears unfixed mdeslaur> crash in hcidump command line tool only + + + + + + + + + CVE-2016-9804 on Ubuntu 20.04 (focal) - negligible. + In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-03 06:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9804.html + https://www.spinics.net/lists/linux-bluetooth/msg68892.html + + + + mdeslaur> as of 2020-02-07, appears unfixed mdeslaur> crash in hcidump command line tool only + + + + + + + + + CVE-2016-9809 on Ubuntu 20.04 (focal) - low. + Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. Hanno Böck discovered that GStreamer Bad Plug-ins incorrectly handled AVC formatted files. An attacker could exploit this with a crafted AVC formatted media file to cause a denial of service, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-13 16:59:00 UTC + Hanno Boeck + https://bugzilla.gnome.org/show_bug.cgi?id=774896 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9809.html + http://www.openwall.com/lists/oss-security/2016/12/01/2 + + + + + + + + + + CVE-2016-9812 on Ubuntu 20.04 (focal) - low. + The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-13 16:59:00 UTC + Hanno Böck + https://bugzilla.gnome.org/show_bug.cgi?id=775048 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9812.html + http://www.openwall.com/lists/oss-security/2016/12/01/2 + + + + + + + + + + CVE-2016-9813 on Ubuntu 20.04 (focal) - low. + The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-13 16:59:00 UTC + Hanno Böck + https://bugzilla.gnome.org/show_bug.cgi?id=775120 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9813.html + http://www.openwall.com/lists/oss-security/2016/12/05/8 + + + + + + + + + + CVE-2016-9840 on Ubuntu 20.04 (focal) - low. + inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-23 04:29:00 UTC + 2017-05-23 04:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9840.html + http://www.openwall.com/lists/oss-security/2016/12/05/10 + https://ubuntu.com/security/notices/USN-4246-1 + https://ubuntu.com/security/notices/USN-4292-1 + + + + ebarretto> since v3.1.1-1, rsync uses the included zlib instead of system zlib + + + + + + + + + + + + CVE-2016-9841 on Ubuntu 20.04 (focal) - low. + inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-23 04:29:00 UTC + 2017-05-23 04:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9841.html + http://www.openwall.com/lists/oss-security/2016/12/05/21 + https://ubuntu.com/security/notices/USN-4246-1 + https://ubuntu.com/security/notices/USN-4292-1 + + + + ebarretto> since v3.1.1-1, rsync uses the included zlib instead of system zlib + + + + + + + + + + + + CVE-2016-9842 on Ubuntu 20.04 (focal) - low. + The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-23 04:29:00 UTC + 2017-05-23 04:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847274 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9842.html + http://www.openwall.com/lists/oss-security/2016/12/05/10 + https://ubuntu.com/security/notices/USN-4246-1 + https://ubuntu.com/security/notices/USN-4292-1 + + + + ebarretto> since v3.1.1-1, rsync uses the included zlib instead of system zlib + + + + + + + + + + + + CVE-2016-9843 on Ubuntu 20.04 (focal) - low. + The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-23 04:29:00 UTC + 2017-05-23 04:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847275 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9843.html + http://www.openwall.com/lists/oss-security/2016/12/05/21 + https://ubuntu.com/security/notices/USN-4246-1 + https://ubuntu.com/security/notices/USN-4292-1 + + + + ebarretto> since v3.1.1-1, rsync uses the included zlib instead of system zlib + + + + + + + + + + + + CVE-2016-9847 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9847.html + https://www.phpmyadmin.net/security/PMASA-2016-58/ + + + + + + + + + + CVE-2016-9848 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9848.html + https://www.phpmyadmin.net/security/PMASA-2016-59/ + + + + + + + + + + CVE-2016-9849 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9849.html + https://www.phpmyadmin.net/security/PMASA-2016-60/ + + + + + + + + + + CVE-2016-9850 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9850.html + https://www.phpmyadmin.net/security/PMASA-2016-61/ + + + + + + + + + + CVE-2016-9851 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9851.html + https://www.phpmyadmin.net/security/PMASA-2016-62/ + + + + + + + + + + CVE-2016-9852 on Ubuntu 20.04 (focal) - low. + An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9852.html + https://www.phpmyadmin.net/security/PMASA-2016-63/ + + + + + + + + + + CVE-2016-9853 on Ubuntu 20.04 (focal) - low. + An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9853.html + https://www.phpmyadmin.net/security/PMASA-2016-63/ + + + + + + + + + + CVE-2016-9854 on Ubuntu 20.04 (focal) - low. + An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9854.html + https://www.phpmyadmin.net/security/PMASA-2016-63/ + + + + + + + + + + CVE-2016-9855 on Ubuntu 20.04 (focal) - low. + An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9855.html + https://www.phpmyadmin.net/security/PMASA-2016-63/ + + + + + + + + + + CVE-2016-9856 on Ubuntu 20.04 (focal) - low. + An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9856.html + https://www.phpmyadmin.net/security/PMASA-2016-64/ + + + + + + + + + + CVE-2016-9857 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9857.html + https://www.phpmyadmin.net/security/PMASA-2016-64/ + + + + + + + + + + CVE-2016-9858 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9858.html + https://www.phpmyadmin.net/security/PMASA-2016-65/ + + + + + + + + + + CVE-2016-9859 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 02:59:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9859.html + https://www.phpmyadmin.net/security/PMASA-2016-65/ + + + + + + + + + + CVE-2016-9860 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 03:00:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9860.html + https://www.phpmyadmin.net/security/PMASA-2016-65/ + + + + + + + + + + CVE-2016-9861 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 03:00:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9861.html + https://www.phpmyadmin.net/security/PMASA-2016-66/ + + + + + + + + + + CVE-2016-9864 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 03:00:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9864.html + https://www.phpmyadmin.net/security/PMASA-2016-69/ + + + + + + + + + + CVE-2016-9865 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 03:00:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9865.html + https://www.phpmyadmin.net/security/PMASA-2016-70/ + + + + + + + + + + CVE-2016-9866 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-11 03:00:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9866.html + https://www.phpmyadmin.net/security/PMASA-2016-71/ + + + + + + + + + + CVE-2016-9878 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. It was discovered that Spring Framework incorrectly handled path inputs. An attacker could possibly use this issue to read arbitrary files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-29 09:59:00 UTC + Shumpei Asahara and Yuji Ito + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849167 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9878.html + https://pivotal.io/security/cve-2016-9878 + https://jira.spring.io/browse/SPR-14946 + + + + + + + + + + CVE-2016-9888 on Ubuntu 20.04 (focal) - low. + An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-08 08:59:00 UTC + Behzad Najjarpour Jabbari + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9888.html + https://secunia.com/advisories/71201/ + https://secunia.com/secunia_research/2016-17/ + + + + + + + + + + CVE-2016-9909 on Ubuntu 20.04 (focal) - low. + The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-22 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9909.html + https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068 + http://www.openwall.com/lists/oss-security/2016/12/06/5 + https://github.com/html5lib/html5lib-python/issues/11 + https://github.com/html5lib/html5lib-python/issues/12 + + + + sbeattie> same commit as CVE-2016-9910 sbeattie> fix changes externally visible api from True|False boolean to a ternary value, which will break users. + + + + + + + + + CVE-2016-9910 on Ubuntu 20.04 (focal) - low. + The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-22 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9910.html + https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068 + http://www.openwall.com/lists/oss-security/2016/12/06/5 + + + + sbeattie> same commit as CVE-2016-9909 sbeattie> fix changes externally visible api from True|False boolean to a ternary value, which will break users. + + + + + + + + + CVE-2016-9917 on Ubuntu 20.04 (focal) - negligible. + In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-08 08:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9917.html + https://www.spinics.net/lists/linux-bluetooth/msg68892.html + + + + mdeslaur> as of 2020-02-07, appears unfixed mdeslaur> crash in hcidump command line tool only + + + + + + + + + CVE-2016-9918 on Ubuntu 20.04 (focal) - negligible. + In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2016 Canonical Ltd. + 2016-12-08 08:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847837 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9918.html + https://www.spinics.net/lists/linux-bluetooth/msg68898.html + + + + mdeslaur> as of 2020-02-07, appears unfixed mdeslaur> crash in hcidump command line tool only + + + + + + + + + CVE-2016-9920 on Ubuntu 20.04 (focal) - medium. + steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-08 18:59:00 UTC + Robin Peraglie + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847287 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9920.html + https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ + http://www.openwall.com/lists/oss-security/2016/12/08/10 + https://roundcube.net/news/2016/11/28/updates-1.2.3-and-1.1.7-released + + + + + + + + + + CVE-2016-9938 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-12 21:59:00 UTC + Walter Doekes + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847668 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9938.html + http://downloads.asterisk.org/pub/security/AST-2016-009.html + https://issues.asterisk.org/jira/browse/ASTERISK-26433 + + + + + + + + + + CVE-2016-9964 on Ubuntu 20.04 (focal) - medium. + redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. It was discovered that Bottle improperly handles headers. An attacker could possibly exploit this as a CRLF attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-16 09:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848392 + https://github.com/bottlepy/bottle/issues/913 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9964.html + + + + + + + + + + CVE-2016-9969 on Ubuntu 20.04 (focal) - medium. + In libwebp 0.5.1, there is a double free bug in libwebpmux. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-23 18:29:00 UTC + chrisccoulson + https://bugs.chromium.org/p/webp/issues/detail?id=322 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9969.html + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + + CVE-2016-9997 on Ubuntu 20.04 (focal) - medium. + SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-17 03:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848641 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9997.html + https://core.spip.net/projects/spip/repository/revisions/23288 + + + + + + + + + + CVE-2016-9998 on Ubuntu 20.04 (focal) - medium. + SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-12-17 03:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848641 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9998.html + https://core.spip.net/projects/spip/repository/revisions/23288 + + + + + + + + + + CVE-2017-0356 on Ubuntu 20.04 (focal) - medium. + A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-13 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0356.html + https://ikiwiki.info/security/#cve-2017-0356 + + + + + + + + + + CVE-2017-0360 on Ubuntu 20.04 (focal) - medium. + file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-04 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0360.html + https://lists.debian.org/debian-security-announce/2017/msg00084.html + + + + + + + + + + CVE-2017-0373 on Ubuntu 20.04 (focal) - medium. + The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-23 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0373.html + https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773 + + + + + + + + + + CVE-2017-0374 on Ubuntu 20.04 (focal) - medium. + lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-23 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0374.html + https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573 + + + + + + + + + + CVE-2017-0378 on Ubuntu 20.04 (focal) - medium. + XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868988 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0378.html + https://github.com/lota/phamm/issues/21 + + + + + + + + + + CVE-2017-0537 on Ubuntu 20.04 (focal) - low. + An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-08 01:59:00 UTC + Alexander Potapenko + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0537.html + https://source.android.com/security/bulletin/2017-01-01.html + https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0 + https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t + + + + sbeattie> see android patch above sbeattie> drivers/usb/gadget/configfs.c::usb_string_copy() tyhicks> Patch submitter never verified that this was an issue on pure Linux and upstream thinks that it could potentially be an issue in Android-specific kernel changes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2017-0647 on Ubuntu 20.04 (focal) - low. + An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-14 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0647.html + https://source.android.com/security/bulletin/2017-06-01 + + + + + + + + + + CVE-2017-0664 on Ubuntu 20.04 (focal) - low. + A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-06 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0664.html + https://source.android.com/security/bulletin/2017-07-01 + + + + sbeattie> code not built in android-platform-frameworks-base + + + + + + + + + CVE-2017-0665 on Ubuntu 20.04 (focal) - low. + A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-06 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0665.html + https://source.android.com/security/bulletin/2017-07-01 + + + + + + + + + + + + + CVE-2017-0666 on Ubuntu 20.04 (focal) - low. + A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-06 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0666.html + https://source.android.com/security/bulletin/2017-07-01 + + + + + + + + + + + + + CVE-2017-0667 on Ubuntu 20.04 (focal) - low. + A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-06 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0667.html + https://source.android.com/security/bulletin/2017-07-01 + + + + + + + + + + + + + CVE-2017-0668 on Ubuntu 20.04 (focal) - low. + A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-06 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0668.html + https://source.android.com/security/bulletin/2017-07-01 + + + + + + + + + + + + + CVE-2017-0669 on Ubuntu 20.04 (focal) - low. + A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-06 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0669.html + https://source.android.com/security/bulletin/2017-07-01 + + + + + + + + + + + + + CVE-2017-0670 on Ubuntu 20.04 (focal) - low. + A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-06 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0670.html + https://source.android.com/security/bulletin/2017-07-01 + + + + sbeattie> probably should be ignored, code does not look to present in these packages. + + + + + + + + + + + + CVE-2017-0691 on Ubuntu 20.04 (focal) - low. + A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-06 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0691.html + https://source.android.com/security/bulletin/2017-07-01 + https://android.googlesource.com/platform/external/dng_sdk/+/c70264282305351abbec9b967333db4d896583b9 + + + + sbeattie> google commit points to a fix in an embedded copy of Adobe DNG Software Development Kit (SDK). digikam apparently also has an embedded copy of this software in the kipi-plugins package for DNGconverter. Vuln is an integer overflow, so possibly more than a DoS. + + + + + + + + + CVE-2017-0822 on Ubuntu 20.04 (focal) - medium. + An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-04 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0822.html + + + + + + + + + + CVE-2017-0841 on Ubuntu 20.04 (focal) - medium. + A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-16 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0841.html + https://source.android.com/security/bulletin/2017-11-01 + + + + + + + + + + CVE-2017-0899 on Ubuntu 20.04 (focal) - negligible. + RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-31 20:29:00 UTC + 2017-08-31 + Yusuke Endoh + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873802 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0899.html + https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ + http://blog.rubygems.org/2017/08/27/2.6.13-released.html + https://ubuntu.com/security/notices/USN-3439-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2017-0900 on Ubuntu 20.04 (focal) - negligible. + RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-31 20:29:00 UTC + 2017-08-31 + Yusuke Endoh + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873802 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0900.html + https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ + http://blog.rubygems.org/2017/08/27/2.6.13-released.html + https://ubuntu.com/security/notices/USN-3439-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2017-0901 on Ubuntu 20.04 (focal) - medium. + RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-31 20:29:00 UTC + 2017-08-31 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873802 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0901.html + https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ + http://blog.rubygems.org/2017/08/27/2.6.13-released.html + https://hackerone.com/reports/243156 + https://ubuntu.com/security/notices/USN-3439-1 + https://ubuntu.com/security/notices/USN-3553-1 + https://ubuntu.com/security/notices/USN-3685-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2017-0902 on Ubuntu 20.04 (focal) - medium. + RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-31 20:29:00 UTC + 2017-08-31 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873802 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0902.html + https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ + http://blog.rubygems.org/2017/08/27/2.6.13-released.html + https://hackerone.com/reports/218088 + https://ubuntu.com/security/notices/USN-3553-1 + https://ubuntu.com/security/notices/USN-3685-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. leosilva> code not present in trusty for version 1.9.1 + + + + + + + + + CVE-2017-0903 on Ubuntu 20.04 (focal) - medium. + RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-11 18:29:00 UTC + 2017-10-11 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0903.html + http://blog.rubygems.org/2017/10/09/2.6.14-released.html + http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html + https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49 + https://hackerone.com/reports/274990 + https://ubuntu.com/security/notices/USN-3553-1 + https://ubuntu.com/security/notices/USN-3685-1 + https://ubuntu.com/security/notices/USN-3685-2 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. leosilva> following http://www.openwall.com/lists/oss-security/2017/10/10/2, versions < 2.0.0 of ruby leosilva> are not affected + + + + + + + + + CVE-2017-1000013 on Ubuntu 20.04 (focal) - low. + phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000013.html + https://www.phpmyadmin.net/security/PMASA-2017-1 + + + + + + + + + + CVE-2017-1000014 on Ubuntu 20.04 (focal) - medium. + phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000014.html + https://www.phpmyadmin.net/security/PMASA-2017-3 + + + + + + + + + + CVE-2017-1000015 on Ubuntu 20.04 (focal) - medium. + phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000015.html + https://www.phpmyadmin.net/security/PMASA-2017-4 + + + + + + + + + + CVE-2017-1000017 on Ubuntu 20.04 (focal) - low. + phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000017.html + https://www.phpmyadmin.net/security/PMASA-2017-6 + + + + sbeattie> The vulnerability is exposed only to MySQL superusers. + + + + + + + + + CVE-2017-1000018 on Ubuntu 20.04 (focal) - low. + phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + Emanuel Bronshtein + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000018.html + https://www.phpmyadmin.net/security/PMASA-2017-7 + + + + + + + + + + CVE-2017-1000025 on Ubuntu 20.04 (focal) - medium. + GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000025.html + http://www.openwall.com/lists/oss-security/2017/05/22 + https://bugzilla.gnome.org/show_bug.cgi?id=752738 + + + + + + + + + + + + + CVE-2017-1000047 on Ubuntu 20.04 (focal) - low. + rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + https://github.com/rbenv/rbenv/issues/977 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000047.html + https://github.com/justinsteven/advisories/blob/master/2017_rbenv_ruby_version_directory_traversal.md + + + + + + + + + + CVE-2017-1000061 on Ubuntu 20.04 (focal) - low. + xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service It was discovered that xmlsec incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000061.html + https://github.com/lsh123/xmlsec/issues/43 + + + + + + + + + + CVE-2017-1000071 on Ubuntu 20.04 (focal) - low. + Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868466 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000071.html + https://github.com/Jasig/phpCAS/issues/228 + https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog + + + + sbeattie> The vulnerability only exists when communicating with a server affected by another very old vulnerability fixed in 2010. + + + + + + + + + CVE-2017-1000121 on Ubuntu 20.04 (focal) - medium. + The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-01 21:29:00 UTC + Nathan Crandall + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000121.html + https://webkitgtk.org/security/WSA-2017-0007.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-1000122 on Ubuntu 20.04 (focal) - medium. + The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-01 21:29:00 UTC + Nathan Crandall + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000122.html + https://webkitgtk.org/security/WSA-2017-0007.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-1000190 on Ubuntu 20.04 (focal) - medium. + SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-17 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000190.html + https://github.com/ngallagher/simplexml/issues/18 + + + + msalvatore> As of 11/09/2018, there is a comment on github recommending updating to "2.7.3". This may be the fix version. + + + + + + + + + CVE-2017-1000246 on Ubuntu 20.04 (focal) - negligible. + Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-11-17 04:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882012 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000246.html + https://github.com/rohe/pysaml2/issues/417 + + + + tyhicks> The discussion in the GitHub issue explains why this isn't currently an issue but could be in the future if new cipher modes are used. + + + + + + + + + CVE-2017-1000381 on Ubuntu 20.04 (focal) - medium. + The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-07 17:29:00 UTC + 2017-07-07 + mdeslaur (c-ares), mikesalvatore (nodejs) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000381.html + https://c-ares.haxx.se/adv_20170620.html + https://ubuntu.com/security/notices/USN-3395-1 + + + + + + + + + + + + + CVE-2017-1000427 on Ubuntu 20.04 (focal) - low. + marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-02 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000427.html + https://snyk.io/vuln/npm:marked:20170112 + + + + + + + + + + CVE-2017-1000480 on Ubuntu 20.04 (focal) - medium. + Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000480.html + https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61 + + + + + + + + + + CVE-2017-1000600 on Ubuntu 20.04 (focal) - low. + WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000600.html + https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/ + https://youtu.be/GePBmsNJw6Y?t=1763 + + + + + + + + + + CVE-2017-1001001 on Ubuntu 20.04 (focal) - medium. + PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-01 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1001001.html + https://github.com/pluxml/PluXml/issues/253 + + + + + + + + + + CVE-2017-1002150 on Ubuntu 20.04 (focal) - low. + python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-14 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1002150.html + + + + + + + + + + CVE-2017-1002201 on Ubuntu 20.04 (focal) - medium. + In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. It was discovered that Haml did not properly escape the ' character. If Haml were made to process crafted data, an attacker could execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1002201.html + https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2 + https://snyk.io/vuln/SNYK-RUBY-HAML-20362 + + + + + + + + + + CVE-2017-10053 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10053.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3832334.xml + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10067 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10067.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10074 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that integer overflows existed in the Hotspot component of OpenJDK when generating range check loop predicates. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and cause a denial of service or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10074.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10078 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). It was discovered that the JavaScript Scripting component of OpenJDK incorrectly allowed access to Java APIs. An attacker could use this to specially craft JavaScript code to bypass access restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10078.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + + + + + + + + + + CVE-2017-10081 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). It was discovered that OpenJDK did not properly process parentheses in function signatures. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10081.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10086 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10086.html + + + + + + + + + + CVE-2017-10087 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the ThreadPoolExecutor class in OpenJDK did not properly perform access control checks when cleaning up threads. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10087.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10089 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the ServiceRegistry implementation in OpenJDK did not perform access control checks in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that escaped sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10089.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10090 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the channel groups implementation in OpenJDK did not properly perform access control checks in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10090.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10096 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the DTM exception handling code in the JAXP component of OpenJDK did not properly perform access control checks. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1471528 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10096.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10101 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the JAXP component of OpenJDK incorrectly granted access to some internal resolvers. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1471527 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10101.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10102 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). It was discovered that the Distributed Garbage Collector (DGC) in OpenJDK did not properly track references in some situations. A remote attacker could possibly use this to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1472345 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10102.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10107 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the Activation ID implementation in the RMI component of OpenJDK did not properly check access control permissions in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1471266 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10107.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10108 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the BasicAttribute class in OpenJDK did not properly bound memory allocation when de-serializing objects. An attacker could use this to cause a denial of service (memory consumption). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1471888 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10108.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10109 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the CodeSource class in OpenJDK did not properly bound memory allocations when de-serializing object instances. An attacker could use this to cause a denial of service (memory consumption). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1471670 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10109.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10110 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the AWT ImageWatched class in OpenJDK did not properly perform access control checks, An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1471523 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10110.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10111 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Jackson Davis discovered that the LambdaFormEditor class in the Libraries component of OpenJDK did not correctly perform bounds checks in the permuteArgumentsForm() function. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + Jackson Davis + https://bugzilla.redhat.com/show_bug.cgi?id=1471526 + https://bugs.openjdk.java.net/browse/JDK-8184119 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10111.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3366-1 + + + + + + + + + + CVE-2017-10114 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10114.html + + + + + + + + + + CVE-2017-10115 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). It was discovered that a timing side-channel vulnerability existed in the DSA implementation in OpenJDK. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1471851 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10115.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10116 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the LDAP implementation in OpenJDK incorrectly followed references to non-LDAP URLs. An attacker could use this to specially craft an LDAP referral URL that exposes sensitive information or bypass access restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1471738 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10116.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10118 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). It was discovered that a timing side-channel vulnerability existed in the ECDSA implementation in OpenJDK. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1472470 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10118.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10135 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Ilya Maykov discovered that a timing side-channel vulnerability existed in the PKCS#8 implementation in OpenJDK. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + Ilya Maykov + https://bugzilla.redhat.com/show_bug.cgi?id=1471871 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10135.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10176 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). It was discovered that the Elliptic Curve (EC) implementation in OpenJDK did not properly compute certain elliptic curve points. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1472476 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10176.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10193 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). It was discovered that OpenJDK did not properly restrict weak key sizes in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1471715 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10193.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + + + + + + + + + + CVE-2017-10198 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). It was discovered that OpenJDK did not properly enforce disabled algorithm restrictions on X.509 certificate chains. An attacker could use this to expose sensitive information or escape sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + https://bugzilla.redhat.com/show_bug.cgi?id=1472320 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10198.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + + + + + + + + + + CVE-2017-10243 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). It was discovered that OpenJDK did not properly perform access control checks when handling Web Service Definition Language (WSDL) XML documents. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-08 15:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10243.html + http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA + http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html#JAVA + https://ubuntu.com/security/notices/USN-3366-1 + https://ubuntu.com/security/notices/USN-3396-1 + + + + + + + + + + CVE-2017-10274 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10274.html + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10281 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + Gaston Traberg + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10281.html + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10285 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the Remote Method Invocation (RMI) component in OpenJDK did not properly handle unreferenced objects. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10285.html + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10295 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N). It was discovered that the HTTPUrlConnection classes in OpenJDK did not properly handle newlines. An attacker could use this to convince a Java application or applet to inject headers into http requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10295.html + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10345 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Serialization component of OpenJDK did not properly restrict the amount of memory allocated when deserializing objects from Java Cryptography Extension KeyStore (JCEKS). An attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-10345 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10345.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10346 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the Hotspot component of OpenJDK did not properly perform loader checks when handling the invokespecial JVM instruction. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10346.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10347 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations in the SimpleTimeZone class. An attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + Gaston Traberg + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10347.html + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10348 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10348.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10349 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the JAXP component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10349.html + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10350 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the JAX-WS component in OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10350.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10355 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the Networking component of OpenJDK did not properly set timeouts on FTP client actions. A remote attacker could use this to cause a denial of service (application hang). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10355.html + http://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html + http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_161 + http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_171 + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + sbeattie> See Oracle release notes on the changed default behavior for FTP clients and how to configure the old behavior if necessary. + + + + + + + + + CVE-2017-10356 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Francesco Palmarini, Marco Squarcina, Mauro Tempesta, Riccardo Focardi, and Tobias Ospelt discovered that the Security component in OpenJDK did not sufficiently protect password-based encryption keys in key stores. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + Francesco Palmarini, Marco Squarcina, Mauro Tempesta, Riccardo Focardi, and Tobias Ospelt + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10356.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10357 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10357.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + + + + + + + CVE-2017-10388 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Jeffrey Altman discovered that the Kerberos client implementation in OpenJDK incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 17:29:00 UTC + 2017-10-19 + Jeffrey Altman + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10388.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA + https://www.orpheus-lyre.info/ + https://ubuntu.com/security/notices/USN-3473-1 + https://ubuntu.com/security/notices/USN-3497-1 + + + + sbeattie> another instance of the Orpheus-Lyre vulnerability + + + + + + + + + CVE-2017-10684 on Ubuntu 20.04 (focal) - negligible. + In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-06-29 23:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1464687 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10684.html + + + + + + + + + + CVE-2017-10685 on Ubuntu 20.04 (focal) - negligible. + In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-06-29 23:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1464692 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10685.html + + + + mdeslaur> Red Hat considers this issue as a duplicate of CVE-2017-10684. + + + + + + + + + CVE-2017-10687 on Ubuntu 20.04 (focal) - low. + In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-29 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10687.html + https://bugzilla.redhat.com/show_bug.cgi?id=1466411 + + + + ratliff> reproducers doesn't crash on zesty (no ASAN) + + + + + + + + + CVE-2017-10788 on Ubuntu 20.04 (focal) - low. + The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-01 18:29:00 UTC + https://github.com/perl5-dbi/DBD-mysql/issues/120 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866818 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10788.html + http://seclists.org/oss-sec/2017/q2/443 + + + + + + + + + + CVE-2017-10789 on Ubuntu 20.04 (focal) - low. + The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-01 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866821 + https://github.com/perl5-dbi/DBD-mysql/issues/110 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10789.html + https://github.com/perl5-dbi/DBD-mysql/pull/114 + + + + + + + + + + CVE-2017-10799 on Ubuntu 20.04 (focal) - medium. + When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-03 01:29:00 UTC + 2017-07-03 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867077 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10799.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62 + https://ubuntu.com/security/notices/USN-4206-1 + + + + + + + + + + CVE-2017-10800 on Ubuntu 20.04 (focal) - medium. + When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-03 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867060 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10800.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012 + + + + + + + + + + CVE-2017-10807 on Ubuntu 20.04 (focal) - medium. + JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-04 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867032 + https://bugs.launchpad.net/ubuntu/+source/jabberd2/+bug/1747893 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10807.html + https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1 + + + + + + + + + + CVE-2017-10911 on Ubuntu 20.04 (focal) - medium. + The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-05 01:29:00 UTC + 2017-07-04 + Anthony Perard + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10911.html + https://xenbits.xen.org/xsa/advisory-216.html + http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341 + http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8 + https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341 + https://ubuntu.com/security/notices/USN-3414-1 + https://ubuntu.com/security/notices/USN-3468-1 + https://ubuntu.com/security/notices/USN-3468-2 + https://ubuntu.com/security/notices/USN-3469-1 + https://ubuntu.com/security/notices/USN-3469-2 + https://ubuntu.com/security/notices/USN-3468-3 + https://ubuntu.com/security/notices/USN-3470-1 + https://ubuntu.com/security/notices/USN-3470-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2017-10929 on Ubuntu 20.04 (focal) - medium. + The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-05 12:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867369 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10929.html + https://github.com/radare/radare2/issues/7855 + https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85 + + + + sbeattie> does this affect upstream grub as well from a security perspective? + + + + + + + + + CVE-2017-11102 on Ubuntu 20.04 (focal) - low. + The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-07 18:29:00 UTC + 2017-07-07 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867746 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11102.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5 + http://hg.code.sf.net/p/graphicsmagick/code/rev/dea93a690fc1 + http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b + http://hg.code.sf.net/p/graphicsmagick/code/rev/e8f859704230 + https://ubuntu.com/security/notices/USN-4206-1 + + + + ebarretto> Watch out when applying the fix, it introduces a new vuln. ebarretto> See CVE-2017-11139 + + + + + + + + + CVE-2017-11104 on Ubuntu 20.04 (focal) - medium. + Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-08 10:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865678 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11104.html + https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html + http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf + https://bugs.debian.org/865678 + + + + + + + + + + CVE-2017-11112 on Ubuntu 20.04 (focal) - negligible. + In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-07-08 17:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1464686 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11112.html + + + + + + + + + + CVE-2017-11113 on Ubuntu 20.04 (focal) - negligible. + In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-07-08 17:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1464691 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11113.html + + + + + + + + + + CVE-2017-11114 on Ubuntu 20.04 (focal) - medium. + The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service (buffer over-read) via a crafted HTML file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-31 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11114.html + http://seclists.org/fulldisclosure/2017/Jul/76 + + + + + + + + + + CVE-2017-11119 on Ubuntu 20.04 (focal) - low. + The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-31 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11119.html + http://seclists.org/fulldisclosure/2017/Jul/78 + + + + msalvatore> Nosefart bug is still unresolved msalvatore> https://sourceforge.net/p/nosefart/bugs/6/ + + + + + + + + + CVE-2017-11126 on Ubuntu 20.04 (focal) - low. + The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type != 2" case, a similar issue to CVE-2017-9870. It was discovered that mpg123 incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-10 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11126.html + http://openwall.com/lists/oss-security/2017/07/10/4 + https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/ + + + + + + + + + + CVE-2017-11140 on Ubuntu 20.04 (focal) - low. + The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-10 03:29:00 UTC + 2017-07-10 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11140.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a + https://ubuntu.com/security/notices/USN-4206-1 + + + + + + + + + + CVE-2017-11164 on Ubuntu 20.04 (focal) - negligible. + In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-07-11 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11164.html + http://openwall.com/lists/oss-security/2017/07/11/3 + + + + sbeattie> reproducer in oss-security posting. + + + + + + + + + + + + CVE-2017-11189 on Ubuntu 20.04 (focal) - low. + unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-12 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11189.html + https://github.com/0x09AL/my-exploits/tree/master/pocs/unrar-free/dos + + + + + + + + + + CVE-2017-11191 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-28 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11191.html + http://packetstormsecurity.com/files/143532/FreeIPA-2.213-Session-Hijacking.html + + + + + + + + + + CVE-2017-11328 on Ubuntu 20.04 (focal) - low. + Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11328.html + https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f + + + + + + + + + + CVE-2017-11331 on Ubuntu 20.04 (focal) - low. + The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-31 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11331.html + http://seclists.org/fulldisclosure/2017/Jul/80 + + + + ratliff> The following notes are from Debian: debian> NOTE: The issue is "covered" by the fix applied in 0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch debian> NOTE: still the return of malloc is not checked. debian> NOTE: Crash in CLI tool only, negligible security impact + + + + + + + + + CVE-2017-11341 on Ubuntu 20.04 (focal) - low. + There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868577 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11341.html + https://bugzilla.redhat.com/show_bug.cgi?id=1470714 + + + + + + + + + + CVE-2017-11342 on Ubuntu 20.04 (focal) - low. + There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868577 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11342.html + https://bugzilla.redhat.com/show_bug.cgi?id=1470722 + + + + + + + + + + CVE-2017-11343 on Ubuntu 20.04 (focal) - low. + Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11343.html + http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html + http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html + + + + + + + + + + CVE-2017-11353 on Ubuntu 20.04 (focal) - medium. + yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + Daniel Shahaf + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868300 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11353.html + https://github.com/TheLocehiliosan/yadm/issues/74 + https://bugs.debian.org/868300 + + + + + + + + + + CVE-2017-11403 on Ubuntu 20.04 (focal) - medium. + The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-18 00:29:00 UTC + 2017-07-18 00:29:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11403.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37 + https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/ + https://ubuntu.com/security/notices/USN-4206-1 + + + + + + + + + + CVE-2017-11428 on Ubuntu 20.04 (focal) - medium. + OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-17 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11428.html + https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations + https://www.kb.cert.org/vuls/id/475445 + + + + + + + + + + CVE-2017-11468 on Ubuntu 20.04 (focal) - low. + Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 23:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869242 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11468.html + https://github.com/docker/distribution/pull/2340 + https://github.com/docker/distribution/releases/tag/v2.6.2 + + + + + + + + + + CVE-2017-11499 on Ubuntu 20.04 (focal) - medium. + Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-25 13:29:00 UTC + Jann Horn + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11499.html + https://nodejs.org/en/blog/release/v6.11.1/ + https://nodejs.org/en/blog/release/v4.8.4/ + https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ + + + + + + + + + + CVE-2017-11546 on Ubuntu 20.04 (focal) - medium. + The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-31 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870338 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11546.html + http://seclists.org/fulldisclosure/2017/Jul/83 + + + + + + + + + + CVE-2017-11547 on Ubuntu 20.04 (focal) - medium. + The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the suggests a setuid-root installation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-31 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870338 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11547.html + http://seclists.org/fulldisclosure/2017/Jul/83 + + + + + + + + + + CVE-2017-11548 on Ubuntu 20.04 (focal) - low. + The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-31 13:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11548.html + http://seclists.org/fulldisclosure/2017/Jul/84 + + + + + + + + + + CVE-2017-11549 on Ubuntu 20.04 (focal) - medium. + The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be relevant when using the + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-31 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870338 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11549.html + http://seclists.org/fulldisclosure/2017/Jul/83 + + + + + + + + + + CVE-2017-11552 on Ubuntu 20.04 (focal) - medium. + mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-01 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870406 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11552.html + http://seclists.org/fulldisclosure/2017/Jul/94 + + + + ebarretto> CVE was originally assigned for libmad, but further analysis ebarretto> has shown that the underlying issue is in mpg321 ebarretto> https://bugs.debian.org/870406#25 for more Details. + + + + + + + + + CVE-2017-11554 on Ubuntu 20.04 (focal) - medium. + There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-23 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11554.html + https://github.com/sass/libsass/issues/2445 + https://bugzilla.redhat.com/show_bug.cgi?id=1471780 + + + + + + + + + + CVE-2017-11555 on Ubuntu 20.04 (focal) - medium. + There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-23 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11555.html + https://github.com/sass/libsass/issues/2446 + https://bugzilla.redhat.com/show_bug.cgi?id=1471782 + + + + + + + + + + CVE-2017-11556 on Ubuntu 20.04 (focal) - medium. + There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-23 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11556.html + https://github.com/sass/libsass/issues/2447 + https://bugzilla.redhat.com/show_bug.cgi?id=1471786 + + + + + + + + + + CVE-2017-11565 on Ubuntu 20.04 (focal) - medium. + debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script). It was discovered that Tor incorrectly implemented AppArmor restrictions. An attacker could possibly bypass those restrictions and cause an unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869153 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11565.html + https://twitter.com/pissquark/status/888142796414226432 + https://bugs.debian.org/869153 + + + + + + + + + + CVE-2017-11570 on Ubuntu 20.04 (focal) - low. + FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-23 22:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873587 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11570.html + https://github.com/fontforge/fontforge/issues/3097 + + + + + + + + + + CVE-2017-11573 on Ubuntu 20.04 (focal) - low. + FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-23 22:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873588 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11573.html + https://github.com/fontforge/fontforge/issues/3098 + + + + + + + + + + CVE-2017-11605 on Ubuntu 20.04 (focal) - medium. + There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-24 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11605.html + https://bugzilla.redhat.com/show_bug.cgi?id=1474019 + + + + + + + + + + CVE-2017-11608 on Ubuntu 20.04 (focal) - medium. + There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-24 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11608.html + https://bugzilla.redhat.com/show_bug.cgi?id=1474276 + + + + + + + + + + CVE-2017-11636 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-26 08:29:00 UTC + 2017-07-26 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11636.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c + https://ubuntu.com/security/notices/USN-4206-1 + + + + + + + + + + CVE-2017-11637 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-26 08:29:00 UTC + 2017-07-26 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11637.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257 + https://ubuntu.com/security/notices/USN-4206-1 + + + + + + + + + + CVE-2017-11638 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-26 08:29:00 UTC + 2017-07-26 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11638.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9 + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-11641 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-26 08:29:00 UTC + 2017-07-26 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11641.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318 + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-11642 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-26 08:29:00 UTC + 2017-07-26 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11642.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9 + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-11643 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-26 08:29:00 UTC + 2017-07-26 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11643.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71 + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-11654 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-26 14:29:00 UTC + Dhiru Kholia + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869803 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11654.html + http://www.openwall.com/lists/oss-security/2017/07/26/1 + http://openwall.com/lists/oss-security/2017/07/26/1 + + + + + + + + + + CVE-2017-11655 on Ubuntu 20.04 (focal) - medium. + A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-26 14:29:00 UTC + Dhiru Kholia + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869803 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11655.html + http://www.openwall.com/lists/oss-security/2017/07/26/1 + http://openwall.com/lists/oss-security/2017/07/26/1 + + + + + + + + + + CVE-2017-11661 on Ubuntu 20.04 (focal) - low. + The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. It was discovered that WildMIDI incorrectly handled certain MID files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-17 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871616 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11661.html + http://seclists.org/fulldisclosure/2017/Aug/12 + https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd + + + + ebarretto> Looking at the patches and the version on Trusty, it seems like ebarretto> some of the patches are not appliable and others are tricky to ebarretto> backport. So considering really low for Trusty. + + + + + + + + + CVE-2017-11662 on Ubuntu 20.04 (focal) - low. + The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. It was discovered that WildMIDI incorrectly handled certain MID files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-17 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871616 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11662.html + http://seclists.org/fulldisclosure/2017/Aug/12 + https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd + + + + ebarretto> Looking at the patches and the version on Trusty, it seems like ebarretto> some of the patches are not appliable and others are tricky to ebarretto> backport. So considering really low for Trusty. + + + + + + + + + CVE-2017-11663 on Ubuntu 20.04 (focal) - medium. + The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. It was discovered that WildMIDI incorrectly handled certain MID files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-17 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871616 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11663.html + http://seclists.org/fulldisclosure/2017/Aug/12 + https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd + + + + ebarretto> Looking at the patches and the version on Trusty, it seems like ebarretto> some of the patches are not appliable and others are tricky to ebarretto> backport. So considering really low for Trusty. + + + + + + + + + CVE-2017-11664 on Ubuntu 20.04 (focal) - medium. + The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. It was discovered that WildMIDI incorrectly handled certain MID files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-17 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871616 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11664.html + http://seclists.org/fulldisclosure/2017/Aug/12 + https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd + + + + ebarretto> Looking at the patches and the version on Trusty, it seems like ebarretto> some of the patches are not appliable and others are tricky to ebarretto> backport. So considering really low for Trusty. + + + + + + + + + CVE-2017-11671 on Ubuntu 20.04 (focal) - low. + Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-26 21:29:00 UTC + Todd Eisenberger + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11671.html + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180 + https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html + http://www.openwall.com/lists/oss-security/2017/07/27/2 + + + + + + + + + + + + + + + + + + + + + CVE-2017-11692 on Ubuntu 20.04 (focal) - low. + The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-30 17:29:00 UTC + https://github.com/jbeder/yaml-cpp/issues/519 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870327 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870326 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11692.html + + + + + + + + + + CVE-2017-11695 on Ubuntu 20.04 (focal) - negligible. + Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 19:29:00 UTC + https://bugzilla.mozilla.org/show_bug.cgi?id=1360782 (private) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873256 + https://bugzilla.redhat.com/show_bug.cgi?id=1487128 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11695.html + http://seclists.org/fulldisclosure/2017/Aug/17 + + + + mdeslaur> Upstream NSS will not be fixing this issue. mdeslaur> this is an issue in libnssdbm. NSS 3.35 made SQLite the default mdeslaur> datastore. NSS 3.49 stopped building the legacy datastore. + + + + + + + + + CVE-2017-11696 on Ubuntu 20.04 (focal) - negligible. + Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 19:29:00 UTC + https://bugzilla.mozilla.org/show_bug.cgi?id=1360778 (private) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873257 + https://bugzilla.redhat.com/show_bug.cgi?id=1487129 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11696.html + http://seclists.org/fulldisclosure/2017/Aug/17 + + + + mdeslaur> Upstream NSS will not be fixing this issue. mdeslaur> this is an issue in libnssdbm. NSS 3.35 made SQLite the default mdeslaur> datastore. NSS 3.49 stopped building the legacy datastore. + + + + + + + + + CVE-2017-11697 on Ubuntu 20.04 (focal) - negligible. + The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 19:29:00 UTC + https://bugzilla.mozilla.org/show_bug.cgi?id=1360900 (private) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873258 + https://bugzilla.redhat.com/show_bug.cgi?id=1487132 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11697.html + http://seclists.org/fulldisclosure/2017/Aug/17 + + + + mdeslaur> Upstream NSS will not be fixing this issue. mdeslaur> this is an issue in libnssdbm. NSS 3.35 made SQLite the default mdeslaur> datastore. NSS 3.49 stopped building the legacy datastore. + + + + + + + + + CVE-2017-11698 on Ubuntu 20.04 (focal) - negligible. + Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 19:29:00 UTC + https://bugzilla.mozilla.org/show_bug.cgi?id=1360779 (private) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873259 + https://bugzilla.redhat.com/show_bug.cgi?id=1487130 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11698.html + http://seclists.org/fulldisclosure/2017/Aug/17 + + + + mdeslaur> Upstream NSS will not be fixing this issue. mdeslaur> this is an issue in libnssdbm. NSS 3.35 made SQLite the default mdeslaur> datastore. NSS 3.49 stopped building the legacy datastore. + + + + + + + + + CVE-2017-11720 on Ubuntu 20.04 (focal) - medium. + There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. It was discovered that LAME incorrectly handled certain audio files. An attacker could possibly use this issue to cause a denial of service or possibly other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-28 14:29:00 UTC + Wang Shiyang, Liu Bingchang + https://sourceforge.net/p/lame/bugs/460/ + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777159 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11720.html + + + + + + + + + + CVE-2017-11721 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-03 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11721.html + https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1 + + + + + + + + + + + + + CVE-2017-11747 on Ubuntu 20.04 (focal) - medium. + main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command. It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-30 16:29:00 UTC + mikesalvatore + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870307 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11747.html + https://github.com/tinyproxy/tinyproxy/issues/106 + + + + + + + + + + CVE-2017-12067 on Ubuntu 20.04 (focal) - low. + Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-01 05:29:00 UTC + Henri Salo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870356 + https://sourceforge.net/p/potrace/bugs/22/ + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12067.html + https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap + + + + tyhicks> inkscape embeds libpotrace in Yakkety and earlier (LP: #1156664) mdeslaur> potrace in inkscape works on bitmaps already loaded, not mdeslaur> arbitrary images. Marking as not-affected for inkscape. + + + + + + + + + CVE-2017-12081 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12081.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + + + + + + + + + + CVE-2017-12082 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12082.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + + + + + + + + + + CVE-2017-12086 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12086.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + + + + + + + + + + CVE-2017-12099 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12099.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + + + + + + + + + + CVE-2017-12100 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12100.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + + + + + + + + + + CVE-2017-12101 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12101.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + + + + + + + + + + CVE-2017-12102 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12102.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 + + + + + + + + + + CVE-2017-12103 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12103.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 + + + + + + + + + + CVE-2017-12104 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12104.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 + + + + + + + + + + CVE-2017-12105 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12105.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + + + + + + + + + + CVE-2017-12108 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12108.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460 + + + + + + + + + + CVE-2017-12109 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12109.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461 + + + + + + + + + + CVE-2017-12110 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-20 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12110.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462 + + + + + + + + + + CVE-2017-12111 on Ubuntu 20.04 (focal) - medium. + An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-20 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12111.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463 + + + + + + + + + + CVE-2017-12132 on Ubuntu 20.04 (focal) - low. + The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-01 16:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=21361 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12132.html + https://arxiv.org/pdf/1205.4011.pdf + + + + + + + + + + CVE-2017-12133 on Ubuntu 20.04 (focal) - low. + Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-07 13:29:00 UTC + 2017-09-07 13:29:00 UTC + Florian Weimer + https://sourceware.org/bugzilla/show_bug.cgi?id=21115 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870648 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12133.html + https://ubuntu.com/security/notices/USN-4416-1 + + + + chrisccoulson> The CVE description doesn't seem to match the description in the linked bug report and upstream patch sbeattie> introduced in CVE-2016-4429 fix + + + + + + + + + CVE-2017-12141 on Ubuntu 20.04 (focal) - low. + In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-02 05:29:00 UTC + 2017-08-02 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12141.html + https://github.com/Yeraze/ytnef/issues/50 + https://somevulnsofadlab.blogspot.com/2017/07/ytnefheap-buffer-overflow-in.html + https://ubuntu.com/security/notices/USN-3667-1 + + + + + + + + + + CVE-2017-12142 on Ubuntu 20.04 (focal) - low. + In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-02 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12142.html + https://github.com/Yeraze/ytnef/issues/49 + https://somevulnsofadlab.blogspot.com/2017/07/ytnefinvalid-memory-read-in-swapdword.html + + + + leosilva> the issue resides in ytnefprint/main.c that is not present leosilva> in trusty. + + + + + + + + + CVE-2017-12143 on Ubuntu 20.04 (focal) - negligible. + In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-02 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12143.html + https://somevulnsofadlab.blogspot.com/2017/07/libquicktimeallocation-failed-in.html + https://sourceforge.net/p/libquicktime/mailman/message/35888850/ + + + + + + + + + + CVE-2017-12144 on Ubuntu 20.04 (focal) - low. + In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-02 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12144.html + https://github.com/Yeraze/ytnef/issues/51 + https://somevulnsofadlab.blogspot.com/2017/07/ytnefallocation-failed-in-tneffillmapi.html + + + + + + + + + + CVE-2017-12145 on Ubuntu 20.04 (focal) - negligible. + In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-02 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12145.html + https://somevulnsofadlab.blogspot.com/2017/07/libquicktimeallocation-failed-in_30.html + https://sourceforge.net/p/libquicktime/mailman/message/35888849/ + + + + + + + + + + CVE-2017-12165 on Ubuntu 20.04 (focal) - medium. + It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-27 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12165.html + https://bugzilla.redhat.com/show_bug.cgi?id=1490301 + + + + + + + + + + CVE-2017-12166 on Ubuntu 20.04 (focal) - low. + OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. sbeattie> vulnerable only in configurations that have 'key method 1’ set. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-04 01:29:00 UTC + Guido Vranken + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12166.html + https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 + http://www.openwall.com/lists/oss-security/2017/09/28/2 + + + + + + + + + + CVE-2017-12169 on Ubuntu 20.04 (focal) - low. + It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-10 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12169.html + https://bugzilla.redhat.com/show_bug.cgi?id=1487697 + + + + ebarretto> No fix available as of 2019-02-14 + + + + + + + + + CVE-2017-12194 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 21:29:00 UTC + 2018-03-14 + leosilva + Frediano Ziglio + https://bugzilla.redhat.com/show_bug.cgi?id=1501200 + https://bugzilla.redhat.com/show_bug.cgi?id=1240165 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12194.html + https://ubuntu.com/security/notices/USN-3659-1 + + + + leosilva> xenial uses spice-protocol to generate leosilva> the codes that are affected. leosilva> not all releases has the test section to add the third patch. + + + + + + + + + + + + CVE-2017-12196 on Ubuntu 20.04 (focal) - medium. + undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-18 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12196.html + https://bugzilla.redhat.com/show_bug.cgi?id=1503055 + + + + + + + + + + CVE-2017-12424 on Ubuntu 20.04 (focal) - low. + In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 09:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756630 + https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12424.html + + + + + + + + + + CVE-2017-12440 on Ubuntu 20.04 (focal) - medium. + Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 14:29:00 UTC + mdeslaur + https://bugs.launchpad.net/ossn/+bug/1649333 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12440.html + https://wiki.openstack.org/wiki/OSSN/OSSN-0080 + + + + + + + + + + CVE-2017-12441 on Ubuntu 20.04 (focal) - medium. + The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-17 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871495 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12441.html + https://sourceforge.net/p/minidjvu/bugs/8/ + + + + + + + + + + CVE-2017-12442 on Ubuntu 20.04 (focal) - medium. + The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-17 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871495 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12442.html + https://sourceforge.net/p/minidjvu/bugs/8/ + + + + + + + + + + CVE-2017-12443 on Ubuntu 20.04 (focal) - medium. + The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-17 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871495 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12443.html + https://sourceforge.net/p/minidjvu/bugs/8/ + + + + + + + + + + CVE-2017-12444 on Ubuntu 20.04 (focal) - medium. + The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-17 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871495 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12444.html + https://sourceforge.net/p/minidjvu/bugs/8/ + + + + + + + + + + CVE-2017-12445 on Ubuntu 20.04 (focal) - medium. + The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-17 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871495 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12445.html + https://sourceforge.net/p/minidjvu/bugs/8/ + + + + + + + + + + CVE-2017-12448 on Ubuntu 20.04 (focal) - low. + The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12448.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21787 + + + + + + + + + + CVE-2017-12449 on Ubuntu 20.04 (focal) - low. + The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12449.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21840 + + + + + + + + + + CVE-2017-12450 on Ubuntu 20.04 (focal) - low. + The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12450.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21813 + + + + sbeattie> reproducers attached to bug report + + + + + + + + + CVE-2017-12451 on Ubuntu 20.04 (focal) - low. + The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12451.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21786 + + + + + + + + + + CVE-2017-12452 on Ubuntu 20.04 (focal) - low. + The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12452.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21813 + + + + sbeattie> same commits as CVE-2017-12450 + + + + + + + + + CVE-2017-12453 on Ubuntu 20.04 (focal) - low. + The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12453.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21813 + + + + sbeattie> same commits as CVE-2017-12450 + + + + + + + + + CVE-2017-12454 on Ubuntu 20.04 (focal) - low. + The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12454.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21813 + + + + sbeattie> same commits as CVE-2017-12450 + + + + + + + + + CVE-2017-12455 on Ubuntu 20.04 (focal) - low. + The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12455.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21840 + + + + mdeslaur> same commit as CVE-2017-12449 + + + + + + + + + CVE-2017-12456 on Ubuntu 20.04 (focal) - low. + The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12456.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21813 + + + + sbeattie> same commits as CVE-2017-12450 + + + + + + + + + CVE-2017-12457 on Ubuntu 20.04 (focal) - low. + The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12457.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21840 + + + + sbeattie> same commit as CVE-2017-12455 + + + + + + + + + CVE-2017-12458 on Ubuntu 20.04 (focal) - low. + The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12458.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21840 + + + + sbeattie> same commit as CVE-2017-12455 + + + + + + + + + CVE-2017-12459 on Ubuntu 20.04 (focal) - low. + The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 15:29:00 UTC + Ned Williamson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12459.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21840 + + + + sbeattie> same commit as CVE-2017-12455 + + + + + + + + + CVE-2017-12481 on Ubuntu 20.04 (focal) - medium. + The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 19:29:00 UTC + Gwan Yeong Kim + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12481.html + http://bugs.ledger-cli.org/show_bug.cgi?id=1222 + https://github.com/ledger/ledger/commit/c5343f18744d0f6fddcc590f9a54c23674d8c489 + + + + + + + + + + CVE-2017-12482 on Ubuntu 20.04 (focal) - medium. + The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-04 19:29:00 UTC + Gwan Yeong Kim + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12482.html + http://bugs.ledger-cli.org/show_bug.cgi?id=1224 + https://github.com/ledger/ledger/commit/7c0ae5b02571e21f97d45f5d091cb78af9885713 + + + + + + + + + + CVE-2017-12583 on Ubuntu 20.04 (focal) - medium. + DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-06 03:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870903 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12583.html + https://github.com/splitbrain/dokuwiki/issues/2061 + + + + + + + + + + CVE-2017-12613 on Ubuntu 20.04 (focal) - low. + When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-24 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12613.html + https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E + + + + + + + + + + CVE-2017-12618 on Ubuntu 20.04 (focal) - low. + Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-24 01:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12618.html + http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E + + + + + + + + + + CVE-2017-12626 on Ubuntu 20.04 (focal) - medium. + Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-29 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888651 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12626.html + https://bz.apache.org/bugzilla/show_bug.cgi?id=61338 + https://bz.apache.org/bugzilla/show_bug.cgi?id=61294 + https://bz.apache.org/bugzilla/show_bug.cgi?id=52372 + https://bz.apache.org/bugzilla/show_bug.cgi?id=61295 + https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E + + + + + + + + + + CVE-2017-12627 on Ubuntu 20.04 (focal) - medium. + In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. It was discovered that Xerces-C++ mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer. An attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12627.html + https://svn.apache.org/viewvc?view=revision&revision=1819998 + https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt + http://seclists.org/oss-sec/2018/q1/203 + http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt + + + + + + + + + + CVE-2017-12652 on Ubuntu 20.04 (focal) - low. + libpng before 1.6.32 does not properly check the length of chunks against the user limit. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12652.html + https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE + + + + + + + + + + + + + + CVE-2017-12778 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-09 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12778.html + http://archive.is/eF2GR + http://qbittorrent.com + https://medium.com/@BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada + + + + + + + + + + CVE-2017-12797 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. It was discovered that mpg123 incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 15:29:00 UTC + https://sourceforge.net/p/mpg123/bugs/254/ + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12797.html + https://sourceforge.net/p/mpg123/mailman/message/35987663/ + + + + + + + + + + CVE-2017-12799 on Ubuntu 20.04 (focal) - low. + The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-10 18:29:00 UTC + Zhihua Yao + https://sourceware.org/bugzilla/show_bug.cgi?id=21933 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12799.html + + + + + + + + + + CVE-2017-12839 on Ubuntu 20.04 (focal) - low. + A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file. It was discovered that mpg123 failed to handle certain malformed mp3 files. An attacker could use this vulnerability to potentially leak sensitive information or cause a crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-09 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12839.html + https://sourceforge.net/p/mpg123/bugs/255/ + https://www.mpg123.de/ + https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date + + + + msalvatore> unable to reproduce the bug with ASAN in trusty or xenial. + + + + + + + + + CVE-2017-12852 on Ubuntu 20.04 (focal) - low. + The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-15 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12852.html + https://github.com/numpy/numpy/issues/9560#issuecomment-322395292 + + + + mdeslaur> as of 2019-01-22, there doesn't appear to be a fix for this + + + + + + + + + CVE-2017-12867 on Ubuntu 20.04 (focal) - medium. + The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12867.html + https://simplesamlphp.org/security/201708-01 + + + + + + + + + + CVE-2017-12868 on Ubuntu 20.04 (focal) - medium. + The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-01 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12868.html + https://simplesamlphp.org/security/201705-01 + + + + + + + + + + CVE-2017-12869 on Ubuntu 20.04 (focal) - medium. + The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-01 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12869.html + https://simplesamlphp.org/security/201704-02 + + + + + + + + + + CVE-2017-12870 on Ubuntu 20.04 (focal) - medium. + SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-01 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12870.html + https://simplesamlphp.org/security/201704-01 + + + + + + + + + + CVE-2017-12871 on Ubuntu 20.04 (focal) - medium. + The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-01 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12871.html + https://simplesamlphp.org/security/201703-02 + + + + sbeattie> 1.14.x only + + + + + + + + + CVE-2017-12872 on Ubuntu 20.04 (focal) - medium. + The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-01 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12872.html + https://simplesamlphp.org/security/201703-01 + + + + + + + + + + CVE-2017-12873 on Ubuntu 20.04 (focal) - medium. + SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-01 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12873.html + https://simplesamlphp.org/security/201612-04 + + + + + + + + + + CVE-2017-12874 on Ubuntu 20.04 (focal) - medium. + The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-01 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12874.html + https://simplesamlphp.org/security/201612-03 + + + + sbeattie> according to debian, issue lies in sbeattie> simplesamlphp/simplesamlphp-module-infocard and fixed sbeattie> in module version 1.0.1. The module is embedded in sbeattie> simplesamlphp. + + + + + + + + + CVE-2017-12935 on Ubuntu 20.04 (focal) - low. + The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 12:29:00 UTC + 2017-08-18 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12935.html + http://www.openwall.com/lists/oss-security/2017/08/18/4 + http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188 + https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-invalid-memory-read-in-setimagecolorcallback-image-c/ + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-12936 on Ubuntu 20.04 (focal) - medium. + The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 12:29:00 UTC + 2017-08-18 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12936.html + http://www.openwall.com/lists/oss-security/2017/08/18/3 + http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd + https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-use-after-free-in-readwmfimage-wmf-c/ + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-12937 on Ubuntu 20.04 (focal) - low. + The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 12:29:00 UTC + 2017-08-18 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12937.html + http://www.openwall.com/lists/oss-security/2017/08/18/5 + http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978 + https://blogs.gentoo.org/ago/2017/08/05/graphicsmagick-heap-based-buffer-overflow-in-readsunimage-sun-c/ + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-12938 on Ubuntu 20.04 (focal) - medium. + UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12938.html + http://www.openwall.com/lists/oss-security/2017/08/18/2 + http://seclists.org/oss-sec/2017/q3/290 + + + + + + + + + + CVE-2017-12940 on Ubuntu 20.04 (focal) - low. + libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12940.html + http://www.openwall.com/lists/oss-security/2017/08/18/6 + http://seclists.org/oss-sec/2017/q3/290 + + + + + + + + + + CVE-2017-12941 on Ubuntu 20.04 (focal) - low. + libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12941.html + http://www.openwall.com/lists/oss-security/2017/08/18/6 + http://seclists.org/oss-sec/2017/q3/290 + + + + + + + + + + CVE-2017-12942 on Ubuntu 20.04 (focal) - medium. + libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12942.html + http://www.openwall.com/lists/oss-security/2017/08/18/6 + http://seclists.org/oss-sec/2017/q3/290 + + + + + + + + + + CVE-2017-12950 on Ubuntu 20.04 (focal) - medium. + The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12950.html + http://seclists.org/fulldisclosure/2017/Aug/39 + + + + + + + + + + CVE-2017-12951 on Ubuntu 20.04 (focal) - medium. + The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12951.html + http://seclists.org/fulldisclosure/2017/Aug/39 + + + + + + + + + + CVE-2017-12952 on Ubuntu 20.04 (focal) - medium. + The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12952.html + http://seclists.org/fulldisclosure/2017/Aug/39 + + + + + + + + + + CVE-2017-12953 on Ubuntu 20.04 (focal) - medium. + The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12953.html + http://seclists.org/fulldisclosure/2017/Aug/39 + + + + + + + + + + CVE-2017-12954 on Ubuntu 20.04 (focal) - medium. + The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12954.html + http://seclists.org/fulldisclosure/2017/Aug/39 + + + + + + + + + + CVE-2017-12962 on Ubuntu 20.04 (focal) - low. + There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12962.html + https://bugzilla.redhat.com/show_bug.cgi?id=1482331 + + + + + + + + + + CVE-2017-12963 on Ubuntu 20.04 (focal) - low. + There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12963.html + https://bugzilla.redhat.com/show_bug.cgi?id=1482335 + + + + + + + + + + CVE-2017-12964 on Ubuntu 20.04 (focal) - low. + There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-18 21:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1482397 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12964.html + + + + + + + + + + CVE-2017-12967 on Ubuntu 20.04 (focal) - low. + The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-19 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12967.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21962 + + + + + + + + + + CVE-2017-12976 on Ubuntu 20.04 (focal) - medium. + git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-20 20:29:00 UTC + Joey Hess + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12976.html + http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471 + http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a + http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn + + + + seth-arnold> security-fake-sync fails with "Original tarballs differ. Aborting" + + + + + + + + + CVE-2017-12979 on Ubuntu 20.04 (focal) - medium. + DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-21 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12979.html + https://github.com/splitbrain/dokuwiki/issues/2080 + + + + + + + + + + CVE-2017-12980 on Ubuntu 20.04 (focal) - medium. + DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-21 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12980.html + https://github.com/splitbrain/dokuwiki/issues/2081 + + + + + + + + + + CVE-2017-12982 on Ubuntu 20.04 (focal) - low. + The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-21 07:29:00 UTC + https://github.com/uclouvain/openjpeg/issues/983 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12982.html + https://blogs.gentoo.org/ago/2017/08/14/openjpeg-memory-allocation-failure-in-opj_aligned_alloc_n-opj_malloc-c/ + + + + + + + + + + CVE-2017-13063 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-22 06:29:00 UTC + 2017-08-22 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13063.html + https://sourceforge.net/p/graphicsmagick/bugs/434/ + http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-13064 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-22 06:29:00 UTC + 2017-08-22 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13064.html + https://sourceforge.net/p/graphicsmagick/bugs/436/ + http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-13065 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-22 06:29:00 UTC + 2017-08-22 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13065.html + https://sourceforge.net/p/graphicsmagick/bugs/435/ + http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-13066 on Ubuntu 20.04 (focal) - low. + GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-22 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13066.html + https://sourceforge.net/p/graphicsmagick/bugs/430/ + + + + + + + + + + CVE-2017-13099 on Ubuntu 20.04 (focal) - medium. + wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-13 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884235 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13099.html + https://github.com/wolfSSL/wolfssl/pull/1229 + https://robotattack.org/ + http://www.kb.cert.org/vuls/id/144389 + + + + + + + + + + CVE-2017-13134 on Ubuntu 20.04 (focal) - medium. + In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-23 03:29:00 UTC + 2017-08-22 + https://github.com/ImageMagick/ImageMagick/issues/670 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873099 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13134.html + https://ubuntu.com/security/notices/USN-3681-1 + https://ubuntu.com/security/notices/USN-4222-1 + + + + mdeslaur> 0292-CVE-2017-13134-Fix-heap-based-buffer-overflow-in-SFWScan.patch in wheezy mdeslaur> 0249-CVE-2017-13134.patch in jessie mdeslaur> 0100-CVE-2017-13134.patch in stretch + + + + + + + + + + + + CVE-2017-13135 on Ubuntu 20.04 (focal) - medium. + A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. It was discovered that VideoLAN x265 mishandled certain memory-allocation failures. An attacker could use this vulnerability to cause a denial of service (crash) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-16 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13135.html + https://github.com/ebel34/bpg-web-encoder/issues/1 + + + + + + + + + + CVE-2017-13144 on Ubuntu 20.04 (focal) - negligible. + In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-23 06:29:00 UTC + 2017-08-23 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869728 + https://launchpad.net/bugs/1793485 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13144.html + https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438 + https://ubuntu.com/security/notices/USN-3681-1 + https://ubuntu.com/security/notices/USN-3785-1 + + + + mdeslaur> 0085-Avoid-a-crash-in-mpc-coder.patch in unstable mdeslaur> 0081-Avoid-a-crash-in-mpc-coder.patch in stretch mdeslaur> 0297-CVE-2017-13144-Fix-application-crash-if-image-dimensions-are-too-large.patch in wheezy mdeslaur> 0261-CVE-2017-13144.patch in jessie sbeattie> this fix introduced a regression in xenial and trusty (LP: #1793485) and was reverted for those releases in USN 3785-1 + + + + + + + + + CVE-2017-13165 on Ubuntu 20.04 (focal) - negligible. + An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-12-06 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13165.html + https://source.android.com/security/bulletin/pixel/2017-12-01 + https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a + + + + sbeattie> /proc/net/fib_trie leaks interface IP addresses sbeattie> plenty of other leaks of ip addrs exist in /proc/net/ sbeattie> likely not a general kernel issue sbeattie> S_IRUGO /proc entry added in 19baf839ff4a8daa1f2a7400897094fc18e4f5e9 sbeattie> net/ipv4/fib_trie.c::fib_proc_init() + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2017-13693 on Ubuntu 20.04 (focal) - negligible. + The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-25 08:29:00 UTC + Seunghun Han + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13693.html + https://patchwork.kernel.org/patch/9919053/ + https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 + + + + tyhicks> As of 17.04, KASLR is not yet enabled by default in Ubuntu tyhicks> See the patchwork.k.o reference for a possible fix. As of 2018-10-01, it has not yet been merged upstream. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2017-13694 on Ubuntu 20.04 (focal) - negligible. + The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-25 08:29:00 UTC + Seunghun Han + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13694.html + https://patchwork.kernel.org/patch/9806085/ + https://github.com/acpica/acpica/pull/278/commits/4a0243ecb4c94e2d73510d096c5ea4d0711fc6c0 + https://github.com/acpica/acpica/pull/278/commits/8829e70e1360c81e7a5a901b5d4f48330e021ea5 + + + + tyhicks> As of 17.04, KASLR is not yet enabled by default in Ubuntu tyhicks> See the patchwork.k.o reference for a possible fix. As of 2017-08-25, it has not yet been merged upstream. sbeattie> drivers/acpi/acpica/psobject.c::acpi_ps_complete_final_op() + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2017-13709 on Ubuntu 20.04 (focal) - medium. + In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-27 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873439 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13709.html + http://www.openwall.com/lists/oss-security/2017/08/27/1 + https://sourceforge.net/p/flightgear/flightgear/ci/2a5e3d06b2c0d9f831063afe7e7260bca456d679/ + https://sourceforge.net/p/flightgear/flightgear/ci/c7a2aef59979af3e9ff22daabb37bdaadb91cd75/ + + + + + + + + + + CVE-2017-13710 on Ubuntu 20.04 (focal) - low. + The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-27 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13710.html + https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b + https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6f8dea6798528de0fc762409595251eeeb1f547 + + + + sbeattie> commit for 2.29 is part of a larger backport + + + + + + + + + CVE-2017-13712 on Ubuntu 20.04 (focal) - low. + NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. It was discovered that LAME incorrectly handled certain audio files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 19:29:00 UTC + https://sourceforge.net/p/lame/bugs/472/ + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13712.html + + + + + + + + + + CVE-2017-13716 on Ubuntu 20.04 (focal) - low. + The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 21:29:00 UTC + Adhokshaj Mishra + https://sourceware.org/bugzilla/show_bug.cgi?id=22009 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13716.html + + + + mdeslaur> This issue is actually a libiberty issue, but there doesn't mdeslaur> appear to be a libiberty bug open for it as of 2020-10-19 + + + + + + + + + CVE-2017-13728 on Ubuntu 20.04 (focal) - negligible. + There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 06:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1484274 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13728.html + + + + + + + + + + CVE-2017-13729 on Ubuntu 20.04 (focal) - negligible. + There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 06:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1484276 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13729.html + + + + + + + + + + CVE-2017-13730 on Ubuntu 20.04 (focal) - negligible. + There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 06:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1484284 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13730.html + + + + + + + + + + CVE-2017-13731 on Ubuntu 20.04 (focal) - negligible. + There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 06:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1484285 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13731.html + + + + + + + + + + CVE-2017-13732 on Ubuntu 20.04 (focal) - negligible. + There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 06:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1484287 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13732.html + + + + + + + + + + CVE-2017-13733 on Ubuntu 20.04 (focal) - negligible. + There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 06:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1484290 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13733.html + + + + + + + + + + CVE-2017-13734 on Ubuntu 20.04 (focal) - negligible. + There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 06:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1484291 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13734.html + + + + + + + + + + CVE-2017-13735 on Ubuntu 20.04 (focal) - medium. + There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 06:29:00 UTC + 2017-08-29 + mdeslaur + https://github.com/LibRaw/LibRaw/issues/96 + https://bugzilla.redhat.com/show_bug.cgi?id=1483988 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874729 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13735.html + https://ubuntu.com/security/notices/USN-3492-1 + + + + + + + + + + + + + + + CVE-2017-13736 on Ubuntu 20.04 (focal) - low. + There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13736.html + https://bugzilla.redhat.com/show_bug.cgi?id=1484192 + + + + ebarretto> no details as of 2018-10-05. + + + + + + + + + CVE-2017-13737 on Ubuntu 20.04 (focal) - low. + There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 06:29:00 UTC + 2017-08-29 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13737.html + https://bugzilla.redhat.com/show_bug.cgi?id=1484196 + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/ + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-13755 on Ubuntu 20.04 (focal) - medium. + In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. It was discovered that The Sleuth Kit mishandled certain crafted ISO 9660 images. If an analyst were tricked into opening a malicious image, an attacker could cause a denial of service (crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 22:29:00 UTC + mikesalvatore + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873726 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13755.html + https://github.com/sleuthkit/sleuthkit/issues/913 + + + + + + + + + + CVE-2017-13756 on Ubuntu 20.04 (focal) - negligible. + In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-08-29 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873725 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13756.html + https://github.com/sleuthkit/sleuthkit/issues/914 + + + + + + + + + + CVE-2017-13775 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-30 09:29:00 UTC + 2017-08-30 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13775.html + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-13776 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-30 09:29:00 UTC + 2017-08-30 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13776.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-13777 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-30 09:29:00 UTC + 2017-08-30 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13777.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e + https://ubuntu.com/security/notices/USN-4222-1 + + + + + + + + + + CVE-2017-13783 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13783.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13784 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13784.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13785 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13785.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13788 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13788.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13791 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13791.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13792 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13792.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13793 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Hanul Choi + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13793.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13794 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13794.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13795 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13795.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13796 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13796.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13798 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13798.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13802 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13802.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13803 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 03:29:00 UTC + 2017-11-12 + 陈钦 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13803.html + https://webkitgtk.org/security/WSA-2017-0009.html + https://ubuntu.com/security/notices/USN-3481-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13856 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-25 21:29:00 UTC + 2017-12-20 + Jeonghoon Shin + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13856.html + https://webkitgtk.org/security/WSA-2017-0010.html + https://ubuntu.com/security/notices/USN-3514-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13866 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-25 21:29:00 UTC + 2017-12-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13866.html + https://webkitgtk.org/security/WSA-2017-0010.html + https://ubuntu.com/security/notices/USN-3514-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13870 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-25 21:29:00 UTC + 2017-12-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13870.html + https://webkitgtk.org/security/WSA-2017-0010.html + https://ubuntu.com/security/notices/USN-3514-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13884 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2017-12-31 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13884.html + https://webkitgtk.org/security/WSA-2018-0002.html + https://ubuntu.com/security/notices/USN-3551-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-13885 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2017-12-31 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13885.html + https://webkitgtk.org/security/WSA-2018-0002.html + https://ubuntu.com/security/notices/USN-3551-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-14042 on Ubuntu 20.04 (focal) - medium. + A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-30 22:29:00 UTC + 2017-08-30 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873538 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14042.html + https://blogs.gentoo.org/ago/2017/08/28/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c-2/ + https://sourceforge.net/p/graphicsmagick/bugs/441/ + http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d + https://ubuntu.com/security/notices/USN-4206-1 + + + + + + + + + + CVE-2017-14062 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. USN-3421-1 fixed a vulnerability in Libidn2. This update provides the corresponding update for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-31 16:29:00 UTC + 2017-08-31 + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873903 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873902 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14062.html + https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd + https://gitlab.com/libidn/libidn2/blob/master/NEWS + https://ubuntu.com/security/notices/USN-3421-1 + https://ubuntu.com/security/notices/USN-3434-1 + https://ubuntu.com/security/notices/USN-3434-2 + + + + + + + + + + CVE-2017-14098 on Ubuntu 20.04 (focal) - medium. + In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-02 16:29:00 UTC + Ross Beer + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873909 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14098.html + https://issues.asterisk.org/jira/browse/ASTERISK-27152 + http://downloads.asterisk.org/pub/security/AST-2017-007.html + http://www.securitytracker.com/id/1039253 + https://bugs.debian.org/873909 + https://gerrit.asterisk.org/#/c/6350/ + + + + + + + + + + CVE-2017-14099 on Ubuntu 20.04 (focal) - low. + In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-02 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873907 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14099.html + https://issues.asterisk.org/jira/browse/ASTERISK-27013 + http://downloads.asterisk.org/pub/security/AST-2017-005.html + http://www.securitytracker.com/id/1039251 + https://bugs.debian.org/873907 + https://rtpbleed.com + https://gerrit.asterisk.org/#/c/6356/ + + + + + + + + + + CVE-2017-14100 on Ubuntu 20.04 (focal) - medium. + In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-02 16:29:00 UTC + Corey Farrell + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873908 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14100.html + https://issues.asterisk.org/jira/browse/ASTERISK-27103 + http://downloads.asterisk.org/pub/security/AST-2017-006.html + http://www.securitytracker.com/id/1039252 + https://bugs.debian.org/873908 + + + + + + + + + + CVE-2017-14102 on Ubuntu 20.04 (focal) - medium. + MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-01 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14102.html + http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html + http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html + + + + + + + + + + CVE-2017-14107 on Ubuntu 20.04 (focal) - low. + The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. It was discovered that libzip mishandled certain malformed ZIP archives. An attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-01 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874010 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14107.html + https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/ + + + + + + + + + + CVE-2017-14108 on Ubuntu 20.04 (focal) - negligible. + libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-09-05 06:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875311 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14108.html + https://cxsecurity.com/issue/WLB-2017090008 + https://packetstormsecurity.com/files/143983/libgedit.a-3.22.1-Denial-Of-Service.html + + + + + + + + + + CVE-2017-14114 on Ubuntu 20.04 (focal) - medium. + RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-02 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874070 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14114.html + https://rtpbleed.com/ + + + + + + + + + + CVE-2017-14128 on Ubuntu 20.04 (focal) - low. + The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-04 20:29:00 UTC + Kamil Frankowicz + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14128.html + https://sourceware.org/bugzilla/show_bug.cgi?id=22059 + https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780 + + + + + + + + + + CVE-2017-14129 on Ubuntu 20.04 (focal) - low. + The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-04 20:29:00 UTC + Kamil Frankowicz + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14129.html + https://sourceware.org/bugzilla/show_bug.cgi?id=22047 + https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643 + + + + + + + + + + CVE-2017-14130 on Ubuntu 20.04 (focal) - low. + The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-04 20:29:00 UTC + Kamil Frankowicz + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14130.html + https://sourceware.org/bugzilla/show_bug.cgi?id=22058 + https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229 + + + + + + + + + + CVE-2017-14158 on Ubuntu 20.04 (focal) - low. + Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-05 17:29:00 UTC + Mikhail Korobov + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14158.html + http://blog.csdn.net/wangtua/article/details/75228728 + https://github.com/scrapy/scrapy/issues/482 + + + + msalvatore> no upstream fix as of 2019-03-06 + + + + + + + + + CVE-2017-14160 on Ubuntu 20.04 (focal) - low. + The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-21 14:29:00 UTC + https://gitlab.xiph.org/xiph/vorbis/issues/2330 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14160.html + http://www.openwall.com/lists/oss-security/2017/09/21/2 + http://www.openwall.com/lists/oss-security/2017/09/21/3 + http://openwall.com/lists/oss-security/2017/09/21/2 + + + + + + + + + + CVE-2017-14165 on Ubuntu 20.04 (focal) - medium. + The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-06 18:29:00 UTC + 2017-09-06 18:29:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14165.html + http://www.openwall.com/lists/oss-security/2017/09/06/4 + http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa + https://blogs.gentoo.org/ago/2017/09/06/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c-2/ + https://ubuntu.com/security/notices/USN-4232-1 + + + + + + + + + + CVE-2017-14226 on Ubuntu 20.04 (focal) - low. + WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-09 08:29:00 UTC + https://bugs.documentfoundation.org/show_bug.cgi?id=112269 + https://bugzilla.redhat.com/show_bug.cgi?id=1489337 + https://sourceforge.net/p/libwpd/tickets/14/ + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14226.html + + + + + + + + + + CVE-2017-14265 on Ubuntu 20.04 (focal) - medium. + A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-11 09:29:00 UTC + 2017-09-11 + mdeslaur + https://github.com/LibRaw/LibRaw/issues/99 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14265.html + https://ubuntu.com/security/notices/USN-3492-1 + + + + leosilva> the two lines entry in changelog refers for CVE-2017-13735 and this CVE respectively + + + + + + + + + + + + + + + + CVE-2017-14314 on Ubuntu 20.04 (focal) - medium. + Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-12 00:29:00 UTC + 2017-09-12 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14314.html + https://sourceforge.net/p/graphicsmagick/bugs/448/ + https://ubuntu.com/security/notices/USN-4232-1 + + + + + + + + + + CVE-2017-14333 on Ubuntu 20.04 (focal) - low. + The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-12 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14333.html + https://sourceware.org/bugzilla/show_bug.cgi?id=21990 + + + + leosilva> code in precise and trusty are quite different, needs backport sbeattie> for 2.29 branch, 64aa1246572306b72dc479b46d13ff749b0c3236 is an omnibus patch set mdeslaur> included in second CVE-2017-12450 commit + + + + + + + + + CVE-2017-14339 on Ubuntu 20.04 (focal) - medium. + The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-20 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876315 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14339.html + https://www.tarlogic.com/blog/fuzzing-yadifa-dns/ + https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog + + + + + + + + + + CVE-2017-14348 on Ubuntu 20.04 (focal) - medium. + LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-12 19:29:00 UTC + 2017-09-12 + mdeslaur + Henri Salo + https://github.com/LibRaw/LibRaw/issues/100 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14348.html + https://ubuntu.com/security/notices/USN-3492-1 + + + + + + + + + + + + + + + + + CVE-2017-14504 on Ubuntu 20.04 (focal) - medium. + ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-17 19:29:00 UTC + 2017-09-17 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14504.html + http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c + https://sourceforge.net/p/graphicsmagick/bugs/465/ + https://sourceforge.net/p/graphicsmagick/bugs/466/ + https://ubuntu.com/security/notices/USN-4232-1 + + + + + + + + + + CVE-2017-14528 on Ubuntu 20.04 (focal) - negligible. + The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-09-18 00:29:00 UTC + 2017-09-18 00:29:00 UTC + http://bugzilla.maptools.org/show_bug.cgi?id=2730 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878544 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14528.html + https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560 + https://ubuntu.com/security/notices/USN-4988-1 + + + + mdeslaur> code not present in jessie + + + + + + + + + CVE-2017-14529 on Ubuntu 20.04 (focal) - low. + The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-18 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14529.html + https://sourceware.org/bugzilla/show_bug.cgi?id=22113 + https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6 + https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582 + + + + + + + + + + CVE-2017-14603 on Ubuntu 20.04 (focal) - medium. + In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-10 01:30:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14603.html + http://downloads.asterisk.org/pub/security/AST-2017-008.html + https://issues.asterisk.org/jira/browse/ASTERISK-27274 + https://issues.asterisk.org/jira/browse/ASTERISK-27252 + + + + + + + + + + CVE-2017-14604 on Ubuntu 20.04 (focal) - low. + GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-20 08:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268 + https://bugzilla.gnome.org/show_bug.cgi?id=777991 + https://bugzilla.redhat.com/show_bug.cgi?id=1490872 + https://github.com/freedomofpress/securedrop/issues/2238 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14604.html + https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ + + + + mdeslaur> fixing this in stable releases would result in the user getting mdeslaur> an unexpected "Untrusted application launcher" dialog on existing mdeslaur> .desktop files. Dialog changes would also need new translations. + + + + + + + + + CVE-2017-14608 on Ubuntu 20.04 (focal) - medium. + In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-20 17:29:00 UTC + 2017-09-20 + mdeslaur + https://github.com/LibRaw/LibRaw/issues/101 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14608.html + https://ubuntu.com/security/notices/USN-3492-1 + + + + + + + + + + + + + + + + + CVE-2017-14609 on Ubuntu 20.04 (focal) - low. + The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-20 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14609.html + https://redmine.kannel.org/issues/771 + + + + + + + + + + CVE-2017-14635 on Ubuntu 20.04 (focal) - medium. + In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-21 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14635.html + https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/ + + + + + + + + + + CVE-2017-14649 on Ubuntu 20.04 (focal) - low. + ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-21 17:29:00 UTC + 2017-09-21 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14649.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a + https://blogs.gentoo.org/ago/2017/09/19/graphicsmagick-assertion-failure-in-pixel_cache-c/ + https://sourceforge.net/p/graphicsmagick/bugs/439/ + https://ubuntu.com/security/notices/USN-4232-1 + + + + + + + + + + CVE-2017-14686 on Ubuntu 20.04 (focal) - medium. + Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-22 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14686.html + http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 + https://bugs.ghostscript.com/show_bug.cgi?id=698540 + + + + msalvatore> see function xps_read_zip_dir() in trusty + + + + + + + + + CVE-2017-14687 on Ubuntu 20.04 (focal) - medium. + Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-22 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14687.html + http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 + https://bugs.ghostscript.com/show_bug.cgi?id=698558 + + + + + + + + + + CVE-2017-14718 on Ubuntu 20.04 (focal) - medium. + Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14718.html + https://core.trac.wordpress.org/changeset/41393 + https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-14719 on Ubuntu 20.04 (focal) - medium. + Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14719.html + https://core.trac.wordpress.org/changeset/41457 + https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-14720 on Ubuntu 20.04 (focal) - medium. + Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14720.html + https://core.trac.wordpress.org/changeset/41412 + https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-14721 on Ubuntu 20.04 (focal) - medium. + Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14721.html + https://core.trac.wordpress.org/changeset/41412 + https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-14722 on Ubuntu 20.04 (focal) - medium. + Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14722.html + https://core.trac.wordpress.org/changeset/41397 + https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-14723 on Ubuntu 20.04 (focal) - medium. + Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14723.html + https://core.trac.wordpress.org/changeset/41470 + https://core.trac.wordpress.org/changeset/41496 + https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48 + https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec + https://medium.com/websec/wordpress-sqli-bbb2afcc8e94 + https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e + https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-14724 on Ubuntu 20.04 (focal) - medium. + Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14724.html + https://core.trac.wordpress.org/changeset/41448 + https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-14725 on Ubuntu 20.04 (focal) - medium. + Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14725.html + https://core.trac.wordpress.org/changeset/41398 + https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-14726 on Ubuntu 20.04 (focal) - medium. + Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876274 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14726.html + https://core.trac.wordpress.org/changeset/41395 + https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-14727 on Ubuntu 20.04 (focal) - medium. + logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-23 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876553 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14727.html + https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556 + https://weechat.org/download/security/ + https://weechat.org/news/98/20170923-Version-1.9.1-security-release/ + + + + + + + + + + CVE-2017-14804 on Ubuntu 20.04 (focal) - medium. + The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887306 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14804.html + https://bugzilla.novell.com/show_bug.cgi?id=1069904 + + + + + + + + + + CVE-2017-14930 on Ubuntu 20.04 (focal) - low. + Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-30 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14930.html + https://sourceware.org/bugzilla/show_bug.cgi?id=22191 + https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a26a013f22a19e2c16729e64f40ef8a7dfcc086e + + + + + + + + + + CVE-2017-14932 on Ubuntu 20.04 (focal) - low. + decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-30 01:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22204 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14932.html + + + + + + + + + + CVE-2017-14934 on Ubuntu 20.04 (focal) - low. + process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-30 01:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22219 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14934.html + + + + + + + + + + CVE-2017-14938 on Ubuntu 20.04 (focal) - low. + _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-30 01:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22166 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14938.html + https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/ + + + + + + + + + + CVE-2017-14939 on Ubuntu 20.04 (focal) - low. + decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-30 01:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22169 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14939.html + https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/ + + + + + + + + + + CVE-2017-14940 on Ubuntu 20.04 (focal) - low. + scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-30 01:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22166 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14940.html + https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c/ + + + + + + + + + + CVE-2017-14990 on Ubuntu 20.04 (focal) - low. + WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-03 01:29:00 UTC + https://core.trac.wordpress.org/ticket/38474 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877629 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14990.html + + + + + + + + + + CVE-2017-14992 on Ubuntu 20.04 (focal) - low. + Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-01 17:29:00 UTC + https://github.com/moby/moby/issues/35075 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908055 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908056 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14992.html + https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/ + + + + mdeslaur> docker.io in Ubuntu doesn't appear to use the mdeslaur> golang-github-vbatts-tar-split package during build, uses mdeslaur> embedded one. + + + + + + + + + + + + CVE-2017-14994 on Ubuntu 20.04 (focal) - low. + ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-04 01:29:00 UTC + 2017-10-04 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14994.html + http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264 + https://sourceforge.net/p/graphicsmagick/bugs/512/ + https://nandynarwhals.org/CVE-2017-14994/ + https://ubuntu.com/security/notices/USN-4232-1 + + + + + + + + + + CVE-2017-14997 on Ubuntu 20.04 (focal) - low. + GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-04 01:29:00 UTC + 2017-10-04 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14997.html + https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/ + https://sourceforge.net/p/graphicsmagick/bugs/511/ + http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=0683f8724200 + https://ubuntu.com/security/notices/USN-4232-1 + + + + + + + + + + CVE-2017-15010 on Ubuntu 20.04 (focal) - medium. + A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-04 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877660 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15010.html + https://github.com/salesforce/tough-cookie/issues/92 + https://nodesecurity.io/advisories/525 + https://snyk.io/vuln/npm:tough-cookie:20170905 + + + + + + + + + + CVE-2017-15018 on Ubuntu 20.04 (focal) - medium. + LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. It was discovered that LAME incorrectly handled certain audio files. An attacker could possibly use this issue to cause a denial of service or possibly other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-05 01:29:00 UTC + https://sourceforge.net/p/lame/bugs/480/ + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15018.html + + + + + + + + + + CVE-2017-15019 on Ubuntu 20.04 (focal) - low. + LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-05 01:29:00 UTC + https://sourceforge.net/p/lame/bugs/477/ + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15019.html + + + + + + + + + + CVE-2017-15020 on Ubuntu 20.04 (focal) - low. + dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-05 01:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22202 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15020.html + https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/ + + + + + + + + + + CVE-2017-15021 on Ubuntu 20.04 (focal) - low. + bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-05 01:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22197 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15021.html + https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/ + + + + + + + + + + CVE-2017-15022 on Ubuntu 20.04 (focal) - low. + dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-05 01:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22201 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15022.html + https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/ + + + + + + + + + + CVE-2017-15024 on Ubuntu 20.04 (focal) - low. + find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-05 01:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22187 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15024.html + https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/ + + + + + + + + + + CVE-2017-15025 on Ubuntu 20.04 (focal) - low. + decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-05 01:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22186 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15025.html + https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/ + + + + + + + + + + CVE-2017-15045 on Ubuntu 20.04 (focal) - low. + LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. It was discovered that LAME incorrectly handled certain audio files. An attacker could possibly use this issue to cause a denial of service or possibly other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-06 04:29:00 UTC + https://sourceforge.net/p/lame/bugs/478/ + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15045.html + + + + + + + + + + CVE-2017-15046 on Ubuntu 20.04 (focal) - low. + LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-06 04:29:00 UTC + https://sourceforge.net/p/lame/bugs/479/ + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15046.html + + + + + + + + + + CVE-2017-15056 on Ubuntu 20.04 (focal) - low. + p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack(). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-06 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15056.html + https://github.com/upx/upx/issues/128 + https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317 + + + + + + + + + + CVE-2017-15088 on Ubuntu 20.04 (focal) - negligible. + plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-11-23 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15088.html + https://github.com/krb5/krb5/pull/707 + + + + + + + + + + CVE-2017-15090 on Ubuntu 20.04 (focal) - medium. + An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15090.html + https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html + https://downloads.powerdns.com/patches/2017-03/ + + + + + + + + + + CVE-2017-15091 on Ubuntu 20.04 (focal) - medium. + An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15091.html + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html + https://downloads.powerdns.com/patches/2017-04/ + + + + + + + + + + CVE-2017-15092 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15092.html + https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html + https://downloads.powerdns.com/patches/2017-05/ + + + + + + + + + + CVE-2017-15093 on Ubuntu 20.04 (focal) - medium. + When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15093.html + https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html + https://downloads.powerdns.com/patches/2017-06/ + + + + + + + + + + CVE-2017-15094 on Ubuntu 20.04 (focal) - low. + An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15094.html + https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html + https://downloads.powerdns.com/patches/2017-07/ + + + + + + + + + + CVE-2017-15095 on Ubuntu 20.04 (focal) - medium. + A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-06 15:29:00 UTC + 2018-02-06 15:29:00 UTC + pfsmorigo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15095.html + https://github.com/FasterXML/jackson-databind/commit/3bfbb835 + https://github.com/FasterXML/jackson-databind/issues/1680 + https://github.com/FasterXML/jackson-databind/issues/1723 + https://github.com/FasterXML/jackson-databind/issues/1737 + https://github.com/FasterXML/jackson-databind/commit/e8f043d1 + https://github.com/FasterXML/jackson-databind/commit/ddfddfba + https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43 + https://ubuntu.com/security/notices/USN-4741-1 + + + + + + + + + + + + + CVE-2017-15108 on Ubuntu 20.04 (focal) - medium. + spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-20 00:29:00 UTC + Seth Arnold + https://bugzilla.redhat.com/show_bug.cgi?id=1510864 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15108.html + + + + + + + + + + CVE-2017-15120 on Ubuntu 20.04 (focal) - medium. + An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-27 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15120.html + https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html + + + + + + + + + + CVE-2017-15131 on Ubuntu 20.04 (focal) - low. + It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-09 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15131.html + http://bugs.freedesktop.org/show_bug.cgi?id=102303 + https://bugzilla.redhat.com/show_bug.cgi?id=1412762 + + + + seth-arnold> This feels like a fundamental misunderstanding of Unix model to assume that every task run on behalf of a user will be started as a child process of bash or sh run as an interactive or login shell. seth-arnold> Environments that want a specific umask set for users should use the pam_umask(8) module as part of the login process. seth-arnold> Environments that need a specific umask set for compliance reasons should investigate the feasibility of preparing a single-purpose LSM or seccomp jail interface of some sort. + + + + + + + + + CVE-2017-15134 on Ubuntu 20.04 (focal) - medium. + A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15134.html + + + + + + + + + + CVE-2017-15135 on Ubuntu 20.04 (focal) - medium. + It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-24 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15135.html + + + + leosilva> code in trusty and xenial are quite different from patch. + + + + + + + + + CVE-2017-15139 on Ubuntu 20.04 (focal) - low. + A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-27 17:29:00 UTC + https://bugs.launchpad.net/ossn/+bug/1699573 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15139.html + https://wiki.openstack.org/wiki/OSSN/OSSN-0084 + + + + + + + + + + CVE-2017-15225 on Ubuntu 20.04 (focal) - low. + _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-10 23:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22212 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15225.html + + + + + + + + + + CVE-2017-15277 on Ubuntu 20.04 (focal) - medium. + ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-12 08:29:00 UTC + 2017-10-12 + https://github.com/ImageMagick/ImageMagick/issues/592 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878578 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15277.html + https://github.com/neex/gifoeb + https://ubuntu.com/security/notices/USN-3681-1 + https://ubuntu.com/security/notices/USN-4232-1 + + + + mdeslaur> 0328-CVE-2017-15277-Fix-information-disclosure-in-ReadGIFImage.patch in wheezy mdeslaur> 0255-CVE-2017-15277.patch in jessie mdeslaur> 0107-CVE-2017-15277.patch in stretch + + + + + + + + + + + + CVE-2017-15288 on Ubuntu 20.04 (focal) - medium. + The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-15 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15288.html + http://scala-lang.org/news/security-update-nov17.html + https://github.com/scala/scala/pull/6108 + https://github.com/scala/scala/pull/6120 + https://github.com/scala/scala/pull/6128 + + + + + + + + + + CVE-2017-15369 on Ubuntu 20.04 (focal) - medium. + The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-16 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15369.html + https://bugs.ghostscript.com/show_bug.cgi?id=698592 + http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a + + + + ratliff> reproducer segfaults on xenial without the breaking commit + + + + + + + + + CVE-2017-15566 on Ubuntu 20.04 (focal) - high. + Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. + + Ubuntu 20.04 + + + + High + Copyright (C) 2017 Canonical Ltd. + 2017-11-01 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880530 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15566.html + https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public) + https://www.schedmd.com/news.php?id=193#OPT_193 + + + + msalvatore> "This issue affects all Slurm versions from 15.08.0" + + + + + + + + + CVE-2017-15568 on Ubuntu 20.04 (focal) - medium. + In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15568.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/27186 (private) + https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448 + https://www.redmine.org/issues/27186 + + + + + + + + + + CVE-2017-15569 on Ubuntu 20.04 (focal) - medium. + In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15569.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/27186 (private) + https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508 + https://www.redmine.org/issues/27186 + + + + + + + + + + CVE-2017-15570 on Ubuntu 20.04 (focal) - medium. + In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15570.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/27186 (private) + https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b + https://www.redmine.org/issues/27186 + + + + + + + + + + CVE-2017-15571 on Ubuntu 20.04 (focal) - medium. + In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15571.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/27186 (private) + https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa + https://www.redmine.org/issues/27186 + + + + + + + + + + CVE-2017-15572 on Ubuntu 20.04 (focal) - medium. + In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15572.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/24416 (private) + https://www.redmine.org/issues/24416 + + + + + + + + + + CVE-2017-15573 on Ubuntu 20.04 (focal) - medium. + In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15573.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/25503 (private) + https://www.redmine.org/issues/25503 + + + + + + + + + + CVE-2017-15574 on Ubuntu 20.04 (focal) - medium. + In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15574.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/24199 (private) + https://www.redmine.org/issues/24199 + + + + + + + + + + CVE-2017-15575 on Ubuntu 20.04 (focal) - low. + In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15575.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/24307 (private) + https://www.redmine.org/issues/24307 + + + + + + + + + + CVE-2017-15576 on Ubuntu 20.04 (focal) - low. + Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15576.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/23803 (private) + https://www.redmine.org/issues/23803 + + + + + + + + + + CVE-2017-15577 on Ubuntu 20.04 (focal) - medium. + Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15577.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/23793 (private) + https://www.redmine.org/issues/23793 + + + + + + + + + + CVE-2017-15587 on Ubuntu 20.04 (focal) - medium. + An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 08:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879055 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15587.html + http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 + https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public) + https://nandynarwhals.org/CVE-2017-15587/ + + + + + + + + + + CVE-2017-15597 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-30 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15597.html + https://xenbits.xen.org/xsa/advisory-236.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2017-15612 on Ubuntu 20.04 (focal) - medium. + mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 08:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879098 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15612.html + https://github.com/lepture/mistune/pull/140 + + + + + + + + + + CVE-2017-15650 on Ubuntu 20.04 (focal) - medium. + musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-19 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15650.html + https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395 + http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395 + http://git.musl-libc.org/cgit/musl/tree/WHATSNEW + http://openwall.com/lists/oss-security/2017/10/19/5 + + + + + + + + + + CVE-2017-15671 on Ubuntu 20.04 (focal) - low. + The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-20 17:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22325 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879500 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15671.html + + + + mdeslaur> cvs-fix-glob-buffer-overflow.diff in xenial + + + + + + + + + CVE-2017-15691 on Ubuntu 20.04 (focal) - medium. + In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-26 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15691.html + https://uima.apache.org/security_report#CVE-2017-15691 + + + + + + + + + + CVE-2017-15698 on Ubuntu 20.04 (focal) - medium. + When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-31 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15698.html + https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E + http://svn.apache.org/r1815200 + http://svn.apache.org/r1815218 + + + + + + + + + + CVE-2017-15736 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-22 18:29:00 UTC + 2017-10-22 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15736.html + https://ubuntu.com/security/notices/USN-4536-1 + + + + + + + + + + CVE-2017-15930 on Ubuntu 20.04 (focal) - medium. + In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-27 18:29:00 UTC + 2017-10-27 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879999 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15930.html + https://sourceforge.net/p/graphicsmagick/bugs/518/ + https://ubuntu.com/security/notices/USN-4232-1 + + + + + + + + + + CVE-2017-15938 on Ubuntu 20.04 (focal) - low. + dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-27 21:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22209 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15938.html + https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/ + + + + + + + + + + CVE-2017-15939 on Ubuntu 20.04 (focal) - low. + dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-27 21:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22205 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15939.html + https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/ + + + + + + + + + + CVE-2017-15996 on Ubuntu 20.04 (focal) - low. + elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-29 17:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22361 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15996.html + + + + + + + + + + CVE-2017-16042 on Ubuntu 20.04 (focal) - medium. + Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900868 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16042.html + https://github.com/tj/node-growl/pull/61 + https://nodesecurity.io/advisories/146 + https://github.com/tj/node-growl/issues/60 + + + + + + + + + + CVE-2017-16082 on Ubuntu 20.04 (focal) - medium. + A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-07 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16082.html + https://nodesecurity.io/advisories/521 + + + + + + + + + + CVE-2017-16119 on Ubuntu 20.04 (focal) - medium. + Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-07 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927715 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16119.html + https://nodesecurity.io/advisories/526 + + + + + + + + + + CVE-2017-16129 on Ubuntu 20.04 (focal) - medium. + The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-07 02:29:00 UTC + Kornel Lesiński + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16129.html + https://github.com/visionmedia/superagent/issues/1259 + https://nodesecurity.io/advisories/479 + + + + + + + + + + CVE-2017-16138 on Ubuntu 20.04 (focal) - medium. + The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-07 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901277 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16138.html + https://github.com/broofa/node-mime/issues/167 + https://nodesecurity.io/advisories/535 + https://github.com/broofa/node-mime/commit/855d0c4b8b22e4a80b9401a81f2872058eae274d (1.x) + https://github.com/broofa/node-mime/commit/1df903fdeb9ae7eaa048795b8d580ce2c98f40b0 (2.x) + + + + + + + + + + CVE-2017-16228 on Ubuntu 20.04 (focal) - low. + Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-29 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16228.html + https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/ + https://tracker.debian.org/news/882440 + https://www.dulwich.io/code/dulwich/ + https://www.bleepingcomputer.com/news/security/git-project-patches-remote-code-execution-vulnerability-in-git/ + + + + + + + + + + CVE-2017-16229 on Ubuntu 20.04 (focal) - medium. + In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-26 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16229.html + https://github.com/ohler55/ox/issues/195 + https://rubygems.org/gems/ox/versions/2.8.1 + + + + + + + + + + CVE-2017-16248 on Ubuntu 20.04 (focal) - medium. + The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-01 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880458 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16248.html + https://rt.cpan.org/Public/Bug/Display.html?id=120558 + https://bugs.debian.org/880458 + https://metacpan.org/changes/distribution/Catalyst-Plugin-Static-Simple + + + + + + + + + + CVE-2017-16352 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-01 15:29:00 UTC + 2017-11-01 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16352.html + http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185 + https://blogs.securiteam.com/index.php/archives/3494 + https://ubuntu.com/security/notices/USN-4232-1 + + + + + + + + + + CVE-2017-16353 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-01 15:29:00 UTC + 2017-11-01 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16353.html + http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8 + https://blogs.securiteam.com/index.php/archives/3494 + https://ubuntu.com/security/notices/USN-4232-1 + + + + + + + + + + CVE-2017-16355 on Ubuntu 20.04 (focal) - medium. + In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884463 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16355.html + https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/ + https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf + http://www.openwall.com/lists/oss-security/2017/11/21/2 and following. + + + + + + + + + + CVE-2017-16510 on Ubuntu 20.04 (focal) - medium. + WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-02 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880528 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16510.html + https://wpvulndb.com/vulnerabilities/8941 + https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d + https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html + https://codex.wordpress.org/Version_4.8.3 + https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/ + + + + + + + + + + CVE-2017-16516 on Ubuntu 20.04 (focal) - low. + In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-03 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880691 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16516.html + https://github.com/brianmario/yajl-ruby/issues/176 + https://rubygems.org/gems/yajl-ruby + + + + sbeattie> issue in embedded copy of yajl, looks to affect upstream yajl, too + + + + + + + + + + + + CVE-2017-16545 on Ubuntu 20.04 (focal) - medium. + The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-05 22:29:00 UTC + 2017-11-05 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16545.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 + https://sourceforge.net/p/graphicsmagick/bugs/519/ + https://ubuntu.com/security/notices/USN-4248-1 + + + + + + + + + + CVE-2017-16547 on Ubuntu 20.04 (focal) - medium. + The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-06 05:29:00 UTC + 2017-11-06 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16547.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc + https://sourceforge.net/p/graphicsmagick/bugs/517/ + https://ubuntu.com/security/notices/USN-4248-1 + + + + + + + + + + CVE-2017-16641 on Ubuntu 20.04 (focal) - medium. + lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-07 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16641.html + https://github.com/Cacti/cacti/issues/1057 + https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e + + + + + + + + + + CVE-2017-16651 on Ubuntu 20.04 (focal) - medium. + Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-09 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16651.html + https://github.com/roundcube/roundcubemail/issues/6026 + https://github.com/roundcube/roundcubemail/releases/tag/1.1.10 + https://github.com/roundcube/roundcubemail/releases/tag/1.2.7 + https://github.com/roundcube/roundcubemail/releases/tag/1.3.3 + https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10 + + + + + + + + + + CVE-2017-16652 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16652.html + https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers + https://github.com/symfony/symfony/pull/24995 + + + + + + + + + + CVE-2017-16653 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-06 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16653.html + https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https + https://github.com/symfony/symfony/pull/24992 + + + + + + + + + + CVE-2017-16654 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-06 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16654.html + https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths + https://github.com/symfony/symfony/pull/24994 + + + + + + + + + + CVE-2017-16664 on Ubuntu 20.04 (focal) - medium. + Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-21 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882370 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16664.html + https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ + + + + + + + + + + CVE-2017-16667 on Ubuntu 20.04 (focal) - medium. + backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-08 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881205 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16667.html + https://github.com/bit-team/backintime/issues/834 + https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3 + + + + + + + + + + CVE-2017-16669 on Ubuntu 20.04 (focal) - medium. + coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-09 00:29:00 UTC + 2017-11-09 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16669.html + https://sourceforge.net/p/graphicsmagick/bugs/450/ + http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d + http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e + http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b + http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af + http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d + http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff + http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 + http://hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6 + https://ubuntu.com/security/notices/USN-4248-1 + + + + + + + + + + CVE-2017-16671 on Ubuntu 20.04 (focal) - high. + A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer. It was discovered that asterisk did not properly check the length of certain input. A remote attacker could use this vulnerability to cause a denial of service (crash) or potentially execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2017 Canonical Ltd. + 2017-11-09 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881257 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16671.html + http://downloads.digium.com/pub/security/AST-2017-010.html + http://downloads.asterisk.org/pub/security/AST-2017-010-13.diff + https://issues.asterisk.org/jira/browse/ASTERISK-27337 + + + + + + + + + + CVE-2017-16672 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-09 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881256 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16672.html + http://downloads.digium.com/pub/security/AST-2017-011.html + http://downloads.asterisk.org/pub/security/AST-2017-011-13.diff + https://issues.asterisk.org/jira/browse/ASTERISK-27345 + + + + + + + + + + CVE-2017-16804 on Ubuntu 20.04 (focal) - medium. + In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16804.html + https://www.redmine.org/issues/25713 (private) + https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc + https://www.redmine.org/issues/25713 + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2017-16805 on Ubuntu 20.04 (focal) - low. + In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-13 21:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16805.html + https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d + https://github.com/radare/radare2/issues/8813 + + + + + + + + + + CVE-2017-16820 on Ubuntu 20.04 (focal) - medium. + The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). It was discovered that collectd failed to handle certain input. An attacker could use this vulnerability to cause collectd to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-14 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881757 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16820.html + https://github.com/collectd/collectd/issues/2291 + https://bugs.debian.org/881757 + https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47 + https://github.com/collectd/collectd/releases/tag/collectd-5.6.3 + + + + + + + + + + CVE-2017-16826 on Ubuntu 20.04 (focal) - low. + The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-15 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22376 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16826.html + + + + + + + + + + CVE-2017-16827 on Ubuntu 20.04 (focal) - low. + The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-15 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22306 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16827.html + + + + + + + + + + CVE-2017-16828 on Ubuntu 20.04 (focal) - low. + The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-15 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22386 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16828.html + + + + + + + + + + CVE-2017-16831 on Ubuntu 20.04 (focal) - low. + coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-15 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22385 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16831.html + + + + + + + + + + CVE-2017-16832 on Ubuntu 20.04 (focal) - low. + The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-15 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22373 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16832.html + + + + + + + + + + CVE-2017-16837 on Ubuntu 20.04 (focal) - medium. + Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-16 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803180 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16837.html + https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/ + + + + + + + + + + CVE-2017-16854 on Ubuntu 20.04 (focal) - medium. + In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-08 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16854.html + https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/ + https://bugs.otrs.org/show_bug.cgi?id=13347 + + + + + + + + + + CVE-2017-16869 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-17 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16869.html + https://github.com/upx/upx/issues/146 + + + + + + + + + + CVE-2017-16876 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-29 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16876.html + https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98 + + + + + + + + + + CVE-2017-16879 on Ubuntu 20.04 (focal) - negligible. + Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-11-22 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882620 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16879.html + http://invisible-island.net/ncurses/NEWS.html#t20171125 + http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html + + + + seth-arnold> The Debian bug suggests tic(1) is the only caller, in which case this would be a 'low' bug; I couldn't quickly verify this claim. + + + + + + + + + CVE-2017-16909 on Ubuntu 20.04 (focal) - low. + An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2017-12-13 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16909.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19 + https://ubuntu.com/security/notices/USN-3615-1 + + + + + + + + + + + + + + + + + CVE-2017-16910 on Ubuntu 20.04 (focal) - low. + An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2017-12-13 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16910.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19 + https://ubuntu.com/security/notices/USN-3615-1 + + + + + + + + + + + + + + + + CVE-2017-16921 on Ubuntu 20.04 (focal) - medium. + In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-08 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883774 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16921.html + https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/ + https://bugs.otrs.org/show_bug.cgi?id=13357 + + + + + + + + + + CVE-2017-16926 on Ubuntu 20.04 (focal) - medium. + Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-22 08:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882372 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16926.html + https://bugs.debian.org/882372 + + + + + + + + + + CVE-2017-16927 on Ubuntu 20.04 (focal) - medium. + The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream. It was discovered that xrdp could be made to overflow a buffer and crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-23 06:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16927.html + https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA + https://github.com/neutrinolabs/xrdp/pull/958 + + + + + + + + + + CVE-2017-16933 on Ubuntu 20.04 (focal) - medium. + etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-24 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16933.html + https://github.com/Icinga/icinga2/issues/5793 + + + + + + + + + + CVE-2017-16938 on Ubuntu 20.04 (focal) - low. + A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-24 07:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878839 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16938.html + https://sourceforge.net/p/optipng/bugs/69/ + + + + mdeslaur> doesn't reproduce with default compiler options in Ubuntu + + + + + + + + + CVE-2017-17042 on Ubuntu 20.04 (focal) - medium. + lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-28 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17042.html + https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4 + + + + + + + + + + CVE-2017-17044 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-28 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17044.html + https://xenbits.xen.org/xsa/advisory-246.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2017-17045 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-28 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17045.html + https://xenbits.xen.org/xsa/advisory-247.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2017-17054 on Ubuntu 20.04 (focal) - low. + In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-29 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17054.html + https://github.com/aubio/aubio/issues/148 + + + + debian> vulnerability introduced in 0.4.3 msalvatore> It looks to me like the patch is needed in xenial and trusty + + + + + + + + + CVE-2017-17080 on Ubuntu 20.04 (focal) - low. + elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-30 21:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22421 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17080.html + + + + + + + + + + CVE-2017-17081 on Ubuntu 20.04 (focal) - low. + The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-30 21:29:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17081.html + https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-November/219748.html + + + + + + + + + + + + + + CVE-2017-17087 on Ubuntu 20.04 (focal) - low. + fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-01 08:29:00 UTC + 2017-12-01 08:29:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17087.html + http://openwall.com/lists/oss-security/2017/11/27/2 + http://security.cucumberlinux.com/security/details.php?id=166 + https://groups.google.com/d/msg/vim_dev/sRT9BtjLWMk/BRtSXNU4BwAJ + https://ubuntu.com/security/notices/USN-4582-1 + + + + + + + + + + CVE-2017-17090 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-02 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17090.html + http://downloads.digium.com/pub/security/AST-2017-013.html + https://issues.asterisk.org/jira/browse/ASTERISK-27452 + + + + + + + + + + CVE-2017-17091 on Ubuntu 20.04 (focal) - medium. + wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-02 06:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17091.html + https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c + https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ + https://codex.wordpress.org/Version_4.9.1 + + + + + + + + + + CVE-2017-17092 on Ubuntu 20.04 (focal) - medium. + wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-02 06:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17092.html + https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509 + https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ + https://codex.wordpress.org/Version_4.9.1 + + + + + + + + + + CVE-2017-17093 on Ubuntu 20.04 (focal) - medium. + wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-02 06:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17093.html + https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a + https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ + https://codex.wordpress.org/Version_4.9.1 + + + + + + + + + + CVE-2017-17094 on Ubuntu 20.04 (focal) - medium. + wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-02 06:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883314 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17094.html + https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de + https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/ + https://codex.wordpress.org/Version_4.9.1 + + + + + + + + + + CVE-2017-17121 on Ubuntu 20.04 (focal) - low. + The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-04 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22506 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17121.html + + + + + + + + + + CVE-2017-17122 on Ubuntu 20.04 (focal) - low. + The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-04 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22508 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17122.html + + + + + + + + + + CVE-2017-17123 on Ubuntu 20.04 (focal) - low. + The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-04 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22509 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17123.html + + + + + + + + + + CVE-2017-17124 on Ubuntu 20.04 (focal) - low. + The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-04 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22507 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17124.html + + + + + + + + + + CVE-2017-17125 on Ubuntu 20.04 (focal) - low. + nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-04 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22443 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17125.html + + + + + + + + + + CVE-2017-17432 on Ubuntu 20.04 (focal) - medium. + OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-06 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883602 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17432.html + https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt + https://bugs.debian.org/883602 + + + + + + + + + + CVE-2017-17446 on Ubuntu 20.04 (focal) - medium. + The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file. It was discovered that game-music-emu mishandled certain crafted input. A local attacker could use this vulnerability to cause game-music-emu to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-06 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883691 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17446.html + https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size + https://bugs.debian.org/883691 + + + + + + + + + + CVE-2017-17459 on Ubuntu 20.04 (focal) - medium. + http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-07 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17459.html + https://www.fossil-scm.org/xfer/info/1f63db591c77108c + https://bugzilla.opensuse.org/show_bug.cgi?id=1071709 + https://www.fossil-scm.org/xfer/doc/trunk/www/changes.wiki#v2_4 + + + + + + + + + + CVE-2017-17476 on Ubuntu 20.04 (focal) - medium. + Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-20 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884801 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17476.html + https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ + https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb + https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc + https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 + + + + + + + + + + CVE-2017-17485 on Ubuntu 20.04 (focal) - high. + FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2018 Canonical Ltd. + 2018-01-10 18:29:00 UTC + Changfeng Chi + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17485.html + https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0 + + + + msalvatore> The fix for CVE-2017-7525 has not yet been applied + + + + + + + + + CVE-2017-17498 on Ubuntu 20.04 (focal) - medium. + WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 02:29:00 UTC + 2017-12-11 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17498.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/f1c418ef0260 + https://sourceforge.net/p/graphicsmagick/bugs/525/ + https://ubuntu.com/security/notices/USN-4248-1 + + + + + + + + + + CVE-2017-17500 on Ubuntu 20.04 (focal) - medium. + ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 02:29:00 UTC + 2017-12-11 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17500.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931 + https://sourceforge.net/p/graphicsmagick/bugs/523/ + https://ubuntu.com/security/notices/USN-4248-1 + + + + + + + + + + CVE-2017-17501 on Ubuntu 20.04 (focal) - medium. + WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 02:29:00 UTC + 2017-12-11 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17501.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4 + https://sourceforge.net/p/graphicsmagick/bugs/526/ + https://ubuntu.com/security/notices/USN-4248-1 + + + + + + + + + + CVE-2017-17502 on Ubuntu 20.04 (focal) - medium. + ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 02:29:00 UTC + 2017-12-11 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17502.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/a9c425688397 + https://sourceforge.net/p/graphicsmagick/bugs/521/ + https://ubuntu.com/security/notices/USN-4248-1 + + + + + + + + + + CVE-2017-17503 on Ubuntu 20.04 (focal) - medium. + ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 02:29:00 UTC + 2017-12-11 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17503.html + http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad + https://sourceforge.net/p/graphicsmagick/bugs/522/ + https://ubuntu.com/security/notices/USN-4248-1 + + + + + + + + + + CVE-2017-17505 on Ubuntu 20.04 (focal) - medium. + In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. It was discovered that HDF5 incorrectly handled certain hdf5 files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17505.html + https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md + https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md + + + + + + + + + + CVE-2017-17506 on Ubuntu 20.04 (focal) - medium. + In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. It was discovered that HDF5 incorrectly handled certain hdf5 files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17506.html + https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md + https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md + + + + + + + + + + CVE-2017-17507 on Ubuntu 20.04 (focal) - medium. + In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17507.html + https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md + https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md + + + + + + + + + + CVE-2017-17508 on Ubuntu 20.04 (focal) - medium. + In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. It was discovered that HDF5 incorrectly handled certain hdf5 files. An attacker could possibly use this issue to cause a denial of service + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17508.html + https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md + https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md + + + + + + + + + + CVE-2017-17509 on Ubuntu 20.04 (focal) - medium. + In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17509.html + https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md + https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md + + + + + + + + + + CVE-2017-17511 on Ubuntu 20.04 (focal) - low. + KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885007 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17511.html + https://sources.debian.org/src/kildclient/3.1.0-1/src/worldgui.c/?hl=1159#L1159 + https://sources.debian.org/src/kildclient/3.1.0-1/src/prefs.c/?hl=324#L324 + https://security-tracker.debian.org/tracker/CVE-2017-17511 + + + + + + + + + + CVE-2017-17513 on Ubuntu 20.04 (focal) - negligible. + TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17513.html + https://sources.debian.org/src/texlive-base/2017.20171128-1/texmf-dist/tex/luatex/lualibs/lualibs-os.lua/#L153 + https://sources.debian.org/src/texlive-bin/2016.20160513.41080.dfsg-2/texk/texlive/linked_scripts/context/stubs/unix/mtxrun/#L3004 + https://sources.debian.org/src/context/2017.05.15.20170613-2/texmf-dist/scripts/context/stubs/mswin/mtxrun.lua/?hl=3424#L3424 + https://security-tracker.debian.org/tracker/CVE-2017-17513 + + + + + + + + + + + + + + CVE-2017-17514 on Ubuntu 20.04 (focal) - untriaged. + ** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17514.html + https://sources.debian.org/src/nip2/8.4.0-1/src/boxes.c/?hl=727#L727 + https://security-tracker.debian.org/tracker/CVE-2017-17514 + + + + + + + + + + CVE-2017-17515 on Ubuntu 20.04 (focal) - untriaged. + ** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17515.html + https://sources.debian.org/src/metview/4.7.2-3/share/metview/etc/ObjectList/?hl=2857#L2857 + https://security-tracker.debian.org/tracker/CVE-2017-17515 + + + + + + + + + + CVE-2017-17516 on Ubuntu 20.04 (focal) - medium. + scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17516.html + https://sources.debian.org/src/rtv/1.20.0+dfsg-1/scripts/inspect_webbrowser.py/ + https://security-tracker.debian.org/tracker/CVE-2017-17516 + + + + + + + + + + CVE-2017-17517 on Ubuntu 20.04 (focal) - medium. + libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17517.html + https://sources.debian.org/src/sylpheed/3.5.1-1/libsylph/utils.c/?hl=4292#L4292 + https://security-tracker.debian.org/tracker/CVE-2017-17517 + + + + + + + + + + CVE-2017-17518 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a "BROWSER environment variable". Instead, the "browser" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the "options" menu. The default is chosen in the ./configure script, which tests various programs, first tested is "xdg-open".” + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17518.html + https://sources.debian.org/src/whitedune/0.30.10-2.1/src/swt/motif/browser.c/?hl=159#L214 + https://security-tracker.debian.org/tracker/CVE-2017-17518 + + + + + + + + + + CVE-2017-17519 on Ubuntu 20.04 (focal) - medium. + batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17519.html + https://sources.debian.org/src/ocaml-batteries/2.6.0-1/src/batteriesConfig.mlp/?hl=23#L23 + https://security-tracker.debian.org/tracker/CVE-2017-17519 + + + + + + + + + + CVE-2017-17520 on Ubuntu 20.04 (focal) - untriaged. + ** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs." + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17520.html + https://sources.debian.org/src/tin/1:2.4.1-1/tools/url_handler.pl/?hl=120#L120 + https://security-tracker.debian.org/tracker/CVE-2017-17520 + + + + + + + + + + CVE-2017-17521 on Ubuntu 20.04 (focal) - low. + uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17521.html + https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285 + https://security-tracker.debian.org/tracker/CVE-2017-17521 + + + + + + + + + + CVE-2017-17523 on Ubuntu 20.04 (focal) - medium. + lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-11 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17523.html + https://bugs.debian.org/881767 + + + + + + + + + + CVE-2017-17524 on Ubuntu 20.04 (focal) - medium. + library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17524.html + https://sources.debian.org/src/swi-prolog/7.2.3+dfsg-1/library/www_browser.pl/?hl=68#L68 + https://security-tracker.debian.org/tracker/CVE-2017-17524 + + + + + + + + + + CVE-2017-17526 on Ubuntu 20.04 (focal) - medium. + Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17526.html + https://sources.debian.org/src/giac/1.2.3.57+dfsg1-2/src/Input.cc/?hl=68#L77 + https://security-tracker.debian.org/tracker/CVE-2017-17526 + + + + + + + + + + CVE-2017-17528 on Ubuntu 20.04 (focal) - medium. + backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17528.html + https://sources.debian.org/src/scummvm/1.9.0+dfsg-2/backends/platform/sdl/posix/posix.cpp/?hl=274#L274 + https://security-tracker.debian.org/tracker/CVE-2017-17528 + + + + + + + + + + CVE-2017-17529 on Ubuntu 20.04 (focal) - negligible. + af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17529.html + https://sources.debian.org/src/abiword/3.0.2-5/src/af/util/xp/ut_go_file.cpp/#L1717 + https://security-tracker.debian.org/tracker/CVE-2017-17529 + + + + ebarretto> According to Debian: ebarretto> non-issue, nothing exploitable, should be rejected + + + + + + + + + CVE-2017-17530 on Ubuntu 20.04 (focal) - medium. + common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17530.html + https://sources.debian.org/src/geomview/1.9.5-1/src/bin/geomview/common/help.c/?hl=51#L83 + https://security-tracker.debian.org/tracker/CVE-2017-17530 + + + + + + + + + + CVE-2017-17531 on Ubuntu 20.04 (focal) - medium. + gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17531.html + https://sources.debian.org/src/global/4.8.6-2/gozilla/gozilla.c/#L269 + https://security-tracker.debian.org/tracker/CVE-2017-17531 + + + + + + + + + + CVE-2017-17533 on Ubuntu 20.04 (focal) - untriaged. + ** DISPUTED ** default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the attack cannot occur because of the argument-parsing behavior of the Tcl exec function. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2017 Canonical Ltd. + 2017-12-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17533.html + https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118 + https://security-tracker.debian.org/tracker/CVE-2017-17533 + + + + + + + + + + CVE-2017-17554 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-12 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884237 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17554.html + https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md + + + + debian> Vulnerability introduced in 0.4.3 + + + + + + + + + CVE-2017-17555 on Ubuntu 20.04 (focal) - low. + The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-12 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884232 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17555.html + https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md + https://github.com/aubio/aubio/issues/137 + + + + + + + + + + CVE-2017-17563 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-12 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17563.html + https://xenbits.xen.org/xsa/advisory-249.html + http://www.openwall.com/lists/oss-security/2017/12/12/2 + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2017-17564 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-12 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17564.html + https://xenbits.xen.org/xsa/advisory-250.html + http://www.openwall.com/lists/oss-security/2017/12/12/3 + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2017-17565 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-12 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17565.html + https://xenbits.xen.org/xsa/advisory-251.html + http://www.openwall.com/lists/oss-security/2017/12/12/5 + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2017-17566 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-12 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17566.html + https://xenbits.xen.org/xsa/advisory-248.html + http://www.openwall.com/lists/oss-security/2017/12/12/4 + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2017-17663 on Ubuntu 20.04 (focal) - medium. + The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-06 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17663.html + http://acme.com/updates/archive/199.html + + + + + + + + + + CVE-2017-17664 on Ubuntu 20.04 (focal) - medium. + A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-13 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17664.html + http://downloads.digium.com/pub/security/AST-2017-012.html + https://issues.asterisk.org/jira/browse/ASTERISK-27382 + https://issues.asterisk.org/jira/browse/ASTERISK-27429 + + + + + + + + + + CVE-2017-17670 on Ubuntu 20.04 (focal) - medium. + In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-15 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17670.html + http://www.openwall.com/lists/oss-security/2017/12/15/1 + http://openwall.com/lists/oss-security/2017/12/15/1 + https://www.openwall.com/lists/oss-security/2017/12/15/5 + + + + mikesalvatore> According to the openwall thread, "the VLC project probably won't backport a fix to 2.2.x." I'm deferring this CVE. + + + + + + + + + CVE-2017-17689 on Ubuntu 20.04 (focal) - medium. + The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-16 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898633 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898634 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898631 + https://bugzilla.gnome.org/show_bug.cgi?id=796135 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17689.html + https://efail.de + + + + mdeslaur> evolution upstream doesn't belive this is an issue, marking as mdeslaur> not-affected mdeslaur> in thunderbird, this was called CVE-2018-5162 + + + + + + + + + + + + CVE-2017-17742 on Ubuntu 20.04 (focal) - medium. + Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. It was discovered that JRuby mishandled newline characters in HTTP response headers. A remote attacker could use this vulnerability to display malicious content to HTTP clients. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 22:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17742.html + https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/ + https://ubuntu.com/security/notices/USN-3685-1 + + + + + + + + + + CVE-2017-17782 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-20 09:29:00 UTC + 2017-12-20 09:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884905 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17782.html + http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c + https://sourceforge.net/p/graphicsmagick/bugs/530/ + https://ubuntu.com/security/notices/USN-4248-1 + + + + + + + + + + CVE-2017-17784 on Ubuntu 20.04 (focal) - low. + In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-20 09:29:00 UTC + 2017-12-20 + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884925 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17784.html + https://bugzilla.gnome.org/show_bug.cgi?id=790784 + https://git.gnome.org/browse/gimp/commit/?id=06d24a79af94837d615d0024916bb95a01bf3c59 (master) + https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270 (gimp-2-8) + http://www.openwall.com/lists/oss-security/2017/12/19/5 + https://ubuntu.com/security/notices/USN-3539-1 + + + + + + + + + + CVE-2017-17785 on Ubuntu 20.04 (focal) - low. + In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-20 09:29:00 UTC + 2017-12-20 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884836 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17785.html + https://bugzilla.gnome.org/show_bug.cgi?id=739133 + http://www.openwall.com/lists/oss-security/2017/12/19/5 + https://ubuntu.com/security/notices/USN-3539-1 + + + + + + + + + + CVE-2017-17786 on Ubuntu 20.04 (focal) - low. + In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-20 09:29:00 UTC + 2017-12-20 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884862 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17786.html + https://bugzilla.gnome.org/show_bug.cgi?id=739134 + https://git.gnome.org/browse/gimp/commit/?id=674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b (master) + https://git.gnome.org/browse/gimp/commit/?id=8ea316667c8a3296bce2832b3986b58d0fdfc077 (master) + https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=ef9c821fff8b637a2178eab1c78cae6764c50e12 (gimp-2-8) + https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366 (gimp-2-8) + http://www.openwall.com/lists/oss-security/2017/12/19/5 + https://ubuntu.com/security/notices/USN-3539-1 + + + + + + + + + + CVE-2017-17787 on Ubuntu 20.04 (focal) - low. + In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-20 09:29:00 UTC + 2017-12-20 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884927 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17787.html + https://git.gnome.org/browse/GIMP/commit/?id=eb2980683e6472aff35a3117587c4f814515c74d (master) + https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d (gimp-2-8) + https://bugzilla.gnome.org/show_bug.cgi?id=790853 + http://www.openwall.com/lists/oss-security/2017/12/19/5 + https://ubuntu.com/security/notices/USN-3539-1 + + + + + + + + + + CVE-2017-17788 on Ubuntu 20.04 (focal) - low. + In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-20 09:29:00 UTC + 2017-12-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17788.html + https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126 (master) + https://bugzilla.gnome.org/show_bug.cgi?id=790783 + http://www.openwall.com/lists/oss-security/2017/12/19/5 + https://ubuntu.com/security/notices/USN-3539-1 + + + + + + + + + + CVE-2017-17789 on Ubuntu 20.04 (focal) - low. + In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-20 09:29:00 UTC + 2017-12-20 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884837 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17789.html + https://bugzilla.gnome.org/show_bug.cgi?id=790849 + https://git.gnome.org/browse/GIMP/commit/?id=28e95fbeb5720e6005a088fa811f5bf3c1af48b8 (master) + https://git.gnome.org/browse/GIMP/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f (gimp-2-8) + http://www.openwall.com/lists/oss-security/2017/12/19/5 + https://ubuntu.com/security/notices/USN-3539-1 + + + + + + + + + + CVE-2017-17821 on Ubuntu 20.04 (focal) - medium. + WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-21 03:29:00 UTC + https://bugs.webkit.org/show_bug.cgi?id=181020 (not public) + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17821.html + https://github.com/dwfault/PoCs/blob/master/WebKit%20Misuse%20of%20WTF:wtf:FastBitVector%20result%20in%20potential%20BOF/WebKit%20Misuse%20of%20WTF:wtf:FastBitVector%20result%20in%20potential%20BOF.md + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 mdeslaur> as of 2018-03-19, no details if this affects webkit2gtk mdeslaur> This still wasn't mentioned in webkit2gtk advisories as of mdeslaur> 2018-04-04, so marking as not-affected + + + + + + + + + CVE-2017-17850 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 17:08:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885072 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17850.html + http://downloads.asterisk.org/pub/security/AST-2017-014.html + https://issues.asterisk.org/jira/browse/ASTERISK-27480 + http://www.securitytracker.com/id/1040056 + + + + + + + + + + CVE-2017-17858 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-22 15:29:00 UTC + https://bugs.ghostscript.com/show_bug.cgi?id=698819 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17858.html + https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md + + + + + + + + + + CVE-2017-17866 on Ubuntu 20.04 (focal) - low. + pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 17:08:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885120 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17866.html + https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public) + http://www.ghostscript.com/cgi-bin/findgit.cgi?520cc26d18c9ee245b56e9e91f9d4fcae02be5f0 + https://bugs.ghostscript.com/show_bug.cgi?id=698699 + + + + + + + + + + CVE-2017-17912 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 17:08:00 UTC + 2017-12-27 17:08:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17912.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f + https://sourceforge.net/p/graphicsmagick/bugs/533/ + https://ubuntu.com/security/notices/USN-4266-1 + + + + + + + + + + CVE-2017-17915 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 17:08:00 UTC + 2017-12-27 17:08:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17915.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a + https://sourceforge.net/p/graphicsmagick/bugs/535/ + https://ubuntu.com/security/notices/USN-4266-1 + + + + + + + + + + CVE-2017-17916 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-29 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17916.html + https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/ + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2017-17917 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-29 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17917.html + https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/ + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2017-17919 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-29 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17919.html + https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/ + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2017-17920 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-29 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17920.html + https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/ + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2017-17942 on Ubuntu 20.04 (focal) - low. + In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-28 06:29:00 UTC + http://bugzilla.maptools.org/show_bug.cgi?id=2767 (old) + https://gitlab.com/libtiff/libtiff/issues/120 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885579 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17942.html + + + + mdeslaur> probably a dupe of CVE-2016-5319 mdeslaur> as of 2021-02-24, no upstream fix + + + + + + + + + CVE-2017-18009 on Ubuntu 20.04 (focal) - medium. + In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-01 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18009.html + https://github.com/opencv/opencv/issues/10479 + + + + + + + + + + CVE-2017-18018 on Ubuntu 20.04 (focal) - low. + In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-04 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18018.html + http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html + http://www.openwall.com/lists/oss-security/2018/01/04/3 + https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html + https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html + + + + + + + + + + CVE-2017-18021 on Ubuntu 20.04 (focal) - medium. + It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-05 19:29:00 UTC + Jason A. Donenfeld + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18021.html + https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html + https://github.com/IJHack/QtPass/issues/338 + https://github.com/IJHack/QtPass/releases/tag/v1.2.1 + https://qtpass.org/ + + + + + + + + + + CVE-2017-18026 on Ubuntu 20.04 (focal) - medium. + Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-10 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18026.html + https://www.redmine.org/issues/27516 (private) + https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd + https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678 + https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e + https://www.redmine.org/issues/27516 + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2017-18120 on Ubuntu 20.04 (focal) - low. + A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421. It was discovered that Gifsicle did not properly handle certain input. If a user were tricked into opening a malicious GIF, an attacker could potentially execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-02 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18120.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878739 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120 + https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909 + https://github.com/kohler/gifsicle/commit/263cd4519f45bc6ecde74ee280eb1d68ee2de642 + https://github.com/kohler/gifsicle/issues/117 + + + + + + + + + + CVE-2017-18121 on Ubuntu 20.04 (focal) - medium. + The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-02 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18121.html + https://simplesamlphp.org/security/201709-01 + https://github.com/simplesamlphp/simplesamlphp/commit/34e1bdb7660c0c9b627f8e5f0ca224a6afe641a8 (v1.14.16) + + + + + + + + + + CVE-2017-18122 on Ubuntu 20.04 (focal) - medium. + A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-02 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18122.html + https://simplesamlphp.org/security/201710-01 + https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca (v1.14.17) + + + + + + + + + + CVE-2017-18123 on Ubuntu 20.04 (focal) - medium. + The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-03 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889281 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18123.html + https://github.com/splitbrain/dokuwiki/issues/2029 + https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86 + https://github.com/splitbrain/dokuwiki/pull/2019 + https://hackerone.com/reports/238316 + https://vulnhive.com/2018/000004 + + + + + + + + + + CVE-2017-18188 on Ubuntu 20.04 (focal) - medium. + OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be run. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-14 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973246 + https://github.com/OpenRC/opentmpfiles/issues/3 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18188.html + https://github.com/OpenRC/opentmpfiles/issues/3 + + + + + + + + + + CVE-2017-18191 on Ubuntu 20.04 (focal) - low. + An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-19 17:29:00 UTC + Lee Yarwood + https://launchpad.net/bugs/1739593 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18191.html + https://review.openstack.org/539893 + + + + + + + + + + CVE-2017-18196 on Ubuntu 20.04 (focal) - low. + Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif. It was discovered that Leptonica incorrectly handled path names. An attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-23 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885704 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18196.html + https://bugs.debian.org/885704 + + + + + + + + + + CVE-2017-18197 on Ubuntu 20.04 (focal) - medium. + In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-24 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18197.html + https://github.com/jgraph/mxgraph/issues/124 + + + + + + + + + + CVE-2017-18198 on Ubuntu 20.04 (focal) - low. + print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-24 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18198.html + https://savannah.gnu.org/bugs/?52265 + http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz + + + + + + + + + + CVE-2017-18199 on Ubuntu 20.04 (focal) - low. + realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-24 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18199.html + https://savannah.gnu.org/bugs/?52264 + http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz + + + + + + + + + + CVE-2017-18201 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-26 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18201.html + + + + leosilva> code not present in trusty, xenial and artful. + + + + + + + + + CVE-2017-18207 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18207.html + https://bugs.python.org/issue32056 + + + + mdeslaur> this is disputed, marking as ignored + + + + + + + + + CVE-2017-18214 on Ubuntu 20.04 (focal) - low. + The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. It was discovered that moment mishandled certain regular expressions. An attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-04 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18214.html + https://github.com/moment/moment/commit/69ed9d44957fa6ab12b73d2ae29d286a857b80eb + https://github.com/moment/moment/pull/4326 + https://github.com/moment/moment/issues/4163 + https://nodesecurity.io/advisories/532 + + + + + + + + + + CVE-2017-18219 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-05 22:29:00 UTC + 2018-03-05 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18219.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa + https://sourceforge.net/p/graphicsmagick/bugs/459/ + https://ubuntu.com/security/notices/USN-4266-1 + + + + + + + + + + CVE-2017-18229 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 02:29:00 UTC + 2018-03-14 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18229.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32 + https://sourceforge.net/p/graphicsmagick/bugs/461/ + https://ubuntu.com/security/notices/USN-4266-1 + + + + + + + + + + CVE-2017-18230 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 02:29:00 UTC + 2018-03-14 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18230.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f + https://sourceforge.net/p/graphicsmagick/bugs/473/ + https://ubuntu.com/security/notices/USN-4266-1 + + + + + + + + + + CVE-2017-18231 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 02:29:00 UTC + 2018-03-14 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18231.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b + https://sourceforge.net/p/graphicsmagick/bugs/475/ + https://ubuntu.com/security/notices/USN-4266-1 + + + + + + + + + + CVE-2017-18264 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-01 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18264.html + https://www.phpmyadmin.net/security/PMASA-2017-8/ + https://github.com/phpmyadmin/phpmyadmin/commit/7232271a379396ca1d4b083af051262057003c41 (4.7-branch) + https://github.com/phpmyadmin/phpmyadmin/commit/b6ca92cc75c8a16001425be7881e73430bcc35b8 (4.0-branch) + + + + + + + + + + CVE-2017-18343 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18343.html + https://github.com/barryvdh/laravel-debugbar/issues/850 + https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c + https://github.com/symfony/symfony/issues/27987 + https://github.com/symfony/symfony/pull/23684 + + + + + + + + + + CVE-2017-18594 on Ubuntu 20.04 (focal) - low. + nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 00:15:00 UTC + https://github.com/nmap/nmap/issues/1077 + https://github.com/nmap/nmap/issues/1227 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18594.html + https://github.com/AMatchandaHaystack/Research/blob/master/Nmap%26libsshDF + https://seclists.org/nmap-announce/2019/0 + https://seclists.org/nmap-dev/2018/q2/45 + + + + + + + + + + CVE-2017-18638 on Ubuntu 20.04 (focal) - medium. + send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. It was discovered that Graphite insecurely handled certain crafted input on the send_email functionality. A remote attacker could possibly use this issue to exfiltrate sensitive information, resulting in a SSRF attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-11 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18638.html + https://github.com/graphite-project/graphite-web/issues/2008 + https://github.com/graphite-project/graphite-web/pull/2499 + https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf + https://github.com/graphite-project/graphite-web/security/advisories/GHSA-vfj6-275q-4pvm + https://www.youtube.com/watch?v=ds4Gp4xoaeA + + + + + + + + + + CVE-2017-18640 on Ubuntu 20.04 (focal) - medium. + The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-12 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18640.html + https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion + https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages + + + + amurray| Upstream dispute this as a valid CVE - https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion#comment-55227358 - and they added a test-case for this type of attack of 2 years ago https://bitbucket.org/asomov/snakeyaml/commits/04378d05777d21d114a9cdc24976ad49c8919222 so this would appear to be a non-issue + + + + + + + + + CVE-2017-18641 on Ubuntu 20.04 (focal) - medium. + In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-10 01:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18641.html + https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template. + + + + mdeslaur> in lxc 3.0, the old templates were split out into the mdeslaur> lxc-templates package and distrobuilder is now used instead. mdeslaur> https://github.com/lxc/lxc/commit/aafb5ea2a849056f9866359996605af0290605bd mdeslaur> mdeslaur> as of 2020-05-13, no complete fix for the issues are available + + + + + + + + + + + + CVE-2017-18869 on Ubuntu 20.04 (focal) - medium. + A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18869.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863985 + https://bugzilla.redhat.com/show_bug.cgi?id=1611614 + https://github.com/isaacs/chownr/issues/14 + https://snyk.io/vuln/npm:chownr:20180731 + + + + + + + + + + CVE-2017-18922 on Ubuntu 20.04 (focal) - medium. + It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-30 11:15:00 UTC + 2020-06-30 11:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1852356 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18922.html + https://www.openwall.com/lists/oss-security/2020/06/30/2 + https://ubuntu.com/security/notices/USN-4407-1 + + + + + + + + + + + + + + CVE-2017-18925 on Ubuntu 20.04 (focal) - medium. + opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-26 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973242 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18925.html + https://github.com/OpenRC/opentmpfiles/issues/4 + + + + + + + + + + CVE-2017-18926 on Ubuntu 20.04 (focal) - medium. + raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 18:15:00 UTC + 2020-11-06 18:15:00 UTC + mdeslaur + Hanno Böck + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973889 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18926.html + https://www.openwall.com/lists/oss-security/2017/06/07/1 + https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 + https://lists.debian.org/debian-lts-announce/2020/11/msg00012.html + https://www.debian.org/security/2020/dsa-4785 + https://ubuntu.com/security/notices/USN-4630-1 + + + + + + + + + + CVE-2017-20006 on Ubuntu 20.04 (focal) - medium. + UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-20006.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373 + https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml + + + + + + + + + + CVE-2017-2292 on Ubuntu 20.04 (focal) - medium. + Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-30 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866711 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2292.html + https://puppet.com/security/cve/cve-2017-2292 + https://github.com/puppetlabs/marionette-collective/commit/e0e741889f5adeb8f75387037106b0d28a9099b0 + + + + + + + + + + CVE-2017-2295 on Ubuntu 20.04 (focal) - medium. + Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-05 15:29:00 UTC + 2017-05-25 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2295.html + https://puppet.com/security/cve/cve-2017-2295 + https://ubuntu.com/security/notices/USN-3308-1 + + + + + + + + + + CVE-2017-2299 on Ubuntu 20.04 (focal) - medium. + Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-15 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2299.html + https://puppet.com/security/cve/CVE-2017-2299 + + + + + + + + + + CVE-2017-2367 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2367.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2376 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-10 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2376.html + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2377 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2377.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2378 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2378.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207617 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2017-2386 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2386.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2392 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2392.html + https://support.apple.com/HT207600 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2394 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2394.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2395 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2395.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2396 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2396.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2405 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2405.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2415 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2415.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207602 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2419 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2419.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2424 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2424.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207617 + https://webkitgtk.org/security/WSA-2017-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2433 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2433.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2442 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2442.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2445 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2445.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2446 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2446.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2447 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2447.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2454 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2454.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2455 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2455.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2457 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2457.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2459 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2459.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2460 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2460.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2463 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2463.html + http://zerodayinitiative.com/advisories/ZDI-17-241/ + https://support.apple.com/HT207599 + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207607 + https://support.apple.com/HT207617 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2017-2464 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2464.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2465 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2465.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2466 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2466.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2468 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2468.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2469 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2469.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2470 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2470.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2471 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2471.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207602 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2475 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2475.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2476 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2476.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2479 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2479.html + https://support.apple.com/HT207599 + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207607 + https://support.apple.com/HT207617 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2017-2480 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2480.html + https://support.apple.com/HT207599 + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207607 + https://support.apple.com/HT207617 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2017-2481 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + 2017-04-01 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2481.html + http://zerodayinitiative.com/advisories/ZDI-17-191/ + https://support.apple.com/HT207600 + https://support.apple.com/HT207601 + https://support.apple.com/HT207617 + https://www.webkitgtk.org/security/WSA-2017-0003.html + https://ubuntu.com/security/notices/USN-3257-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2486 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-02 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2486.html + https://support.apple.com/HT207600 + https://support.apple.com/HT207617 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2017-2496 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + 2017-05-22 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2496.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/2017/05/24/webkitgtk2.16.3-released.html + https://webkitgtk.org/security/WSA-2017-0004.html + https://ubuntu.com/security/notices/USN-3303-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2499 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to execute arbitrary unsigned code or cause a denial of service (memory corruption) via a crafted app. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2499.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2017-2504 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2504.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2505 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2505.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2506 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2506.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2508 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2508.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2510 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + 2017-05-22 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2510.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/2017/05/24/webkitgtk2.16.3-released.html + https://webkitgtk.org/security/WSA-2017-0004.html + https://ubuntu.com/security/notices/USN-3303-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2514 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2514.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2515 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2515.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2521 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2521.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207800 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2525 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2525.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2526 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2526.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2528 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2528.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2530 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2530.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207803 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2531 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2531.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2536 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2536.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2538 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + 2017-05-22 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2538.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0005.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2539 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + 2017-05-22 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2539.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/2017/05/24/webkitgtk2.16.3-released.html + https://webkitgtk.org/security/WSA-2017-0004.html + https://ubuntu.com/security/notices/USN-3303-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2544 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2544.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2547 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2547.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2549 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2549.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-2591 on Ubuntu 20.04 (focal) - medium. + 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-30 12:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851769 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2591.html + https://fedorahosted.org/389/ticket/48986 + + + + leosilva> the project changed its site. That's the current one: https://pagure.io/389-ds-base leosilva> for commits from the older site, just copy the sha and paste with /c/<sha-commit> + + + + + + + + + CVE-2017-2622 on Ubuntu 20.04 (focal) - medium. + An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-27 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2622.html + https://bugzilla.redhat.com/show_bug.cgi?id=1420992 + + + + + + + + + + CVE-2017-2625 on Ubuntu 20.04 (focal) - low. + It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-27 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856399 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2625.html + https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ + http://openwall.com/lists/oss-security/2017/03/01/1 + + + + tyhicks> 1.1.2 and lower are affected + + + + + + + + + CVE-2017-2626 on Ubuntu 20.04 (focal) - low. + It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-27 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856400 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2626.html + https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ + http://openwall.com/lists/oss-security/2017/03/01/1 + + + + + + + + + + CVE-2017-2661 on Ubuntu 20.04 (focal) - medium. + ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-12 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858379 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2661.html + https://bugzilla.redhat.com/show_bug.cgi?id=1428948 + + + + + + + + + + CVE-2017-2666 on Ubuntu 20.04 (focal) - medium. + It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-27 14:29:00 UTC + Radim Hatlapatka + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405 + https://bugzilla.redhat.com/show_bug.cgi?id=1436163 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2666.html + + + + + + + + + + CVE-2017-2668 on Ubuntu 20.04 (focal) - medium. + 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-22 13:29:00 UTC + Joachim Jabs + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860125 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2668.html + https://bugzilla.redhat.com/show_bug.cgi?id=1436575 + https://pagure.io/389-ds-base/issue/49184 + https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch + + + + + + + + + + CVE-2017-2670 on Ubuntu 20.04 (focal) - medium. + It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-27 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405 + https://bugzilla.redhat.com/show_bug.cgi?id=1438885 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2670.html + + + + + + + + + + CVE-2017-2800 on Ubuntu 20.04 (focal) - medium. + A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-24 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862154 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2800.html + http://www.talosintelligence.com/reports/TALOS-2017-0293/ + + + + + + + + + + CVE-2017-2807 on Ubuntu 20.04 (focal) - medium. + An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-05 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2807.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303 + https://github.com/ledger/ledger/commit/5682f377aed5b0db6b6c4a44b1d8868103b7e9f7 + + + + + + + + + + CVE-2017-2808 on Ubuntu 20.04 (focal) - medium. + An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-05 18:29:00 UTC + Cory Duplantis + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2808.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304 + https://github.com/ledger/ledger/commit/f3bad93db256db07b6cb831d4d24f47543f57e4a + + + + + + + + + + CVE-2017-2824 on Ubuntu 20.04 (focal) - high. + An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability. It was discovered that Zabbix incorrectly handled certain requests. A remote attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2017 Canonical Ltd. + 2017-05-24 14:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/zabbix/+bug/1712993 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2824.html + http://www.talosintelligence.com/reports/TALOS-2017-0325/ + http://www.talosintelligence.com/reports/TALOS-2017-0326/ + + + + + + + + + + CVE-2017-2825 on Ubuntu 20.04 (focal) - high. + In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability. It was discovered that Zabbix incorrectly handled certain requests. A remote attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2018 Canonical Ltd. + 2018-04-20 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863584 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2825.html + http://www.talosintelligence.com/reports/TALOS-2017-0326%20/ + https://support.zabbix.com/browse/ZBX-12075 + + + + + + + + + + CVE-2017-2896 on Ubuntu 20.04 (focal) - medium. + An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-20 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2896.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403 + + + + + + + + + + CVE-2017-2897 on Ubuntu 20.04 (focal) - medium. + An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-20 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2897.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404 + + + + + + + + + + CVE-2017-2899 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2899.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0406 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + + + + + + + + + + CVE-2017-2900 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2900.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + + + + + + + + + + CVE-2017-2901 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2901.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + + + + + + + + + + CVE-2017-2902 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2902.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + + + + + + + + + + CVE-2017-2903 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2903.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + + + + + + + + + + CVE-2017-2904 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2904.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + + + + + + + + + + CVE-2017-2905 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2905.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + + + + + + + + + + CVE-2017-2906 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2906.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + + + + + + + + + + CVE-2017-2907 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2907.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + + + + + + + + + + CVE-2017-2908 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2908.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415 + https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + + + + + + + + + + CVE-2017-2910 on Ubuntu 20.04 (focal) - medium. + An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-02 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2910.html + https://talosintelligence.com/vulnerability_reports/TALOS-2017-0417 + + + + + + + + + + CVE-2017-2918 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2918.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425 + + + + + + + + + + CVE-2017-2919 on Ubuntu 20.04 (focal) - medium. + An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-20 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2919.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426 + + + + + + + + + + CVE-2017-3163 on Ubuntu 20.04 (focal) - medium. + When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. Hrishikesh Gadre discovered that Apache Solr did not validate the file name, hence an attacker could possible to craft a special request involving path traversal that could made it crash and provoke a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-30 14:29:00 UTC + Hrishikesh Gadre + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-3163.html + https://issues.apache.org/jira/browse/SOLR-10031 + + + + + + + + + + CVE-2017-3164 on Ubuntu 20.04 (focal) - low. + Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-08 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922242 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-3164.html + https://issues.apache.org/jira/browse/SOLR-12770 + + + + + + + + + + CVE-2017-3204 on Ubuntu 20.04 (focal) - low. + The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-04 14:59:00 UTC + Phil Pennock + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859655 + https://github.com/golang/go/issues/19767 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-3204.html + https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/ + https://godoc.org/golang.org/x/crypto/ssh + + + + jdstrand> ubuntu-snappy and snapd contain embedded copies of golang-go.crypto tyhicks> snapd doesn't use this particular part of golang-go.crypto as it doesn't act as a SSH client + + + + + + + + + + + + CVE-2017-3224 on Ubuntu 20.04 (focal) - low. + Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-24 15:29:00 UTC + Adi Sosnovich, Orna Grumberg, and Gabi Nakibly + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871617 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-3224.html + http://www.kb.cert.org/vuls/id/793496 + + + + mdeslaur> no upstream fix as of 2018-02-19 + + + + + + + + + CVE-2017-3590 on Ubuntu 20.04 (focal) - low. + Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-24 19:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-3590.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html + + + + + + + + + + CVE-2017-4965 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-06-13 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-4965.html + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9 + + + + + + + + + + CVE-2017-4966 on Ubuntu 20.04 (focal) - low. + An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-13 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-4966.html + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9 + + + + + + + + + + CVE-2017-4967 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-06-13 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-4967.html + https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9 + + + + + + + + + + CVE-2017-5206 on Ubuntu 20.04 (focal) - medium. + Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-23 16:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850558 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5206.html + + + + + + + + + + CVE-2017-5207 on Ubuntu 20.04 (focal) - medium. + Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-23 16:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850528 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5207.html + https://github.com/netblue30/firejail/issues/1023 + http://www.openwall.com/lists/oss-security/2017/01/07/3 + + + + + + + + + + CVE-2017-5209 on Ubuntu 20.04 (focal) - negligible. + The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-01-11 16:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851196 + https://github.com/libimobiledevice/libplist/issues/84 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5209.html + + + + + + + + + + CVE-2017-5223 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-16 06:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5223.html + http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/ + https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md + + + + + + + + + + CVE-2017-5361 on Ubuntu 20.04 (focal) - low. + Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-03 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5361.html + + + + + + + + + + CVE-2017-5367 on Ubuntu 20.04 (focal) - medium. + Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-06 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5367.html + http://seclists.org/bugtraq/2017/Feb/6 + http://seclists.org/fulldisclosure/2017/Feb/11 + http://www.openwall.com/lists/oss-security/2017/02/05/1 + + + + + + + + + + CVE-2017-5368 on Ubuntu 20.04 (focal) - medium. + ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-06 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5368.html + http://seclists.org/bugtraq/2017/Feb/6 + http://seclists.org/fulldisclosure/2017/Feb/11 + http://www.openwall.com/lists/oss-security/2017/02/05/1 + https://github.com/ZoneMinder/ZoneMinder/issues/1803 + https://github.com/ZoneMinder/zoneminder/pull/1822 + + + + + + + + + + CVE-2017-5470 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-06-14 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5470.html + https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/ + https://ubuntu.com/security/notices/USN-3315-1 + https://ubuntu.com/security/notices/USN-3321-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2017-5471 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-06-14 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5471.html + https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/ + https://ubuntu.com/security/notices/USN-3315-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-5473 on Ubuntu 20.04 (focal) - medium. + Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-14 07:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5473.html + https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3 + https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15 + + + + + + + + + + CVE-2017-5488 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-15 02:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5488.html + http://www.openwall.com/lists/oss-security/2017/01/14/1 + https://wpvulndb.com/vulnerabilities/8716 + https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php + http://www.openwall.com/lists/oss-security/2017/01/14/6 + https://codex.wordpress.org/Version_4.7.1 + https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2 + https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-5489 on Ubuntu 20.04 (focal) - medium. + Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-15 02:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5489.html + http://www.openwall.com/lists/oss-security/2017/01/14/1 + https://wpvulndb.com/vulnerabilities/8717 + http://www.openwall.com/lists/oss-security/2017/01/14/6 + https://codex.wordpress.org/Version_4.7.1 + https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-5490 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-15 02:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5490.html + http://www.openwall.com/lists/oss-security/2017/01/14/1 + https://wpvulndb.com/vulnerabilities/8718 + https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359 + http://www.openwall.com/lists/oss-security/2017/01/14/6 + https://codex.wordpress.org/Version_4.7.1 + https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ + https://www.mehmetince.net/low-severity-wordpress/ + + + + + + + + + + CVE-2017-5491 on Ubuntu 20.04 (focal) - low. + wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-15 02:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5491.html + http://www.openwall.com/lists/oss-security/2017/01/14/1 + https://wpvulndb.com/vulnerabilities/8719 + https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a + http://www.openwall.com/lists/oss-security/2017/01/14/6 + https://codex.wordpress.org/Version_4.7.1 + https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-5492 on Ubuntu 20.04 (focal) - medium. + Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-15 02:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5492.html + http://www.openwall.com/lists/oss-security/2017/01/14/1 + https://wpvulndb.com/vulnerabilities/8720 + https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733 + http://www.openwall.com/lists/oss-security/2017/01/14/6 + https://codex.wordpress.org/Version_4.7.1 + https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-5493 on Ubuntu 20.04 (focal) - medium. + wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-15 02:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5493.html + http://www.openwall.com/lists/oss-security/2017/01/14/1 + https://wpvulndb.com/vulnerabilities/8721 + https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 + http://www.openwall.com/lists/oss-security/2017/01/14/6 + https://codex.wordpress.org/Version_4.7.1 + https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ + + + + + + + + + + CVE-2017-5545 on Ubuntu 20.04 (focal) - negligible. + The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-01-21 01:59:00 UTC + Wang Junjie + https://github.com/libimobiledevice/libplist/issues/87 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852385 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5545.html + + + + tyhicks> Affected utility is found in the libplist source package rather than in the libimobiledevice source package sbeattie> also, the affected code is just in the plistutil binary, not in the library itself + + + + + + + + + CVE-2017-5591 on Ubuntu 20.04 (focal) - medium. + An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-09 20:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854740 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854739 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5591.html + http://openwall.com/lists/oss-security/2017/02/09/29 + https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8 + https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/ + https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf + + + + + + + + + + + + + CVE-2017-5592 on Ubuntu 20.04 (focal) - medium. + An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-09 20:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854735 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5592.html + http://openwall.com/lists/oss-security/2017/02/09/29 + https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b + https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/ + https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf + + + + + + + + + + CVE-2017-5610 on Ubuntu 20.04 (focal) - medium. + wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-30 04:59:00 UTC + David Herrera + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5610.html + https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454 + http://www.openwall.com/lists/oss-security/2017/01/27/2 + http://www.openwall.com/lists/oss-security/2017/01/28/5 + https://codex.wordpress.org/Version_4.7.2 + https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/ + + + + + + + + + + CVE-2017-5611 on Ubuntu 20.04 (focal) - medium. + SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-30 04:59:00 UTC + Mo Jangda + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5611.html + https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb + http://www.openwall.com/lists/oss-security/2017/01/27/2 + http://www.openwall.com/lists/oss-security/2017/01/28/5 + https://codex.wordpress.org/Version_4.7.2 + https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/ + + + + + + + + + + CVE-2017-5612 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-30 04:59:00 UTC + Ian Dunn + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5612.html + https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849 + http://www.openwall.com/lists/oss-security/2017/01/27/2 + http://www.openwall.com/lists/oss-security/2017/01/28/5 + https://codex.wordpress.org/Version_4.7.2 + https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/ + + + + + + + + + + CVE-2017-5630 on Ubuntu 20.04 (focal) - negligible. + PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-02-01 23:59:00 UTC + http://pear.php.net/bugs/bug.php?id=21171 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5630.html + + + + sbeattie> PEAR issues should go against php-pear as of xenial seth-arnold> PEAR/PECL appears to have no authenticity checks of any sort. As far as I can tell any malicious MITM can install whatever they want anyway. leosilva> unfixed as of 2020-11-23 + + + + + + + + + CVE-2017-5637 on Ubuntu 20.04 (focal) - medium. + Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later. It was discovered that Apache ZooKeeper incorrectly implemented "wchp/wchc" commands. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-10 01:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5637.html + https://issues.apache.org/jira/browse/ZOOKEEPER-2693 + + + + + + + + + + CVE-2017-5644 on Ubuntu 20.04 (focal) - medium. + Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-24 14:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858301 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5644.html + http://www.openwall.com/lists/oss-security/2017/03/20/9 + + + + + + + + + + CVE-2017-5645 on Ubuntu 20.04 (focal) - medium. + In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-17 21:59:00 UTC + Marcio Almeida de Macedo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860489 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5645.html + https://issues.apache.org/jira/browse/LOG4J2-1863 + http://www.openwall.com/lists/oss-security/2017/04/17/2 + https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc192 + + + + + + + + + + CVE-2017-5660 on Ubuntu 20.04 (focal) - low. + There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-27 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5660.html + https://github.com/apache/trafficserver/pull/1657 + https://lists.apache.org/thread.html/22d84783d94c53a5132ec89f002fe5165c87561a9428bcb6713b3c98@%3Cdev.trafficserver.apache.org%3E + + + + + + + + + + CVE-2017-5661 on Ubuntu 20.04 (focal) - medium. + In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-18 14:59:00 UTC + 2017-04-18 + Pierre Ernst + https://issues.apache.org/jira/browse/FOP-2668 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5661.html + http://www.openwall.com/lists/oss-security/2017/04/18/2 + https://ubuntu.com/security/notices/USN-3281-1 + + + + + + + + + + CVE-2017-5662 on Ubuntu 20.04 (focal) - medium. + In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-18 14:59:00 UTC + 2017-04-18 + Lars Krapf and Pierre Ernst + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5662.html + http://www.openwall.com/lists/oss-security/2017/04/18/1 + https://ubuntu.com/security/notices/USN-3280-1 + + + + + + + + + + CVE-2017-5665 on Ubuntu 20.04 (focal) - low. + The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-01 15:59:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5665.html + https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c + https://sourceforge.net/p/mp3splt/bugs/209/ + + + + + + + + + + CVE-2017-5666 on Ubuntu 20.04 (focal) - medium. + The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-01 15:59:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5666.html + https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c + https://sourceforge.net/p/mp3splt/bugs/209/ + + + + + + + + + + CVE-2017-5668 on Ubuntu 20.04 (focal) - medium. + bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189. seth-arnold> probably our packages are not-affected but marking as needed to communicate that this patch is needed too + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-14 14:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853282 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5668.html + https://bugs.bitlbee.org/ticket/1282 + http://www.openwall.com/lists/oss-security/2017/01/30/4 + + + + + + + + + + CVE-2017-5731 on Ubuntu 20.04 (focal) - medium. + Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-28 15:15:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=686 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5731.html + https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html + https://rhn.redhat.com/errata/RHSA-2019-2125.html + + + + mdeslaur> per Intel, this CVE was rejected by mistake + + + + + + + + + CVE-2017-5834 on Ubuntu 20.04 (focal) - negligible. + The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 15:59:00 UTC + Wang Junjie + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854000 + https://github.com/libimobiledevice/libplist/issues/89 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5834.html + https://marc.info/?l=oss-security&m=148601478217591&w=2 + + + + + + + + + + CVE-2017-5835 on Ubuntu 20.04 (focal) - negligible. + libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 15:59:00 UTC + Wang Junjie + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854000 + https://github.com/libimobiledevice/libplist/issues/88 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5835.html + https://marc.info/?l=oss-security&m=148601478217591&w=2 + + + + + + + + + + CVE-2017-5836 on Ubuntu 20.04 (focal) - low. + The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-03 15:59:00 UTC + Francisco Alonso + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854000 + https://github.com/libimobiledevice/libplist/issues/86 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5836.html + https://marc.info/?l=oss-security&m=148601478217591&w=2 + + + + + + + + + + CVE-2017-5838 on Ubuntu 20.04 (focal) - low. + The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-09 15:59:00 UTC + Hanno Böck + https://bugzilla.gnome.org/show_bug.cgi?id=777263 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5838.html + http://www.openwall.com/lists/oss-security/2017/02/01/7 + + + + + + + + + + CVE-2017-5843 on Ubuntu 20.04 (focal) - low. + Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. Hanno Böck discovered that GStreamer Bad Plug-ins incorrectly handled vectors involving stream tags. A remote attacker could exploit this with a crafted MXF file to cause GStreamer to crash, resulting in a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-09 15:59:00 UTC + Hanno Böck + https://bugzilla.gnome.org/show_bug.cgi?id=777503 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5843.html + http://www.openwall.com/lists/oss-security/2017/02/01/7 + + + + + + + + + + CVE-2017-5846 on Ubuntu 20.04 (focal) - low. + The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-09 15:59:00 UTC + Hanno Böck + https://bugzilla.gnome.org/show_bug.cgi?id=777937 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5846.html + http://www.openwall.com/lists/oss-security/2017/02/01/7 + + + + + + + + + + CVE-2017-5847 on Ubuntu 20.04 (focal) - low. + The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-09 15:59:00 UTC + Hanno Böck + https://bugzilla.gnome.org/show_bug.cgi?id=777955 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5847.html + http://www.openwall.com/lists/oss-security/2017/02/01/7 + + + + + + + + + + CVE-2017-5848 on Ubuntu 20.04 (focal) - low. + The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. Hanno Böck discovered that GStreamer Bad Plug-ins incorrectly handled vectors involving PSM parsing. A remote attacker could exploit this with a crafted media file to cause GStreamer to crash, resulting in a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-09 15:59:00 UTC + Hanno Böck + https://bugzilla.gnome.org/show_bug.cgi?id=777957 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5848.html + http://www.openwall.com/lists/oss-security/2017/02/01/7 + + + + + + + + + + CVE-2017-5851 on Ubuntu 20.04 (focal) - low. + The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-01 15:59:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5851.html + http://www.openwall.com/lists/oss-security/2017/02/02/8 + https://github.com/asarubbo/poc/blob/master/00127-mp3splt-nullptr-free_options + https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c + + + + + + + + + + CVE-2017-5852 on Ubuntu 20.04 (focal) - medium. + The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in an infinite loop. If PoDoFo were to open a malicious PDF, an attacker could cause a denial of service by forcing PoDoFo to crash, hang, or consume system resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-01 15:59:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5852.html + https://marc.info/?l=oss-security&m=148596180802179&w=2 + + + + + + + + + + CVE-2017-5853 on Ubuntu 20.04 (focal) - medium. + Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, an integer overflow. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-01 15:59:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5853.html + https://marc.info/?l=oss-security&m=148596192602223&w=2 + + + + + + + + + + CVE-2017-5854 on Ubuntu 20.04 (focal) - medium. + base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a NULL pointer dereference. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-01 15:59:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5854.html + https://marc.info/?l=oss-security&m=148596201002245&w=2 + + + + + + + + + + CVE-2017-5855 on Ubuntu 20.04 (focal) - low. + The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-01 15:59:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5855.html + https://marc.info/?l=oss-security&m=148596209902262&w=2 + + + + + + + + + + CVE-2017-5886 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. It was discovered that PoDoFo mishandled certain crafted PDF files, resulting in a heap-based buffer overflow. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-01 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5886.html + https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp + https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469 + http://www.openwall.com/lists/oss-security/2017/02/05/4 + https://github.com/asarubbo/poc/blob/master/00146-podofo-heapoverflow-PdfTokenizer + + + + + + + + + + CVE-2017-5899 on Ubuntu 20.04 (focal) - high. + Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument. It was discovered that S-nail incorrectly handled paths. An attacker could possible use this issue to write arbitrary files and escalate privileges. + + Ubuntu 20.04 + + + + High + Copyright (C) 2017 Canonical Ltd. + 2017-03-27 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852934 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5899.html + https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html + https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f797c27efecad45af191c518b7f87fda32ada160 + https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f2699449b66dd702a98925bd1b11153a6f7294bf + https://www.openwall.com/lists/oss-security/2017/01/27/7 + + + + + + + + + + CVE-2017-5923 on Ubuntu 20.04 (focal) - medium. + libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + https://github.com/VirusTotal/yara/issues/597 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5923.html + + + + + + + + + + CVE-2017-5924 on Ubuntu 20.04 (focal) - medium. + libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + https://github.com/VirusTotal/yara/issues/593 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5924.html + + + + + + + + + + CVE-2017-5943 on Ubuntu 20.04 (focal) - medium. + Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-03 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5943.html + + + + + + + + + + CVE-2017-5944 on Ubuntu 20.04 (focal) - medium. + The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-03 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5944.html + + + + + + + + + + CVE-2017-5946 on Ubuntu 20.04 (focal) - medium. + The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-27 07:59:00 UTC + https://launchpad.net/bugs/1669894 + https://github.com/rubyzip/rubyzip/issues/315 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856269 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5946.html + https://github.com/rubyzip/rubyzip/releases + + + + + + + + + + CVE-2017-5949 on Ubuntu 20.04 (focal) - medium. + JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + https://bugs.webkit.org/show_bug.cgi?id=167239 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5949.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2017-5950 on Ubuntu 20.04 (focal) - negligible. + The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + https://github.com/jbeder/yaml-cpp/issues/459 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859891 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5950.html + + + + leosilva> by https://github.com/jbeder/yaml-cpp/issues/650 it seems leosilva> fix in issue #459 is incomplete. + + + + + + + + + CVE-2017-5982 on Ubuntu 20.04 (focal) - medium. + Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-28 18:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855225 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5982.html + http://seclists.org/fulldisclosure/2017/Feb/27 + http://trac.kodi.tv/ticket/17314 + + + + + + + + + + CVE-2017-5991 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-15 06:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5991.html + https://bugs.ghostscript.com/show_bug.cgi?id=697500 + http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 + + + + + + + + + + CVE-2017-5992 on Ubuntu 20.04 (focal) - medium. + Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. It was discovered that openpyxl incorrectly handled certain documents. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-15 19:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854442 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5992.html + http://www.openwall.com/lists/oss-security/2017/02/07/5 + https://bitbucket.org/openpyxl/openpyxl/issues/749 + https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1 + + + + + + + + + + CVE-2017-6004 on Ubuntu 20.04 (focal) - low. + The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-16 11:59:00 UTC + https://bugs.exim.org/show_bug.cgi?id=2035 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855405 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6004.html + + + + + + + + + + CVE-2017-6059 on Ubuntu 20.04 (focal) - low. + Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-12 20:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6059.html + https://github.com/pingidentity/mod_auth_openidc/issues/212 + + + + + + + + + + CVE-2017-6062 on Ubuntu 20.04 (focal) - medium. + The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-02 06:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6062.html + https://github.com/pingidentity/mod_auth_openidc/issues/222 + + + + + + + + + + CVE-2017-6076 on Ubuntu 20.04 (focal) - medium. + In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 02:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6076.html + https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable + + + + + + + + + + CVE-2017-6197 on Ubuntu 20.04 (focal) - medium. + The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 04:59:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6197.html + https://github.com/radare/radare2/issues/6816 + https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989 + + + + + + + + + + CVE-2017-6363 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'" + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6363.html + https://github.com/libgd/libgd/commit/0be86e1926939a98afbd2f3a23c673dfc4df2a7c + https://github.com/libgd/libgd/commit/2dbd8f6e66b73ed43d9b81a45350922b80f75397 + https://github.com/libgd/libgd/issues/383 + + + + mdeslaur> php uses the system libgd2 + + + + + + + + + + + + CVE-2017-6369 on Ubuntu 20.04 (focal) - medium. + Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so. It was discovered that Firebird exposed certain UDF libraries. An authenticated attacker could use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-24 10:59:00 UTC + 2017-03-24 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6369.html + http://tracker.firebirdsql.org/browse/CORE-5474 + https://ubuntu.com/security/notices/USN-3929-1 + + + + + + + + + + CVE-2017-6387 on Ubuntu 20.04 (focal) - medium. + The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-02 01:59:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://github.com/radare/radare2/issues/6857 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856574 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6387.html + + + + + + + + + + CVE-2017-6413 on Ubuntu 20.04 (focal) - medium. + The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-02 06:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6413.html + + + + + + + + + + CVE-2017-6414 on Ubuntu 20.04 (focal) - low. + Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856501 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6414.html + + + + + + + + + + CVE-2017-6415 on Ubuntu 20.04 (focal) - medium. + The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-02 01:59:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://github.com/radare/radare2/issues/6872 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856572 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6415.html + + + + + + + + + + CVE-2017-6435 on Ubuntu 20.04 (focal) - low. + The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Wang Junjie + https://github.com/libimobiledevice/libplist/issues/93 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6435.html + + + + + + + + + + CVE-2017-6448 on Ubuntu 20.04 (focal) - medium. + The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://github.com/radare/radare2/issues/6885 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6448.html + + + + + + + + + + CVE-2017-6503 on Ubuntu 20.04 (focal) - medium. + WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-06 02:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856977 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6503.html + https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16 + https://www.qbittorrent.org/news.php + + + + + + + + + + CVE-2017-6504 on Ubuntu 20.04 (focal) - medium. + WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-06 02:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856978 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6504.html + https://github.com/qbittorrent/qBittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d + https://www.qbittorrent.org/news.php + + + + + + + + + + CVE-2017-6514 on Ubuntu 20.04 (focal) - low. + WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-22 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6514.html + https://github.com/CFSECURITE/wordpress + https://web.archive.org/web/20180612235401/https://github.com/CFSECURITE/wordpress + + + + + + + + + + CVE-2017-6594 on Ubuntu 20.04 (focal) - low. + The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6594.html + + + + ratliff> Upstream: "[the fix] may break sites that rely on the bug." mdeslaur> heimdal-kdc package is in universe + + + + + + + + + CVE-2017-6596 on Ubuntu 20.04 (focal) - medium. + partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-10 10:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6596.html + https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md + + + + + + + + + + CVE-2017-6814 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-12 01:59:00 UTC + Chris Andrè Dale, Yorick Koster, and Simon P. Briggs + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6814.html + https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7 + http://openwall.com/lists/oss-security/2017/03/06/8 + https://codex.wordpress.org/Version_4.7.3 + https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html + + + + + + + + + + CVE-2017-6815 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-12 01:59:00 UTC + Daniel Chatfield + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6815.html + https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e + https://codex.wordpress.org/Version_4.7.3 + + + + + + + + + + CVE-2017-6816 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-12 01:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6816.html + https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 + https://codex.wordpress.org/Version_4.7.3 + + + + + + + + + + CVE-2017-6817 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-12 01:59:00 UTC + Marc Montpas + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6817.html + https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8 + https://codex.wordpress.org/Version_4.7.3 + + + + + + + + + + CVE-2017-6819 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-12 01:59:00 UTC + Sipke Mellema + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857026 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6819.html + https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829 + http://openwall.com/lists/oss-security/2017/03/06/7 + https://codex.wordpress.org/Version_4.7.3 + https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html + + + + + + + + + + CVE-2017-6820 on Ubuntu 20.04 (focal) - medium. + rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-12 05:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857473 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6820.html + https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305 + https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4 + https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124 + https://github.com/roundcube/roundcubemail/releases/tag/1.1.8 + https://github.com/roundcube/roundcubemail/releases/tag/1.2.4 + https://roundcube.net/news/2017/03/10/updates-1.2.4-and-1.1.8-released + + + + + + + + + + CVE-2017-6840 on Ubuntu 20.04 (focal) - medium. + The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in an invalid read. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash or possibly leak sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6840.html + http://www.openwall.com/lists/oss-security/2017/03/02/1 + https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp + + + + + + + + + + CVE-2017-6841 on Ubuntu 20.04 (focal) - medium. + The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6841.html + http://www.openwall.com/lists/oss-security/2017/03/02/2 + https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h + + + + + + + + + + CVE-2017-6842 on Ubuntu 20.04 (focal) - medium. + The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a NULL pointer dereference. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6842.html + http://www.openwall.com/lists/oss-security/2017/03/02/3 + https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp + + + + + + + + + + CVE-2017-6843 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a heap-based buffer overflow. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6843.html + http://www.openwall.com/lists/oss-security/2017/03/02/4 + https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h + + + + + + + + + + CVE-2017-6844 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a buffer overflow. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6844.html + http://www.openwall.com/lists/oss-security/2017/03/02/5 + https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp + + + + + + + + + + CVE-2017-6845 on Ubuntu 20.04 (focal) - medium. + The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6845.html + http://www.openwall.com/lists/oss-security/2017/03/02/6 + https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp + + + + + + + + + + CVE-2017-6846 on Ubuntu 20.04 (focal) - medium. + The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6846.html + http://www.openwall.com/lists/oss-security/2017/03/02/7 + https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp + + + + + + + + + + CVE-2017-6847 on Ubuntu 20.04 (focal) - medium. + The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a NULL pointer dereference. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6847.html + http://www.openwall.com/lists/oss-security/2017/03/02/8 + https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h + + + + + + + + + + CVE-2017-6848 on Ubuntu 20.04 (focal) - medium. + The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a NULL pointer dereference. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6848.html + http://www.openwall.com/lists/oss-security/2017/03/02/9 + https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp + + + + + + + + + + CVE-2017-6849 on Ubuntu 20.04 (focal) - medium. + The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6849.html + http://www.openwall.com/lists/oss-security/2017/03/02/10 + https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp + + + + + + + + + + CVE-2017-6886 on Ubuntu 20.04 (focal) - low. + An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-16 16:29:00 UTC + 2017-05-16 + mdeslaur + Jakub Jirasek + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6886.html + https://secuniaresearch.flexerasoftware.com/advisories/75737/ + https://secuniaresearch.flexerasoftware.com/secunia_research/2017-5/ + https://ubuntu.com/security/notices/USN-3492-1 + + + + seth-arnold> All non-libraw packages listed here matched portions of the patch; an extensive analysis was not performed. + + + + + + + + + + + + + + + + CVE-2017-6887 on Ubuntu 20.04 (focal) - low. + A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-16 16:29:00 UTC + 2017-05-16 + mdeslaur + Jakub Jirasek + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6887.html + https://secuniaresearch.flexerasoftware.com/advisories/75737/ + https://secuniaresearch.flexerasoftware.com/secunia_research/2017-6/ + https://ubuntu.com/security/notices/USN-3492-1 + + + + seth-arnold> All non-libraw packages listed here matched portions of the patch; an extensive analysis was not performed. mdeslaur> same commit as CVE-2017-6886 + + + + + + + + + + + + + + + + CVE-2017-6888 on Ubuntu 20.04 (focal) - low. + An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-25 21:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897015 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6888.html + https://secuniaresearch.flexerasoftware.com/advisories/82639/ + https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/ + + + + mdeslaur> code is different in chromium-browser, doesn't look affected + + + + + + + + + + + + CVE-2017-6903 on Ubuntu 20.04 (focal) - medium. + In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 (aka Quake 3 engine) forks. A malicious auto-downloaded file can trigger loading of crafted auto-downloaded files as native code DLLs. A malicious auto-downloaded file can contain configuration defaults that override the user's. Executable bytecode in a malicious auto-downloaded file can set configuration variables to values that will result in unwanted native code DLLs being loaded, resulting in sandbox escape. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-14 22:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6903.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857699 + https://github.com/ioquake/ioq3/commit/376267d534476a875d8b9228149c4ee18b74a4fd + https://github.com/ioquake/ioq3/commit/b173ac05993f634a42be3d3535e1b158de0c3372 + https://github.com/ioquake/ioq3/commit/f61fe5f6a0419ef4a88d46a128052f2e8352e85d + https://github.com/iortcw/iortcw/commit/11a83410153756ae350a82ed41b08d128ff7f998 + https://github.com/iortcw/iortcw/commit/b248763e4878ef12d5835ece6600be8334f67da1 + https://github.com/iortcw/iortcw/commit/b6ff2bcb1e4e6976d61e316175c6d7c99860fe20 + https://github.com/JACoders/OpenJK/commit/8956a35e7b91c4a0dd1fa6db1d28c7f0efbab2d7 + https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/ + + + + + + + + + + CVE-2017-6949 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-16 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6949.html + http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html + + + + + + + + + + CVE-2017-6960 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-17 09:59:00 UTC + 2017-03-17 09:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854367 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6960.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854367 + https://ubuntu.com/security/notices/USN-4513-1 + + + + + + + + + + CVE-2017-6961 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value (within the PNG file) to determine the amount of memory to allocate. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-17 09:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854441 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6961.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854441 + + + + + + + + + + CVE-2017-6962 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-17 09:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854447 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6962.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854447 + + + + + + + + + + CVE-2017-6965 on Ubuntu 20.04 (focal) - low. + readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-17 09:59:00 UTC + Thuan Pham + https://sourceware.org/bugzilla/show_bug.cgi?id=21137 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6965.html + + + + + + + + + + CVE-2017-6966 on Ubuntu 20.04 (focal) - low. + readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-17 09:59:00 UTC + Thuan Pham + https://sourceware.org/bugzilla/show_bug.cgi?id=21139 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6966.html + + + + + + + + + + CVE-2017-6967 on Ubuntu 20.04 (focal) - medium. + xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. It was discovered that PAM incorrectly initialized session modules. This could potentially bypass enforcement of limits. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-17 09:59:00 UTC + Klaus Steinberger + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6967.html + https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742 + https://github.com/neutrinolabs/xrdp/issues/350 + https://github.com/neutrinolabs/xrdp/pull/694 + https://github.com/neutrinolabs/xrdp/pull/696 + + + + + + + + + + CVE-2017-6969 on Ubuntu 20.04 (focal) - low. + readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-17 09:59:00 UTC + Thuan Pham + https://sourceware.org/bugzilla/show_bug.cgi?id=21156 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6969.html + http://www.openwall.com/lists/oss-security/2017/03/16/8 + + + + + + + + + + CVE-2017-6980 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6980.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-6984 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6984.html + https://support.apple.com/HT207798 + https://support.apple.com/HT207801 + https://support.apple.com/HT207804 + https://support.apple.com/HT207805 + https://webkitgtk.org/security/WSA-2017-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7006 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + David Kohlbrenner + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7006.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7011 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7011.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7012 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7012.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7018 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7018.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7019 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit Page Loading" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + Zhiyang Zeng + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7019.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7020 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7020.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7030 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7030.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7034 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7034.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7037 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7037.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7038 on Ubuntu 20.04 (focal) - medium. + A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + Neil Jenkins, Egor Karbutov, and Egor Saltykov + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7038.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7039 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7039.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7040 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7040.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7041 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7041.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7042 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7042.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7043 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7043.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7046 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7046.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7048 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7048.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7049 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7049.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7052 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7052.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7055 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7055.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7056 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7056.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7059 on Ubuntu 20.04 (focal) - medium. + A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7059.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://webkitgtk.org/security/WSA-2017-0006.html + + + + + + + + + + + + + CVE-2017-7061 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7061.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207924 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7064 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 16:29:00 UTC + 2017-07-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7064.html + http://www.securitytracker.com/id/1038950 + https://support.apple.com/HT207921 + https://support.apple.com/HT207923 + https://support.apple.com/HT207927 + https://support.apple.com/HT207928 + https://webkitgtk.org/security/WSA-2017-0006.html + https://ubuntu.com/security/notices/USN-3376-1 + + + + + + + + + + + + + CVE-2017-7071 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7071.html + https://support.apple.com/HT207600 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 mdeslaur> This still wasn't mentioned in webkit2gtk advisories as of mdeslaur> 2018-04-04, so marking as not-affected + + + + + + + + + CVE-2017-7081 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7081.html + https://webkitgtk.org/security/WSA-2017-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7087 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7087.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7089 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7089.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7090 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7090.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7091 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7091.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7092 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7092.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7093 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7093.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7094 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7094.html + https://webkitgtk.org/security/WSA-2017-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7095 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7095.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7096 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7096.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7098 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7098.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7099 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7099.html + https://webkitgtk.org/security/WSA-2017-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7100 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7100.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7102 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7102.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7104 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7104.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7107 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7107.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7109 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7109.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7111 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7111.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7117 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7117.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7120 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + 2017-10-18 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7120.html + https://webkitgtk.org/security/WSA-2017-0008.html + https://ubuntu.com/security/notices/USN-3460-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7142 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-23 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7142.html + https://webkitgtk.org/security/WSA-2017-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7153 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-01-30 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7153.html + https://webkitgtk.org/security/WSA-2018-0002.html + https://ubuntu.com/security/notices/USN-3551-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7156 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 17:08:00 UTC + 2017-12-20 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7156.html + https://webkitgtk.org/security/WSA-2017-0010.html + https://ubuntu.com/security/notices/USN-3514-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7157 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 17:08:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7157.html + https://webkitgtk.org/security/WSA-2017-0010.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7160 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-27 17:08:00 UTC + 2018-01-30 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7160.html + https://webkitgtk.org/security/WSA-2018-0002.html + https://ubuntu.com/security/notices/USN-3551-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7161 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2017-12-31 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7161.html + https://webkitgtk.org/security/WSA-2018-0002.html + https://ubuntu.com/security/notices/USN-3551-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7165 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2017-12-31 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7165.html + https://webkitgtk.org/security/WSA-2018-0002.html + https://ubuntu.com/security/notices/USN-3551-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2017-7178 on Ubuntu 20.04 (focal) - medium. + CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-18 20:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857903 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7178.html + http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583 + http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14 + http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9 + http://seclists.org/fulldisclosure/2017/Mar/6 + https://bugs.debian.org/857903 + + + + + + + + + + CVE-2017-7186 on Ubuntu 20.04 (focal) - low. + libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-20 00:59:00 UTC + Agostino Sarubbo + https://bugs.exim.org/show_bug.cgi?id=2052 + https://launchpad.net/bugs/1690484 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858230 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858233 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7186.html + https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/ + + + + mdeslaur> pcre32 support enabled only in pcre3/1:8.35-4 + + + + + + + + + + + + CVE-2017-7203 on Ubuntu 20.04 (focal) - medium. + A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-21 06:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858329 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7203.html + https://github.com/ZoneMinder/ZoneMinder/issues/1797 + + + + + + + + + + CVE-2017-7209 on Ubuntu 20.04 (focal) - low. + The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-21 06:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858323 + https://sourceware.org/bugzilla/show_bug.cgi?id=21135 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7209.html + + + + + + + + + + CVE-2017-7210 on Ubuntu 20.04 (focal) - low. + objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-21 06:59:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=21157 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858324 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7210.html + + + + + + + + + + CVE-2017-7223 on Ubuntu 20.04 (focal) - low. + GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-22 16:59:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=20898 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7223.html + + + + + + + + + + CVE-2017-7224 on Ubuntu 20.04 (focal) - low. + The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-22 16:59:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=20892 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7224.html + + + + + + + + + + CVE-2017-7225 on Ubuntu 20.04 (focal) - low. + The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-22 16:59:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=20891 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7225.html + + + + + + + + + + CVE-2017-7226 on Ubuntu 20.04 (focal) - low. + The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-22 16:59:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=20905 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7226.html + + + + + + + + + + CVE-2017-7227 on Ubuntu 20.04 (focal) - low. + GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-22 16:59:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=20906 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7227.html + + + + + + + + + + CVE-2017-7244 on Ubuntu 20.04 (focal) - low. + The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-23 21:59:00 UTC + Agostino Sarubbo + https://bugs.exim.org/show_bug.cgi?id=2054 + https://bugs.exim.org/show_bug.cgi?id=2052 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858683 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7244.html + https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/ + + + + mdeslaur> pcre32 support enabled only in pcre3/1:8.35-4 mdeslaur> same commit as CVE-2017-7186 + + + + + + + + + CVE-2017-7263 on Ubuntu 20.04 (focal) - low. + The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-26 05:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858763 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7263.html + https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/ + http://seclists.org/oss-sec/2017/q1/682 + + + + tyhicks> inkscape in xenial and earlier embeds libpotrace (LP: #1156664) mdeslaur> potrace in inkscape works on bitmaps already loaded, not mdeslaur> arbitrary images. Marking as not-affected for inkscape. + + + + + + + + + CVE-2017-7264 on Ubuntu 20.04 (focal) - medium. + Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-26 05:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854734 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7264.html + https://bugs.ghostscript.com/show_bug.cgi?id=697515 + https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ + http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 + + + + + + + + + + CVE-2017-7300 on Ubuntu 20.04 (focal) - low. + The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-29 15:59:00 UTC + Marcel Böhme + https://sourceware.org/bugzilla/show_bug.cgi?id=20909 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7300.html + + + + + + + + + + CVE-2017-7301 on Ubuntu 20.04 (focal) - low. + The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-29 15:59:00 UTC + Marcel Böhme + https://sourceware.org/bugzilla/show_bug.cgi?id=20924 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7301.html + + + + + + + + + + CVE-2017-7302 on Ubuntu 20.04 (focal) - low. + The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-29 15:59:00 UTC + Marcel Böhme + https://sourceware.org/bugzilla/show_bug.cgi?id=20921 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7302.html + + + + + + + + + + CVE-2017-7378 on Ubuntu 20.04 (focal) - low. + The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a heap-based buffer overflow. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859330 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7378.html + http://www.openwall.com/lists/oss-security/2017/04/01/1 + https://blogs.gentoo.org/ago/2017/03/31/podofo-heap-based-buffer-overflow-in-podofopdfpainterexpandtabs-pdfpainter-cpp + + + + + + + + + + CVE-2017-7379 on Ubuntu 20.04 (focal) - low. + The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in an invalid read. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash or possibly leak sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859331 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7379.html + http://www.openwall.com/lists/oss-security/2017/04/01/2 + https://blogs.gentoo.org/ago/2017/03/31/podofo-heap-based-buffer-overflow-in-podofopdfsimpleencodingconverttoencoding-pdfencoding-cpp + + + + + + + + + + CVE-2017-7380 on Ubuntu 20.04 (focal) - low. + The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a NULL pointer dereference. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7380.html + http://www.openwall.com/lists/oss-security/2017/04/01/3 + https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1 + https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference + + + + + + + + + + CVE-2017-7381 on Ubuntu 20.04 (focal) - low. + The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a NULL pointer dereference. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7381.html + http://www.openwall.com/lists/oss-security/2017/04/01/3 + https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2 + https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference + + + + + + + + + + CVE-2017-7382 on Ubuntu 20.04 (focal) - low. + The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a NULL pointer dereference. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7382.html + http://www.openwall.com/lists/oss-security/2017/04/01/3 + https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3 + https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference + + + + + + + + + + CVE-2017-7383 on Ubuntu 20.04 (focal) - low. + The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Agostino Sarubbo discovered that PoDoFo mishandled certain crafted PDF files, resulting in a NULL pointer dereference. If PoDoFo were to open a malicious PDF, an attacker could cause PoDoFo to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 05:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7383.html + http://www.openwall.com/lists/oss-security/2017/04/01/3 + https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4 + https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference + + + + + + + + + + CVE-2017-7401 on Ubuntu 20.04 (focal) - medium. + Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet. It was discovered that collectd mishandles certain malformed network packets. A remote attacker could use this vulnerablity to cause a Denial of Service or consume system resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-03 14:59:00 UTC + https://github.com/collectd/collectd/issues/2174 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859494 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7401.html + + + + + + + + + + CVE-2017-7416 on Ubuntu 20.04 (focal) - medium. + ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-26 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7416.html + https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md + + + + + + + + + + CVE-2017-7418 on Ubuntu 20.04 (focal) - medium. + ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-04 17:59:00 UTC + http://bugs.proftpd.org/show_bug.cgi?id=4295 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859592 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7418.html + https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed + https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f + https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8 + + + + + + + + + + CVE-2017-7435 on Ubuntu 20.04 (focal) - medium. + In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 20:29:00 UTC + Bolesław Tokarski + https://bugzilla.novell.com/show_bug.cgi?id=1038984 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7435.html + + + + sbeattie> likely requires zypper changes, too + + + + + + + + + CVE-2017-7436 on Ubuntu 20.04 (focal) - medium. + In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 20:29:00 UTC + Bolesław Tokarski + https://bugzilla.novell.com/show_bug.cgi?id=1038984 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7436.html + + + + sbeattie> likely requires zypper changes, too + + + + + + + + + CVE-2017-7443 on Ubuntu 20.04 (focal) - low. + apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-05 20:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858833 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858739 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7443.html + + + + + + + + + + + + + CVE-2017-7458 on Ubuntu 20.04 (focal) - low. + The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-26 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7458.html + https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md + https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f + + + + + + + + + + CVE-2017-7459 on Ubuntu 20.04 (focal) - medium. + ntopng before 3.0 allows HTTP Response Splitting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-26 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7459.html + https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md + + + + + + + + + + CVE-2017-7475 on Ubuntu 20.04 (focal) - low. + Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-19 20:29:00 UTC + Jiaqi Peng and Bingchang Liu + https://gitlab.freedesktop.org/cairo/cairo/issues/80 (main bug) + https://bugs.freedesktop.org/show_bug.cgi?id=100763 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870264 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7475.html + + + + mdeslaur> as of 2020-11-26, no complete fix from upstream + + + + + + + + + CVE-2017-7480 on Ubuntu 20.04 (focal) - medium. + rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. It was discovered that rkhunter is vulnerable to file download over insecure channel. An attacker could use it for remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-21 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7480.html + http://www.openwall.com/lists/oss-security/2017/06/29/2 + + + + + + + + + + CVE-2017-7481 on Ubuntu 20.04 (focal) - low. + Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-19 13:29:00 UTC + 2018-07-19 + Jason McKerr + https://bugzilla.redhat.com/show_bug.cgi?id=1450018 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7481.html + https://ubuntu.com/security/notices/USN-4072-1 + + + + + + + + + + CVE-2017-7500 on Ubuntu 20.04 (focal) - low. + It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-13 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7500.html + https://bugzilla.redhat.com/show_bug.cgi?id=1450369 + + + + mdeslaur> fixed in 4.13.0.2 and 4.14.0 + + + + + + + + + CVE-2017-7501 on Ubuntu 20.04 (focal) - low. + It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-22 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7501.html + https://bugzilla.redhat.com/show_bug.cgi?id=1452133 + + + + + + + + + + CVE-2017-7525 on Ubuntu 20.04 (focal) - medium. + A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-06 15:29:00 UTC + 2018-02-06 15:29:00 UTC + pfsmorigo + Liao Xinxi + https://bugzilla.redhat.com/show_bug.cgi?id=1462702 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7525.html + https://ubuntu.com/security/notices/USN-4741-1 + + + + + + + + + + + + + CVE-2017-7551 on Ubuntu 20.04 (focal) - medium. + 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-16 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7551.html + https://pagure.io/389-ds-base/issue/49336 + + + + + + + + + + CVE-2017-7557 on Ubuntu 20.04 (focal) - medium. + dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-22 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872854 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7557.html + https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html + https://downloads.powerdns.com/patches/2017-02 + + + + + + + + + + CVE-2017-7559 on Ubuntu 20.04 (focal) - medium. + In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-10 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7559.html + + + + + + + + + + CVE-2017-7561 on Ubuntu 20.04 (focal) - medium. + Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-13 17:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1483823 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7561.html + https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1539 + + + + + + + + + + + + + CVE-2017-7614 on Ubuntu 20.04 (focal) - low. + elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-09 14:59:00 UTC + Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859989 + https://sourceware.org/bugzilla/show_bug.cgi?id=21342 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7614.html + https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/ + + + + + + + + + + CVE-2017-7617 on Ubuntu 20.04 (focal) - medium. + Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action. Alex Villacis Lasso discovered that asterisk did not properly check the length of certain input. A remote attacker could use this vulnerability to cause a denial of service (crash) or potentially execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-10 14:59:00 UTC + Alex Villacis Lasso + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859910 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7617.html + http://downloads.asterisk.org/pub/security/AST-2017-001.html + https://bugs.debian.org/859910 + + + + + + + + + + CVE-2017-7653 on Ubuntu 20.04 (focal) - medium. + The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-05 20:29:00 UTC + 2018-06-05 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7653.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113 + https://ubuntu.com/security/notices/USN-4023-1 + + + + + + + + + + CVE-2017-7654 on Ubuntu 20.04 (focal) - medium. + In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-05 20:29:00 UTC + 2018-06-05 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7654.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493 + https://ubuntu.com/security/notices/USN-4023-1 + + + + + + + + + + CVE-2017-7655 on Ubuntu 20.04 (focal) - medium. + In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. It was discovered that Mosquitto incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7655.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775 + https://github.com/eclipse/mosquitto/commit/79a7b36d207c9142468a7ea33695a14181a9fd24 + + + + + + + + + + CVE-2017-7656 on Ubuntu 20.04 (focal) - medium. + In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7656.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667 + + + + ebarretto> jetty8 ignored (very hard to exploit, complex patch) + + + + + + + + + CVE-2017-7657 on Ubuntu 20.04 (focal) - low. + In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7657.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668 + + + + ebarretto> jetty8 ignored (very hard to exploit, complex patch) + + + + + + + + + CVE-2017-7658 on Ubuntu 20.04 (focal) - low. + In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7658.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669 + + + + ebarretto> jetty8 ignored (very hard to exploit, complex patch) + + + + + + + + + CVE-2017-7671 on Ubuntu 20.04 (focal) - medium. + There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-27 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7671.html + https://github.com/apache/trafficserver/pull/1941 + https://lists.apache.org/thread.html/203bdcf9bbb718f3dc6f7aaf3e2af632474d51fa9e7bfb7832729905@%3Cdev.trafficserver.apache.org%3E + + + + + + + + + + CVE-2017-7697 on Ubuntu 20.04 (focal) - low. + In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-11 23:59:00 UTC + Erik de Castro Lopo and Agostino Sarubbo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860159 + https://github.com/erikd/libsamplerate/issues/11 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7697.html + https://blogs.gentoo.org/ago/2017/04/11/libsamplerate-global-buffer-overflow-in-calc_output_single-src_sinc-c/ + + + + + + + + + + CVE-2017-7716 on Ubuntu 20.04 (focal) - medium. + The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-12 15:59:00 UTC + Kamil Frankowicz + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7716.html + https://github.com/radare/radare2/issues/7260 + + + + + + + + + + CVE-2017-7779 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7779.html + https://ubuntu.com/security/notices/USN-3391-1 + https://ubuntu.com/security/notices/USN-3416-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2017-7780 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7780.html + https://ubuntu.com/security/notices/USN-3391-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7781 on Ubuntu 20.04 (focal) - medium. + An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7781.html + https://ubuntu.com/security/notices/USN-3391-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7783 on Ubuntu 20.04 (focal) - medium. + If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7783.html + https://ubuntu.com/security/notices/USN-3391-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7784 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7784.html + https://ubuntu.com/security/notices/USN-3391-1 + https://ubuntu.com/security/notices/USN-3416-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2017-7788 on Ubuntu 20.04 (focal) - medium. + When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7788.html + https://ubuntu.com/security/notices/USN-3391-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7791 on Ubuntu 20.04 (focal) - medium. + On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7791.html + https://ubuntu.com/security/notices/USN-3391-1 + https://ubuntu.com/security/notices/USN-3416-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2017-7794 on Ubuntu 20.04 (focal) - medium. + On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7794.html + https://ubuntu.com/security/notices/USN-3391-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7797 on Ubuntu 20.04 (focal) - medium. + Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7797.html + https://ubuntu.com/security/notices/USN-3391-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7798 on Ubuntu 20.04 (focal) - medium. + The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7798.html + https://ubuntu.com/security/notices/USN-3391-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7799 on Ubuntu 20.04 (focal) - medium. + JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7799.html + https://ubuntu.com/security/notices/USN-3391-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7806 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-08-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7806.html + https://ubuntu.com/security/notices/USN-3391-1 + + + + tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7810 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-10-02 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7810.html + https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/ + https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/ + https://ubuntu.com/security/notices/USN-3435-1 + https://ubuntu.com/security/notices/USN-3436-1 + https://ubuntu.com/security/notices/USN-3688-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2017-7811 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-10-02 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7811.html + https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/ + https://ubuntu.com/security/notices/USN-3435-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7813 on Ubuntu 20.04 (focal) - medium. + Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-10-02 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7813.html + https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/ + https://ubuntu.com/security/notices/USN-3435-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2017-7826 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-11-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7826.html + https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/ + https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ + https://ubuntu.com/security/notices/USN-3477-1 + https://ubuntu.com/security/notices/USN-3490-1 + https://ubuntu.com/security/notices/USN-3688-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2017-7827 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-11-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7827.html + https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/ + https://ubuntu.com/security/notices/USN-3477-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> This is not fixed in mozjs52, but it's unclear whether it is unaffected or just ignored as the bugs are still private. Specifically, the following need investigating: - https://bugzilla.mozilla.org/show_bug.cgi?id=1403646 (https://hg.mozilla.org/releases/mozilla-release/rev/2f1496c1455f) - https://bugzilla.mozilla.org/show_bug.cgi?id=1403716 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1402876 (https://hg.mozilla.org/releases/mozilla-release/rev/f06912ba5bb7) - https://bugzilla.mozilla.org/show_bug.cgi?id=1384121 (https://hg.mozilla.org/releases/mozilla-release/rev/05f6da3339b3, https://hg.mozilla.org/releases/mozilla-release/rev/eab55565955d) - https://bugzilla.mozilla.org/show_bug.cgi?id=1384615 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1339485 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1361432 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1386490 (can't find a changeset referencing it) + + + + + + + + + + + + CVE-2017-7831 on Ubuntu 20.04 (focal) - medium. + A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2017-11-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7831.html + https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/ + https://ubuntu.com/security/notices/USN-3477-1 + https://bugzilla.mozilla.org/show_bug.cgi?id=1392026 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> This is not fixed in mozjs52, but it's unclear whether it is unaffected or just ignored as https://bugzilla.mozilla.org/show_bug.cgi?id=1392026 is still private and I can't find a changeset referencing it) + + + + + + + + + + + + CVE-2017-7860 on Ubuntu 20.04 (focal) - medium. + Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-14 04:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860316 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7860.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=661 + https://github.com/grpc/grpc/pull/9833 + + + + + + + + + + CVE-2017-7861 on Ubuntu 20.04 (focal) - medium. + Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-14 04:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860316 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7861.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=655 + https://github.com/grpc/grpc/pull/9833 + + + + + + + + + + CVE-2017-7875 on Ubuntu 20.04 (focal) - medium. + In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-14 18:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860367 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7875.html + https://feh.finalrewind.org/ + https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d + + + + + + + + + + CVE-2017-7946 on Ubuntu 20.04 (focal) - medium. + The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-18 20:59:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7946.html + https://github.com/radare/radare2/issues/7301 + https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92 + + + + + + + + + + CVE-2017-7960 on Ubuntu 20.04 (focal) - low. + The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-19 15:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860961 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7960.html + https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/ + + + + + + + + + + CVE-2017-7994 on Ubuntu 20.04 (focal) - medium. + The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-21 16:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7994.html + https://github.com/icepng/PoC/tree/master/PoC1 + https://icepng.github.io/2017/04/21/PoDoFo-1/ + + + + + + + + + + CVE-2017-8053 on Ubuntu 20.04 (focal) - medium. + PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-22 21:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860994 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8053.html + http://openwall.com/lists/oss-security/2017/04/22/1 + http://www.evernote.com/l/AnGe5jS_MvNDaZvZW-fzvV37H4ggSf5IkQo/ + + + + + + + + + + CVE-2017-8054 on Ubuntu 20.04 (focal) - medium. + The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-22 22:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860995 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8054.html + http://qwertwwwe.github.io/2017/04/22/PoDoFo-0-9-5-allows-remote-attackers-to-cause-a-denial-of-service-infinit-loop/ + + + + + + + + + + CVE-2017-8108 on Ubuntu 20.04 (focal) - low. + Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-08 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8108.html + https://cisofy.com/security/cve/cve-2017-8108/ + https://github.com/CISOfy/lynis/releases/tag/2.5.0 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJXMPYANXHI25NQZ36QMXNXANDRAA5YG/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJHLLWNW7NASVXCK24YBSIUQQPWGCMB5/ + + + + sbeattie> symlink hardening + + + + + + + + + CVE-2017-8114 on Ubuntu 20.04 (focal) - medium. + Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-29 19:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861388 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8114.html + https://github.com/roundcube/roundcubemail/releases/tag/1.2.5 + https://github.com/roundcube/roundcubemail/commit/6e054a37d13dc3772d0aa454a32d5dc3bdcc7003 (1.2.x) + https://github.com/roundcube/roundcubemail/releases/tag/1.1.9 + https://github.com/roundcube/roundcubemail/commit/10b227d70a03e33682aaaa0138e84f9256f3cd50 (1.1.x) + https://github.com/roundcube/roundcubemail/releases/tag/1.0.11 + https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e (1.0.x) + + + + + + + + + + CVE-2017-8288 on Ubuntu 20.04 (focal) - medium. + gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-27 00:59:00 UTC + https://bugs.kali.org/view.php?id=2513 + https://bugzilla.gnome.org/show_bug.cgi?id=781728 + https://github.com/EasyScreenCast/EasyScreenCast/issues/46 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8288.html + + + + + + + + + + CVE-2017-8294 on Ubuntu 20.04 (focal) - medium. + libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-27 14:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8294.html + https://github.com/VirusTotal/yara/issues/646 + https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e + + + + + + + + + + CVE-2017-8295 on Ubuntu 20.04 (focal) - medium. + WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-04 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8295.html + https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html + https://www.exploit-db.com/exploits/41963/ + + + + + + + + + + CVE-2017-8315 on Ubuntu 20.04 (focal) - medium. + Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-20 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8315.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169 + https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/ + + + + msalvatore> see debian CVE tracker for more details. + + + + + + + + + CVE-2017-8342 on Ubuntu 20.04 (focal) - medium. + Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-30 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861514 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8342.html + https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x) + https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d (master) + https://bugs.debian.org/861514 + https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst + https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d + https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b + + + + + + + + + + CVE-2017-8359 on Ubuntu 20.04 (focal) - medium. + Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-30 17:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8359.html + https://github.com/grpc/grpc/pull/10353 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=726 + + + + + + + + + + CVE-2017-8378 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-01 01:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861597 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8378.html + https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects + + + + + + + + + + CVE-2017-8393 on Ubuntu 20.04 (focal) - low. + The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-01 18:59:00 UTC + Manh-Dung Nguyen, Marcel Böhme, and Van-Thuan Pham + https://sourceware.org/bugzilla/show_bug.cgi?id=21412 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8393.html + + + + + + + + + + CVE-2017-8394 on Ubuntu 20.04 (focal) - low. + The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-01 18:59:00 UTC + Manh-Dung Nguyen, Marcel Böhme, and Van-Thuan Pham + https://sourceware.org/bugzilla/show_bug.cgi?id=21414 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8394.html + + + + + + + + + + CVE-2017-8395 on Ubuntu 20.04 (focal) - low. + The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-01 18:59:00 UTC + Manh-Dung Nguyen, Marcel Böhme, and Van-Thuan Pham + https://sourceware.org/bugzilla/show_bug.cgi?id=21431 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8395.html + + + + + + + + + + CVE-2017-8396 on Ubuntu 20.04 (focal) - low. + The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-01 18:59:00 UTC + Manh-Dung Nguyen, Marcel Böhme, and Van-Thuan Pham + https://sourceware.org/bugzilla/show_bug.cgi?id=21432 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8396.html + + + + + + + + + + CVE-2017-8397 on Ubuntu 20.04 (focal) - low. + The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-01 18:59:00 UTC + Manh-Dung Nguyen, Marcel Böhme, and Van-Thuan Pham + https://sourceware.org/bugzilla/show_bug.cgi?id=21434 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8397.html + + + + + + + + + + CVE-2017-8398 on Ubuntu 20.04 (focal) - low. + dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-01 18:59:00 UTC + Manh-Dung Nguyen, Marcel Böhme, and Van-Thuan Pham + https://sourceware.org/bugzilla/show_bug.cgi?id=21438 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8398.html + + + + + + + + + + CVE-2017-8419 on Ubuntu 20.04 (focal) - medium. + LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. It was discovered that LAME incorrectly handled certain audio files. An attacker could possibly use this issue to cause a denial of service or possibly other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-02 14:59:00 UTC + Gareth Evans + https://sourceforge.net/p/lame/bugs/458/ + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8419.html + + + + + + + + + + CVE-2017-8421 on Ubuntu 20.04 (focal) - low. + The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-02 17:59:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=21440 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8421.html + + + + + + + + + + CVE-2017-8761 on Ubuntu 20.04 (focal) - low. + In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 14:15:00 UTC + Bülent Topcu + https://bugs.launchpad.net/swift/+bug/1685798 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8761.html + + + + + + + + + + CVE-2017-8779 on Ubuntu 20.04 (focal) - medium. + rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-04 14:29:00 UTC + 2017-05-04 + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861834 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861835 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861836 + https://bugs.launchpad.net/ubuntu/+source/rpcbind/+bug/1687930 + https://bugs.launchpad.net/ubuntu/+source/rpcbind/+bug/1925280 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8779.html + http://www.openwall.com/lists/oss-security/2017/05/04/1 + https://github.com/guidovranken/rpcbomb/ + http://openwall.com/lists/oss-security/2017/05/03/12 + http://openwall.com/lists/oss-security/2017/05/04/1 + https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/ + https://ubuntu.com/security/notices/USN-3759-1 + https://ubuntu.com/security/notices/USN-3759-2 + https://ubuntu.com/security/notices/USN-4986-1 + https://ubuntu.com/security/notices/USN-4986-2 + + + + mdeslaur> patch used by Debian in 0.2.3-0.6 isn't the correct one and mdeslaur> the reproducer still works against rpcbind + + + + + + + + + + + + + CVE-2017-8786 on Ubuntu 20.04 (focal) - negligible. + pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-05-05 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861873 + https://bugs.exim.org/show_bug.cgi?id=2079 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8786.html + https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/ + + + + sbeattie> issue is in pcre2test, which is a test program + + + + + + + + + CVE-2017-8787 on Ubuntu 20.04 (focal) - low. + The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-05 07:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8787.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738 + + + + + + + + + + CVE-2017-8807 on Ubuntu 20.04 (focal) - low. + vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects. It was discovered that Varnish incorrectly handled certain inputs. A remote attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-16 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881808 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8807.html + http://varnish-cache.org/security/VSV00002.html + https://github.com/varnishcache/varnish-cache/pull/2429 + https://bugs.debian.org/881808 + https://github.com/varnishcache/varnish-cache/commit/176f8a075a963ffbfa56f1c460c15f6a1a6af5a7 + + + + + + + + + + CVE-2017-8825 on Ubuntu 20.04 (focal) - low. + A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-08 16:29:00 UTC + https://github.com/dinhviethoa/libetpan/issues/274 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862151 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8825.html + https://github.com/dinhviethoa/libetpan/releases/tag/1.8 + + + + + + + + + + CVE-2017-8834 on Ubuntu 20.04 (focal) - low. + The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 06:29:00 UTC + https://bugzilla.gnome.org/show_bug.cgi?id=782647 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8834.html + http://seclists.org/fulldisclosure/2017/Jun/10 + https://www.exploit-db.com/exploits/42147/ + + + + + + + + + + CVE-2017-8842 on Ubuntu 20.04 (focal) - low. + The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-08 14:29:00 UTC + Agostino Sarubbo + https://github.com/ckolivas/lrzip/issues/66 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8842.html + https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/ + + + + + + + + + + CVE-2017-8843 on Ubuntu 20.04 (focal) - low. + The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-08 14:29:00 UTC + Agostino Sarubbo + https://github.com/ckolivas/lrzip/issues/69 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8843.html + https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/ + + + + + + + + + + CVE-2017-8844 on Ubuntu 20.04 (focal) - low. + The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-08 14:29:00 UTC + Agostino Sarubbo + https://github.com/ckolivas/lrzip/issues/70 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8844.html + https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/ + + + + + + + + + + CVE-2017-8845 on Ubuntu 20.04 (focal) - low. + The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-08 14:29:00 UTC + Agostino Sarubbo + https://github.com/ckolivas/lrzip/issues/68 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863151 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8845.html + https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/ + + + + + + + + + + CVE-2017-8846 on Ubuntu 20.04 (focal) - low. + The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-08 14:29:00 UTC + Agostino Sarubbo + https://github.com/ckolivas/lrzip/issues/71 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8846.html + https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/ + + + + + + + + + + CVE-2017-8847 on Ubuntu 20.04 (focal) - low. + The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-08 14:29:00 UTC + Agostino Sarubbo + https://github.com/ckolivas/lrzip/issues/67 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8847.html + https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/ + + + + + + + + + + CVE-2017-8849 on Ubuntu 20.04 (focal) - medium. + smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-17 14:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/smb4k/+bug/1689768 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8849.html + http://www.openwall.com/lists/oss-security/2017/05/10/3 + + + + + + + + + + CVE-2017-8854 on Ubuntu 20.04 (focal) - medium. + wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-09 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8854.html + https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable + + + + + + + + + + CVE-2017-8855 on Ubuntu 20.04 (focal) - low. + wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-09 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8855.html + https://github.com/wolfSSL/wolfssl/releases/tag/v3.11.0-stable + + + + + + + + + + CVE-2017-8871 on Ubuntu 20.04 (focal) - low. + The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 06:29:00 UTC + https://bugzilla.gnome.org/show_bug.cgi?id=782649 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8871.html + http://seclists.org/fulldisclosure/2017/Jun/10 + https://www.exploit-db.com/exploits/42147/ + + + + + + + + + + CVE-2017-8872 on Ubuntu 20.04 (focal) - low. + The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-10 05:29:00 UTC + 2017-05-10 05:29:00 UTC + https://bugzilla.gnome.org/show_bug.cgi?id=775200 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862450 + https://gitlab.gnome.org/GNOME/libxml2/issues/26 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8872.html + https://ubuntu.com/security/notices/USN-4991-1 + + + + mdeslaur> fix debian used isn't the final upstream fix + + + + + + + + + CVE-2017-8921 on Ubuntu 20.04 (focal) - medium. + In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-12 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862689 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8921.html + https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/ + + + + + + + + + + CVE-2017-8929 on Ubuntu 20.04 (focal) - medium. + The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-14 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8929.html + https://github.com/VirusTotal/yara/issues/658 + + + + + + + + + + CVE-2017-9031 on Ubuntu 20.04 (focal) - medium. + The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-17 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862611 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9031.html + http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15 + https://bugs.debian.org/862611 + + + + + + + + + + CVE-2017-9038 on Ubuntu 20.04 (focal) - low. + GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 01:29:00 UTC + Agostino Sarubbo + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9038.html + https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/ + + + + + + + + + + CVE-2017-9039 on Ubuntu 20.04 (focal) - low. + GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 01:29:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9039.html + https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/ + + + + + + + + + + CVE-2017-9040 on Ubuntu 20.04 (focal) - low. + GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 01:29:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9040.html + https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/ + + + + + + + + + + CVE-2017-9041 on Ubuntu 20.04 (focal) - low. + GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 01:29:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9041.html + https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/ + + + + + + + + + + CVE-2017-9042 on Ubuntu 20.04 (focal) - low. + readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 01:29:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9042.html + https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/ + + + + mdeslaur> same commit as CVE-2017-9040 + + + + + + + + + CVE-2017-9044 on Ubuntu 20.04 (focal) - low. + The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 01:29:00 UTC + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9044.html + https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/ + + + + seth-arnold> Likely fixed by one of CVE-2017-9043 CVE-2017-9042 CVE-2017-9041 CVE-2017-9040 CVE-2017-9039 CVE-2017-9038 + + + + + + + + + CVE-2017-9052 on Ubuntu 20.04 (focal) - medium. + An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list(). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 06:29:00 UTC + Marcel Bohme and Van-Thuan Pham + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9052.html + https://www.prevanders.net/dwarfbug.html#DW201703-006 + https://www.prevanders.net/dwarfbug.html + + + + seth-arnold> fix 5dd64de047cd5ec479fb11fe7ff2692fd819e5e5 + + + + + + + + + CVE-2017-9053 on Ubuntu 20.04 (focal) - medium. + An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 06:29:00 UTC + Marcel Bohme and Van-Thuan Pham + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9053.html + https://www.prevanders.net/dwarfbug.html#DW201703-005 + https://www.prevanders.net/dwarfbug.html + + + + seth-arnold> fix cc37d6917011733d776ae228af4e5d6abe9613c1 + + + + + + + + + CVE-2017-9054 on Ubuntu 20.04 (focal) - medium. + An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 06:29:00 UTC + Marcel Bohme and Van-Thuan Pham + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9054.html + https://www.prevanders.net/dwarfbug.html#DW201703-002 + https://www.prevanders.net/dwarfbug.html + + + + seth-arnold> fix cc37d6917011733d776ae228af4e5d6abe9613c1 + + + + + + + + + CVE-2017-9055 on Ubuntu 20.04 (focal) - medium. + An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 06:29:00 UTC + Marcel Bohme and Van-Thuan Pham + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9055.html + https://www.prevanders.net/dwarfbug.html#DW201703-001 + https://www.prevanders.net/dwarfbug.html + + + + seth-arnold> fix cc37d6917011733d776ae228af4e5d6abe9613c1 + + + + + + + + + CVE-2017-9058 on Ubuntu 20.04 (focal) - medium. + In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 06:29:00 UTC + 2017-05-18 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9058.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556 + https://github.com/Yeraze/ytnef/issues/45 + https://ubuntu.com/security/notices/USN-3667-1 + + + + seth-arnold> The fix is to a macro; I didn't see any uses in main but there may be some in universe + + + + + + + + + CVE-2017-9061 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9061.html + https://wordpress.org/news/2017/05/wordpress-4-7-5/ + https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6 + https://codex.wordpress.org/Version_4.7.5 + + + + + + + + + + CVE-2017-9062 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9062.html + https://wordpress.org/news/2017/05/wordpress-4-7-5/ + https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381 + https://codex.wordpress.org/Version_4.7.5 + + + + + + + + + + CVE-2017-9063 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9063.html + https://wordpress.org/news/2017/05/wordpress-4-7-5/ + https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3 + https://codex.wordpress.org/Version_4.7.5 + + + + + + + + + + CVE-2017-9064 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9064.html + https://wordpress.org/news/2017/05/wordpress-4-7-5/ + https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67 + https://codex.wordpress.org/Version_4.7.5 + + + + + + + + + + CVE-2017-9065 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9065.html + https://wordpress.org/news/2017/05/wordpress-4-7-5/ + https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4 + https://codex.wordpress.org/Version_4.7.5 + + + + + + + + + + CVE-2017-9066 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-18 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862816 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9066.html + https://wordpress.org/news/2017/05/wordpress-4-7-5/ + https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11 + https://codex.wordpress.org/Version_4.7.5 + + + + + + + + + + CVE-2017-9078 on Ubuntu 20.04 (focal) - medium. + The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-19 14:29:00 UTC + Mark Shepard + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862970 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9078.html + http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html + https://matt.ucc.asn.au/dropbear/CHANGES + + + + + + + + + + CVE-2017-9079 on Ubuntu 20.04 (focal) - medium. + Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-19 14:29:00 UTC + Jann Horn + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862970 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9079.html + http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html + https://matt.ucc.asn.au/dropbear/CHANGES + + + + + + + + + + CVE-2017-9103 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9103.html + http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=020d86e2eccc2dbdfa9dcca08ddb327cc7ca3ae2 + + + + + + + + + + CVE-2017-9104 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9104.html + http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=7ba7a232de0516d2cce934bdc91627b33b46ef47 + + + + + + + + + + CVE-2017-9105 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9105.html + http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=17afb298d90c5aafed76bd3855a5fe7dcd58594c + + + + + + + + + + CVE-2017-9106 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9106.html + http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=37792aacaf7abbcdac6a02715a5ef794b5147f13 + + + + + + + + + + CVE-2017-9107 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9107.html + http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=278f8eee581c4c4a0ddd0f98c4dc8c2974cf6b90 + + + + + + + + + + CVE-2017-9108 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9108.html + http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=72c6bfd77dfdb34457a792874fd1c3030fca90ac + + + + + + + + + + CVE-2017-9109 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9109.html + http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=fcf2b4e1faf22accb6184cca595aaee602839868 + + + + + + + + + + CVE-2017-9129 on Ubuntu 20.04 (focal) - medium. + The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-21 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9129.html + https://www.exploit-db.com/exploits/42207/ + + + + + + + + + + CVE-2017-9130 on Ubuntu 20.04 (focal) - medium. + The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-21 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9130.html + https://www.exploit-db.com/exploits/42207/ + + + + + + + + + + CVE-2017-9146 on Ubuntu 20.04 (focal) - low. + The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-22 18:29:00 UTC + 2017-05-22 + https://github.com/Yeraze/ytnef/issues/47 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862707 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9146.html + https://ubuntu.com/security/notices/USN-3667-1 + + + + + + + + + + CVE-2017-9216 on Ubuntu 20.04 (focal) - low. + libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-24 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863279 + https://bugs.ghostscript.com/show_bug.cgi?id=697934 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9216.html + + + + + + + + + + CVE-2017-9233 on Ubuntu 20.04 (focal) - medium. + XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-25 20:29:00 UTC + 2017-06-21 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9233.html + https://libexpat.github.io/doc/cve-2017-9233/ + https://ubuntu.com/security/notices/USN-3356-1 + https://ubuntu.com/security/notices/USN-3356-2 + + + + mdeslaur> we will not be fixing this in thunderbird, marking as ignored + + + + + + + + + + + + + + + + CVE-2017-9258 on Ubuntu 20.04 (focal) - medium. + The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file. It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-27 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9258.html + http://seclists.org/fulldisclosure/2017/Jul/62 + + + + + + + + + + CVE-2017-9259 on Ubuntu 20.04 (focal) - medium. + The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file. It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-27 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9259.html + http://seclists.org/fulldisclosure/2017/Jul/62 + + + + + + + + + + CVE-2017-9260 on Ubuntu 20.04 (focal) - medium. + The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-27 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9260.html + http://seclists.org/fulldisclosure/2017/Jul/62 + + + + + + + + + + CVE-2017-9269 on Ubuntu 20.04 (focal) - medium. + In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 20:29:00 UTC + Moritz Duge and Till Doerges + https://bugzilla.novell.com/show_bug.cgi?id=1045735 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9269.html + + + + + + + + + + CVE-2017-9271 on Ubuntu 20.04 (focal) - medium. + The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9271.html + https://bugzilla.suse.com/show_bug.cgi?id=1050625 + + + + ebarretto> No fix available as of 2020-12-28. + + + + + + + + + CVE-2017-9274 on Ubuntu 20.04 (focal) - medium. + A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9274.html + https://github.com/openSUSE/osc/commit/f0325eb0b58c266eb0905ccf827dc7eb864378a1 + + + + + + + + + + CVE-2017-9301 on Ubuntu 20.04 (focal) - medium. + plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-29 19:29:00 UTC + mikesalvatore + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9301.html + http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html + + + + ratliff> fixes not available as of 2017-08-01 mikesalvatore> fixes not available as of 2018-10-23 + + + + + + + + + CVE-2017-9304 on Ubuntu 20.04 (focal) - medium. + libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-31 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9304.html + https://github.com/VirusTotal/yara/issues/674 + https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699 + + + + + + + + + + CVE-2017-9324 on Ubuntu 20.04 (focal) - medium. + In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 06:29:00 UTC + Joerg-Thomas Vogt + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9324.html + https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/ + + + + + + + + + + CVE-2017-9334 on Ubuntu 20.04 (focal) - medium. + An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-01 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863884 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9334.html + http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html + http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html + + + + + + + + + + CVE-2017-9358 on Ubuntu 20.04 (focal) - medium. + A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-02 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863906 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9358.html + http://downloads.asterisk.org/pub/security/AST-2017-004.txt + https://bugs.debian.org/863906 + + + + + + + + + + CVE-2017-9412 on Ubuntu 20.04 (focal) - medium. + The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. It was discovered that LAME incorrectly handled certain audio files. An attacker could possibly use this issue to cause a denial of service or possibly other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-27 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9412.html + http://seclists.org/fulldisclosure/2017/Jul/63 + + + + + + + + + + CVE-2017-9430 on Ubuntu 20.04 (focal) - low. + Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-05 11:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/dnstracer/+bug/1734279 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9430.html + https://cxsecurity.com/issue/WLB-2017060030 + + + + + + + + + + CVE-2017-9434 on Ubuntu 20.04 (focal) - low. + Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. It was discovered that Crypto++ mishandled certain input. An attacker could use this vulnerability to leak potentially sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-05 14:29:00 UTC + mikesalvatore + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864214 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9434.html + https://github.com/weidai11/cryptopp/issues/414 + https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965 + + + + + + + + + + CVE-2017-9438 on Ubuntu 20.04 (focal) - low. + libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-05 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9438.html + https://github.com/VirusTotal/yara/issues/674 + https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7 + + + + + + + + + + CVE-2017-9465 on Ubuntu 20.04 (focal) - medium. + The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-06 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9465.html + https://github.com/VirusTotal/yara/issues/678 + https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661 + + + + + + + + + + CVE-2017-9470 on Ubuntu 20.04 (focal) - low. + In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-07 05:29:00 UTC + https://github.com/Yeraze/ytnef/issues/37 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9470.html + https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/ + + + + leosilva> same as CVE-2017-12142, code is not present in trusty. + + + + + + + + + CVE-2017-9471 on Ubuntu 20.04 (focal) - low. + In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-07 05:29:00 UTC + 2017-06-07 + https://github.com/Yeraze/ytnef/issues/39 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9471.html + https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/ + https://ubuntu.com/security/notices/USN-3667-1 + + + + + + + + + + CVE-2017-9472 on Ubuntu 20.04 (focal) - low. + In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-07 05:29:00 UTC + https://github.com/Yeraze/ytnef/issues/41 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870193 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9472.html + https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/ + + + + + + + + + + CVE-2017-9473 on Ubuntu 20.04 (focal) - low. + In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-07 05:29:00 UTC + 2017-06-07 + https://github.com/Yeraze/ytnef/issues/42 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870197 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9473.html + https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/ + https://ubuntu.com/security/notices/USN-3667-1 + + + + + + + + + + CVE-2017-9474 on Ubuntu 20.04 (focal) - low. + In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-07 05:29:00 UTC + https://github.com/Yeraze/ytnef/issues/40 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9474.html + https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/ + + + + + + + + + + CVE-2017-9520 on Ubuntu 20.04 (focal) - low. + The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-08 14:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9520.html + https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005 + https://github.com/radare/radare2/issues/7698 + + + + + + + + + + CVE-2017-9525 on Ubuntu 20.04 (focal) - low. + In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-09 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864466 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9525.html + http://www.openwall.com/lists/oss-security/2017/06/08/3 + http://bugs.debian.org/864466 + + + + jj> This appears to be mitigated by kernel symlink restrictions. The jj> crontabs dir has the sticky bit set jj> drwx-wx--T root crontab crontabs jj> which means symlinks within the dir must have the same uid as the jj> target. jj> It is still possible that a cron package update could trigger this race. seth-arnold> I believe that actually _exploiting_ the bug requires seth-arnold> updating the cron package. So long as there's no updates for cron, seth-arnold> the vulnerable code doesn't run. So if we find a second bug in seth-arnold> cron then we really should fix the race condition at the same seth-arnold> time, but so long as we don't push a cron update, the vulnerable seth-arnold> code just plain doesn't run. seth-arnold> the patch just narrows the time window for the race condition. + + + + + + + + + CVE-2017-9545 on Ubuntu 20.04 (focal) - medium. + The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. It was discovered that mpg123 incorrectly handled certain media files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-27 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9545.html + http://seclists.org/fulldisclosure/2017/Jul/65 + + + + + + + + + + CVE-2017-9735 on Ubuntu 20.04 (focal) - medium. + Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. It was discovered that Jetty incorrectly handled rejection of passwords. An attacker could use this issue to possibly obtain sensitive information via timing side-channel attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-16 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864898 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9735.html + https://github.com/eclipse/jetty.project/issues/1556 + https://github.com/eclipse/jetty.project/commit/042f325f1cd6e7891d72c7e668f5947b5457dc02 + https://github.com/eclipse/jetty.project/commit/f3751d70787fd8ab93932a51c60514c2eb37cb58 + https://github.com/eclipse/jetty.project/commit/2baa1abe4b1c380a30deacca1ed367466a1a62ea + https://bugs.debian.org/864631 + + + + + + + + + + CVE-2017-9742 on Ubuntu 20.04 (focal) - low. + The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21576 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9742.html + + + + + + + + + + CVE-2017-9743 on Ubuntu 20.04 (focal) - low. + The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21577 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9743.html + + + + + + + + + + CVE-2017-9744 on Ubuntu 20.04 (focal) - low. + The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=21578 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9744.html + + + + + + + + + + CVE-2017-9745 on Ubuntu 20.04 (focal) - low. + The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21579 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9745.html + + + + + + + + + + CVE-2017-9746 on Ubuntu 20.04 (focal) - low. + The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21580 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9746.html + + + + + + + + + + CVE-2017-9747 on Ubuntu 20.04 (focal) - low. + The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21581 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9747.html + + + + + + + + + + CVE-2017-9748 on Ubuntu 20.04 (focal) - low. + The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21582 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9748.html + + + + + + + + + + CVE-2017-9749 on Ubuntu 20.04 (focal) - low. + The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21586 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9749.html + + + + seth-arnold> Multiple test cases were attached to the bug report; one was fixed by an unknown commit + + + + + + + + + CVE-2017-9750 on Ubuntu 20.04 (focal) - low. + opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21587 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9750.html + + + + + + + + + + CVE-2017-9751 on Ubuntu 20.04 (focal) - low. + opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21588 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9751.html + + + + + + + + + + CVE-2017-9752 on Ubuntu 20.04 (focal) - low. + bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21589 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9752.html + + + + + + + + + + CVE-2017-9753 on Ubuntu 20.04 (focal) - low. + The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21591 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9753.html + + + + + + + + + + CVE-2017-9754 on Ubuntu 20.04 (focal) - low. + The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21591 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9754.html + + + + mdeslaur> same commit as CVE-2017-9753 + + + + + + + + + CVE-2017-9755 on Ubuntu 20.04 (focal) - low. + opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21594 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9755.html + + + + + + + + + + CVE-2017-9756 on Ubuntu 20.04 (focal) - low. + The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 04:29:00 UTC + Alexandre Adamski + https://sourceware.org/bugzilla/show_bug.cgi?id=21595 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9756.html + + + + sbeattie> PoC in bug report + + + + + + + + + CVE-2017-9761 on Ubuntu 20.04 (focal) - medium. + The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 16:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://github.com/radare/radare2/issues/7727 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9761.html + + + + + + + + + + CVE-2017-9762 on Ubuntu 20.04 (focal) - medium. + The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 16:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9762.html + https://github.com/radare/radare2/issues/7726 + + + + + + + + + + CVE-2017-9763 on Ubuntu 20.04 (focal) - medium. + The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-19 16:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://github.com/radare/radare2/issues/7723 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9763.html + + + + + + + + + + + + + CVE-2017-9765 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-20 00:29:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1049348 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9765.html + http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions + https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017) + + + + + + + + + + CVE-2017-9778 on Ubuntu 20.04 (focal) - low. + GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-21 07:29:00 UTC + Kang Li and Yue Yin + https://sourceware.org/bugzilla/show_bug.cgi?id=21600 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9778.html + + + + + + + + + + CVE-2017-9779 on Ubuntu 20.04 (focal) - low. + OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-07 14:29:00 UTC + https://caml.inria.fr/mantis/view.php?id=7557 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9779.html + https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html + + + + msalvatore> I believe this CVE has to do with unsafe handling of the TMPDIR environment variable in setuid binaries. msalvatore> Possible commits to resolve this are the same as those for CVE-2017-9772 msalvatore> I believe this CVE has to do with unsafe handling of the TMPDIR environment variable in setuid binaries. msalvatore> Possible commits to resolve this are the same as those for CVE-2017-9772 msalvatore> binaries built with ocamlopt will need to be rebuilt after a system upgrade + + + + + + + + + CVE-2017-9814 on Ubuntu 20.04 (focal) - low. + cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-17 13:18:00 UTC + Alberto Garcia, Francisco Oca, Suleman Ali + https://gitlab.freedesktop.org/cairo/cairo/issues/264 (main bug) + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868580 + https://bugs.freedesktop.org/show_bug.cgi?id=101547 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9814.html + + + + mdeslaur> as of 2020-11-26, no complete fix from upstream + + + + + + + + + CVE-2017-9831 on Ubuntu 20.04 (focal) - low. + An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-24 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9831.html + https://sourceforge.net/p/libmtp/mailman/message/35735992/ + https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ + + + + + + + + + + CVE-2017-9832 on Ubuntu 20.04 (focal) - low. + An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-24 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9832.html + https://sourceforge.net/p/libmtp/mailman/message/35729062/ + https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ + https://sourceforge.net/p/libmtp/mailman/message/35729062 + + + + + + + + + + CVE-2017-9841 on Ubuntu 20.04 (focal) - low. + Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-27 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9841.html + http://phpunit.vulnbusters.com/ + https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5 + https://github.com/sebastianbergmann/phpunit/pull/1956 + + + + + + + + + + CVE-2017-9847 on Ubuntu 20.04 (focal) - medium. + The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-24 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865845 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9847.html + https://github.com/arvidn/libtorrent/issues/2099 + + + + + + + + + + CVE-2017-9869 on Ubuntu 20.04 (focal) - negligible. + The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-06-25 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9869.html + https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/ + + + + ratliff> reproducer doesn't crash on t-z (no ASAN) + + + + + + + + + CVE-2017-9870 on Ubuntu 20.04 (focal) - low. + The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-25 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9870.html + https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-iii_i_stereo-layer3-c/ + + + + ratliff> reproducer doesn't crash on zesty (no ASAN) ratliff> no patch available on 2017-06-26 + + + + + + + + + CVE-2017-9871 on Ubuntu 20.04 (focal) - low. + The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-25 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9871.html + https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/ + + + + ratliff> reproducer doesn't crash on zesty (no ASAN) ratliff> no patch available on 2017-06-26 + + + + + + + + + CVE-2017-9872 on Ubuntu 20.04 (focal) - low. + The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-25 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9872.html + https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/ + + + + ratliff> reproducer doesn't crash on zesty (no ASAN) ratliff> no patch available 2017-06-26 + + + + + + + + + CVE-2017-9928 on Ubuntu 20.04 (focal) - medium. + In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-26 07:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866022 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9928.html + https://github.com/ckolivas/lrzip/issues/74 + http://somevulnsofadlab.blogspot.com/2017/06/lrzipstack-buffer-overflow-in.html + + + + + + + + + + CVE-2017-9929 on Ubuntu 20.04 (focal) - medium. + In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-26 07:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866020 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9929.html + https://github.com/ckolivas/lrzip/issues/75 + http://somevulnsofadlab.blogspot.com/2017/06/lrzipstack-buffer-overflow-in_24.html + + + + + + + + + + CVE-2017-9937 on Ubuntu 20.04 (focal) - negligible. + In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-06-26 12:29:00 UTC + http://bugzilla.maptools.org/show_bug.cgi?id=2707 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869708 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9937.html + + + + mdeslaur> reported in libtiff, but issue lies in jbigkit mdeslaur> as of 2018-03-22, no fix available mdeslaur> mdeslaur> this is a DoS only and is caused by the fact that jbigkit mdeslaur> handles failed memory allocations with abort(). (See mdeslaur> checked_malloc()). Fixing this properly would likely require mdeslaur> changing the library ABI. + + + + + + + + + CVE-2017-9949 on Ubuntu 20.04 (focal) - medium. + The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-26 20:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866068 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9949.html + https://github.com/radare/radare2/issues/7683 + https://github.com/radare/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191 + + + + + + + + + + CVE-2017-9954 on Ubuntu 20.04 (focal) - low. + The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-26 23:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=21670 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9954.html + + + + ratliff> reproducer doesn't crash on trusty,zesty (no ASAN) sbeattie> second commit is a partial revert of the first, correcting a leaked in change. + + + + + + + + + CVE-2017-9955 on Ubuntu 20.04 (focal) - low. + The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-26 23:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=21665 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9955.html + + + + sbeattie> PoC in bug report leosilva> fix for this issue causes a serious regression in xenial leosilva> in arm64 and armhf + + + + + + + + + CVE-2017-9998 on Ubuntu 20.04 (focal) - medium. + The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-28 11:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9998.html + https://bugzilla.redhat.com/show_bug.cgi?id=1465756 + + + + + + + + + + CVE-2018-0493 on Ubuntu 20.04 (focal) - medium. + remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-0493.html + + + + + + + + + + CVE-2018-0497 on Ubuntu 20.04 (focal) - medium. + ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-28 17:29:00 UTC + 2018-07-28 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-0497.html + https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 + https://ubuntu.com/security/notices/USN-4267-1 + + + + + + + + + + CVE-2018-0498 on Ubuntu 20.04 (focal) - medium. + ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-28 17:29:00 UTC + 2018-07-28 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-0498.html + https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 + https://ubuntu.com/security/notices/USN-4267-1 + + + + + + + + + + CVE-2018-0503 on Ubuntu 20.04 (focal) - medium. + Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-04 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-0503.html + https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html + https://phabricator.wikimedia.org/T169545 + + + + + + + + + + CVE-2018-0504 on Ubuntu 20.04 (focal) - medium. + Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-04 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-0504.html + https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html + https://phabricator.wikimedia.org/T187638 + + + + + + + + + + CVE-2018-0505 on Ubuntu 20.04 (focal) - medium. + Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-04 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-0505.html + https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html + https://phabricator.wikimedia.org/T194605 + + + + + + + + + + CVE-2018-0608 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-0608.html + https://github.com/h2o/h2o/issues/1775 + + + + + + + + + + CVE-2018-1000021 on Ubuntu 20.04 (focal) - low. + GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-09 23:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889680 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000021.html + http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html + + + + + + + + + + CVE-2018-1000036 on Ubuntu 20.04 (focal) - low. + In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-24 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000036.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502 + + + + + + + + + + CVE-2018-1000037 on Ubuntu 20.04 (focal) - low. + In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-24 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000037.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564 + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c + + + + + + + + + + CVE-2018-1000038 on Ubuntu 20.04 (focal) - medium. + In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-24 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000038.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5494 + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b + + + + + + + + + + CVE-2018-1000039 on Ubuntu 20.04 (focal) - medium. + In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-24 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000039.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5492 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5513 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5521 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5604 + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995 + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b + + + + + + + + + + CVE-2018-1000040 on Ubuntu 20.04 (focal) - low. + In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-24 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000040.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5596 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5600 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5603 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5609 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5610 + http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607 + + + + + + + + + + CVE-2018-1000050 on Ubuntu 20.04 (focal) - medium. + Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. that can result in memory corruption, denial of service, comprised execution of host program. This attack appear to be exploitable via Victim must open a specially crafted Ogg Vorbis file. This vulnerability appears to have been fixed in 1.13. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-09 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000050.html + https://github.com/nothings/stb/commit/dfff6f5e7cd412876fe6282f157c1928b99d1de9 + https://github.com/nothings/stb/commit/244d83bc3d859293f55812d48b3db168e581f6ab + + + + + + + + + + CVE-2018-1000051 on Ubuntu 20.04 (focal) - medium. + Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-09 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000051.html + https://bugs.ghostscript.com/show_bug.cgi?id=698825 + https://bugs.ghostscript.com/show_bug.cgi?id=698873 + + + + + + + + + + CVE-2018-1000069 on Ubuntu 20.04 (focal) - medium. + FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000069.html + https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser + https://www.youtube.com/watch?v=7IXtiTNilAI + + + + + + + + + + CVE-2018-1000071 on Ubuntu 20.04 (focal) - untriaged. + roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000071.html + https://github.com/roundcube/roundcubemail/issues/6173 + https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt + + + + + + + + + + CVE-2018-1000073 on Ubuntu 20.04 (focal) - low. + RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 15:29:00 UTC + 2018-03-13 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000073.html + https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2 + https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ + https://ubuntu.com/security/notices/USN-3621-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2018-1000074 on Ubuntu 20.04 (focal) - medium. + RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. It was discovered that the RubyGems embedded in JRuby would deserialize unsafe objects in untrusted YAML. If a user were tricked into using the `gem owner` command on a malicious ruby gem, JRuby could execute a malicious payload. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 15:29:00 UTC + 2018-03-13 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000074.html + https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d + https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ + https://ubuntu.com/security/notices/USN-3621-1 + https://ubuntu.com/security/notices/USN-3621-2 + https://ubuntu.com/security/notices/USN-3685-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2018-1000075 on Ubuntu 20.04 (focal) - medium. + RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. It was discovered that the RubyGems embedded in JRuby failed to validate the size value in the tar header of ruby gem packages. An attacker could use this vulnerability to cause a denial of service via an infinite loop. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 15:29:00 UTC + 2018-03-13 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000075.html + https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83 + https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ + https://ubuntu.com/security/notices/USN-3621-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2018-1000076 on Ubuntu 20.04 (focal) - low. + RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. It was discovered that the RubyGems embedded in JRuby did not properly verify cryptographic signatures of gems. An attacker could use this vulnerability to trick a victim into installing a malicious gem. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 15:29:00 UTC + 2018-03-13 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000076.html + https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693 + https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ + https://ubuntu.com/security/notices/USN-3621-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2018-1000077 on Ubuntu 20.04 (focal) - medium. + RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. It was discovered that the RubyGems embedded in JRuby failed to validate the a gem's homepage URL. As a result, a malicious gem could set an invalid or malicious homepage URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 15:29:00 UTC + 2018-03-13 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000077.html + https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964 + https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ + https://ubuntu.com/security/notices/USN-3621-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2018-1000078 on Ubuntu 20.04 (focal) - medium. + RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. It was discovered that the RubyGems embedded in JRuby contained a Cross Site Scripting (XSS) vulnerability. If a victim were to browse a malicious gem on a vulnerable gem server, an attacker could execute arbitrary javascript in the victim's browser. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 15:29:00 UTC + 2018-03-13 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000078.html + https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb + https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ + https://ubuntu.com/security/notices/USN-3621-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2018-1000079 on Ubuntu 20.04 (focal) - medium. + RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 15:29:00 UTC + 2018-03-13 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000079.html + https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759 + https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099 + https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ + https://ubuntu.com/security/notices/USN-3621-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2018-1000088 on Ubuntu 20.04 (focal) - medium. + Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-13 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891069 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000088.html + https://github.com/doorkeeper-gem/doorkeeper/issues/969 + https://github.com/doorkeeper-gem/doorkeeper/pull/970 + + + + + + + + + + CVE-2018-1000100 on Ubuntu 20.04 (focal) - medium. + GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulnerability in src/isomedia/avc_ext.c lines 2417 to 2420 that can result in Heap chunks being modified, this could lead to RCE. This attack appear to be exploitable via an attacker supplied MP4 file that when run by the victim may result in RCE. It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-06 17:29:00 UTC + 2018-03-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000100.html + https://github.com/gpac/gpac/issues/994 + https://ubuntu.com/security/notices/USN-3926-1 + + + + + + + + + + CVE-2018-1000101 on Ubuntu 20.04 (focal) - medium. + Mingw-w64 version 5.0.3 and earlier contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-06 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000101.html + https://sourceforge.net/p/mingw-w64/bugs/709/ + + + + + + + + + + CVE-2018-1000135 on Ubuntu 20.04 (focal) - low. + GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-20 13:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671 + https://bugzilla.gnome.org/show_bug.cgi?id=746422 + https://bugzilla.redhat.com/show_bug.cgi?id=1553634 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000135.html + + + + + + + + + + CVE-2018-1000140 on Ubuntu 20.04 (focal) - medium. + rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-23 21:29:00 UTC + 2018-03-23 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000140.html + https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205 + https://lgtm.com/rules/1505913226124/ + https://ubuntu.com/security/notices/USN-3612-1 + + + + mdeslaur> only used by rsyslog-relp packages in trusty, which is in mdeslaur> universe. + + + + + + + + + CVE-2018-1000161 on Ubuntu 20.04 (focal) - low. + nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-18 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000161.html + + + + + + + + + + CVE-2018-1000178 on Ubuntu 20.04 (focal) - medium. + A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-08 15:29:00 UTC + 2018-05-08 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914 + https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000178.html + https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master) + https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b (0.12) + http://www.openwall.com/lists/oss-security/2018/04/27/1 + https://ubuntu.com/security/notices/USN-4594-1 + + + + + + + + + + CVE-2018-1000179 on Ubuntu 20.04 (focal) - low. + A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-08 15:29:00 UTC + 2018-05-08 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896915 + https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000179.html + https://github.com/quassel/quassel/commit/e17fca767d60c06ca02bc5898ced04f06d3670bd (master) + https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e (0.12) + http://www.openwall.com/lists/oss-security/2018/04/27/1 + https://ubuntu.com/security/notices/USN-4594-1 + + + + + + + + + + CVE-2018-1000180 on Ubuntu 20.04 (focal) - medium. + Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-05 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000180.html + https://www.bouncycastle.org/jira/browse/BJA-694 + https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test + + + + leosilva> trusty is not affected. Issue introduced in 1.54 + + + + + + + + + CVE-2018-1000205 on Ubuntu 20.04 (focal) - negligible. + U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000205.html + https://lists.denx.de/pipermail/u-boot/2018-June/330454.html + https://lists.denx.de/pipermail/u-boot/2018-June/330898.html + + + + mdeslaur> verified boot not used in Ubuntu, setting as "negligible" + + + + + + + + + CVE-2018-1000211 on Ubuntu 20.04 (focal) - medium. + Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000211.html + https://github.com/doorkeeper-gem/doorkeeper/issues/891 + https://github.com/doorkeeper-gem/doorkeeper/pull/1119 + + + + + + + + + + CVE-2018-1000215 on Ubuntu 20.04 (focal) - medium. + Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-20 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000215.html + https://github.com/DaveGamble/cJSON/issues/267 + https://github.com/DaveGamble/cJSON/commit/af5b4911de6e00306370460d978ac1654d3aeaec + + + + + + + + + + CVE-2018-1000223 on Ubuntu 20.04 (focal) - medium. + soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility. It was discovered that SoundTouch incorrectly handled ccertain WAV files. A remote attacker could possibly use this issue to cause arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-20 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905491 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000223.html + https://gitlab.com/soundtouch/soundtouch/issues/6 + + + + + + + + + + CVE-2018-1000520 on Ubuntu 20.04 (focal) - low. + ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted.. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000520.html + https://github.com/ARMmbed/mbedtls/issues/1561 + + + + + + + + + + CVE-2018-1000528 on Ubuntu 20.04 (focal) - medium. + GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000528.html + https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001 + https://github.com/gosa-project/gosa-core/issues/14 + https://ubuntu.com/security/notices/USN-4609-1 + + + + + + + + + + CVE-2018-1000532 on Ubuntu 20.04 (focal) - medium. + beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000532.html + https://github.com/johnath/beep/issues/11#issuecomment-379514298 + + + + + + + + + + CVE-2018-1000539 on Ubuntu 20.04 (focal) - medium. + Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902721 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000539.html + https://github.com/nov/json-jwt/pull/62 + https://github.com/nov/json-jwt/commit/3393f394f271c87bd42ec23c300727b4437d1638 + + + + + + + + + + CVE-2018-1000544 on Ubuntu 20.04 (focal) - medium. + rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000544.html + https://github.com/rubyzip/rubyzip/issues/369 + + + + + + + + + + CVE-2018-1000546 on Ubuntu 20.04 (focal) - medium. + Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000546.html + https://0dd.zone/2018/05/31/TripleA-XXE/ + https://github.com/triplea-game/triplea/issues/3442 + + + + + + + + + + CVE-2018-1000548 on Ubuntu 20.04 (focal) - medium. + Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000548.html + http://0dd.zone/2018/04/23/UMLet-XXE/ + https://github.com/umlet/umlet/issues/500 + + + + + + + + + + CVE-2018-1000550 on Ubuntu 20.04 (focal) - medium. + The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + 2018-09-05 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000550.html + https://sympa-community.github.io/security/2018-001.html + https://ubuntu.com/security/notices/USN-4442-1 + + + + + + + + + + CVE-2018-1000556 on Ubuntu 20.04 (focal) - medium. + WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. . + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000556.html + https://www.pluginvulnerabilities.com/2017/04/28/reflected-cross-site-scripting-xss-vulnerability-in-wp-statistics/ + + + + + + + + + + CVE-2018-1000557 on Ubuntu 20.04 (focal) - negligible. + OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000557.html + + + + ebarretto> Authentication is needed, only supported in trusted ebarretto> environments, see debtags + + + + + + + + + CVE-2018-1000558 on Ubuntu 20.04 (focal) - negligible. + OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000558.html + + + + + + + + + + CVE-2018-1000559 on Ubuntu 20.04 (focal) - low. + qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted <title> attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000559.html + https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7 + https://github.com/qutebrowser/qutebrowser/commit/5a7869f2feaa346853d2a85413d6527c87ef0d9f + https://github.com/qutebrowser/qutebrowser/issues/4011 + + + + + + + + + + CVE-2018-1000613 on Ubuntu 20.04 (focal) - medium. + Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-09 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000613.html + + + + debian> (XMSS/XMSS^MT algorithms were first introduced in BC >= 1.57) + + + + + + + + + CVE-2018-1000632 on Ubuntu 20.04 (focal) - low. + dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-20 19:31:00 UTC + 2018-08-20 19:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000632.html + https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387 + https://github.com/dom4j/dom4j/issues/48 + https://ihacktoprotect.com/post/dom4j-xml-injection/ + https://ubuntu.com/security/notices/USN-4619-1 + + + + + + + + + + CVE-2018-1000637 on Ubuntu 20.04 (focal) - medium. + zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-20 19:31:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904819 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000637.html + http://www.openwall.com/lists/oss-security/2018/08/05/1 + https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html + https://bugs.debian.org/904819 + + + + + + + + + + CVE-2018-1000639 on Ubuntu 20.04 (focal) - medium. + LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-20 19:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000639.html + https://0dd.zone/2018/08/05/LatexDraw-XXE/ + https://github.com/arnobl/latexdraw/issues/10 + + + + + + + + + + CVE-2018-1000652 on Ubuntu 20.04 (focal) - medium. + JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-20 19:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000652.html + https://github.com/JabRef/jabref/issues/4229 + https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e + https://0dd.zone/2018/08/08/JabRef-XXE/ + + + + + + + + + + CVE-2018-1000654 on Ubuntu 20.04 (focal) - negligible. + GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-08-20 19:31:00 UTC + https://gitlab.com/gnutls/libtasn1/issues/4 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906768 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000654.html + + + + mdeslaur> only an issue during at build time, not at runtime. As such, mdeslaur> marking as negigible leosilva> no upstream fix as of 2018-10-09 + + + + + + + + + CVE-2018-1000665 on Ubuntu 20.04 (focal) - low. + Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000665.html + https://github.com/dojo/dojo/pull/307 + https://dojotoolkit.org/blog/dojo-1-14-released + + + + + + + + + + CVE-2018-1000667 on Ubuntu 20.04 (focal) - low. + NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file.. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 17:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392507 + https://github.com/cyrillos/nasm/issues/3 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000667.html + + + + + + + + + + CVE-2018-1000671 on Ubuntu 20.04 (focal) - medium. + sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 18:29:00 UTC + 2018-09-06 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908165 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000671.html + https://github.com/sympa-community/sympa/issues/268 + https://ubuntu.com/security/notices/USN-4442-1 + + + + + + + + + + CVE-2018-1000773 on Ubuntu 20.04 (focal) - low. + WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000773.html + https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/ + https://youtu.be/GePBmsNJw6Y?t=1763 + + + + + + + + + + CVE-2018-1000801 on Ubuntu 20.04 (focal) - low. + okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 It was discovered that Okular mishandled certain crafted archives during extraction. An attacker could use this vulnerability to write arbitrary files to the filesystem. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 18:29:00 UTC + mikesalvatore + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908168 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000801.html + https://bugs.kde.org/show_bug.cgi?id=398096 + https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47 + + + + msalvatore> The POC does not successfully execute on xenial and trusty. Further triage and audit are needed to verify whether or not xenial and trusty are vulnerable. + + + + + + + + + CVE-2018-1000825 on Ubuntu 20.04 (focal) - medium. + FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000825.html + https://0dd.zone/2018/10/28/freecol-XXE/ + https://github.com/FreeCol/freecol/issues/26 + + + + + + + + + + CVE-2018-1000832 on Ubuntu 20.04 (focal) - medium. + ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000832.html + https://0dd.zone/2018/10/28/zoneminder-Object-Injection/ + https://github.com/ZoneMinder/zoneminder/issues/2271 + + + + + + + + + + CVE-2018-1000833 on Ubuntu 20.04 (focal) - medium. + ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000833.html + https://0dd.zone/2018/10/28/zoneminder-Object-Injection-2/ + https://github.com/ZoneMinder/zoneminder/issues/2272 + + + + + + + + + + CVE-2018-1000840 on Ubuntu 20.04 (focal) - medium. + Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000840.html + https://github.com/processing/processing/issues/5706 + https://twitter.com/ben_fry/status/1054333613465059329 + + + + + + + + + + CVE-2018-1000871 on Ubuntu 20.04 (focal) - medium. + HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000871.html + https://www.exploit-db.com/exploits/45976 + + + + + + + + + + CVE-2018-1000872 on Ubuntu 20.04 (focal) - medium. + OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000872.html + https://github.com/OpenKMIP/PyKMIP/issues/430 + + + + + + + + + + CVE-2018-1000873 on Ubuntu 20.04 (focal) - low. + Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000873.html + https://github.com/FasterXML/jackson-modules-java8/issues/90 + https://github.com/FasterXML/jackson-modules-java8/pull/87 + + + + + + + + + + CVE-2018-1000875 on Ubuntu 20.04 (focal) - medium. + Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000875.html + https://github.com/BOINC/boinc/issues/2907 + + + + + + + + + + CVE-2018-1000876 on Ubuntu 20.04 (focal) - low. + binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 17:29:00 UTC + 2018-12-20 17:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23994 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000876.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-1000886 on Ubuntu 20.04 (focal) - negligible. + nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 21:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392514 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000886.html + + + + + + + + + + CVE-2018-10016 on Ubuntu 20.04 (focal) - negligible. + Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-04-11 05:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392473 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895408 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10016.html + + + + + + + + + + CVE-2018-10017 on Ubuntu 20.04 (focal) - low. + soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops. It was discovered that OpenMPT incorrectly handled certain failes. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-11 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895406 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10017.html + https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76 + https://lib.openmpt.org/libopenmpt/2018/04/08/security-updates-0.3.8-0.2-beta31-0.2.7561-beta20.5-p8-0.2.7386-beta20.3-p11/ + https://openmpt.org/openmpt-1-27-07-00-released + + + + + + + + + + CVE-2018-1002100 on Ubuntu 20.04 (focal) - medium. + In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-02 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929225 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1002100.html + https://github.com/kubernetes/kubernetes/issues/61297 + https://github.com/kubernetes/kubernetes/commit/f180c969ccd47b9d00dbaf5cbd5b37eb8b49ae08 (1.9.x) + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2018-1002102 on Ubuntu 20.04 (focal) - medium. + Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-05 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1002102.html + https://github.com/kubernetes/kubernetes/issues/85867 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2018-1002105 on Ubuntu 20.04 (focal) - medium. + In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-05 21:29:00 UTC + Darren Shepherd + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1002105.html + https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88 + https://github.com/kubernetes/kubernetes/issues/71411 + + + + + + + + + + CVE-2018-1002200 on Ubuntu 20.04 (focal) - medium. + plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. It was discovered that plexus-archiver incorectly handled directory traversal during extraction. An attacker could possibly use this for a Zip-Slip attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-25 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900953 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1002200.html + https://github.com/codehaus-plexus/plexus-archiver/pull/87 + + + + + + + + + + CVE-2018-1002208 on Ubuntu 20.04 (focal) - low. + SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-25 17:29:00 UTC + https://github.com/icsharpcode/SharpZipLib/issues/232 + https://github.com/mono/mono/issues/11492 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1002208.html + https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247 + + + + + + + + + + CVE-2018-1002209 on Ubuntu 20.04 (focal) - medium. + QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-25 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1002209.html + https://bugzilla.redhat.com/show_bug.cgi?id=1593011 + + + + + + + + + + CVE-2018-10057 on Ubuntu 20.04 (focal) - medium. + The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-05 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10057.html + http://www.openwall.com/lists/oss-security/2018/06/03/1 + + + + + + + + + + CVE-2018-10058 on Ubuntu 20.04 (focal) - medium. + The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-05 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10058.html + http://www.openwall.com/lists/oss-security/2018/06/03/1 + + + + + + + + + + CVE-2018-10060 on Ubuntu 20.04 (focal) - medium. + Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-12 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10060.html + https://github.com/Cacti/cacti/issues/1457 + + + + + + + + + + CVE-2018-10061 on Ubuntu 20.04 (focal) - medium. + Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-12 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10061.html + https://github.com/Cacti/cacti/issues/1457 + + + + + + + + + + CVE-2018-10100 on Ubuntu 20.04 (focal) - medium. + Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-16 09:58:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10100.html + https://core.trac.wordpress.org/changeset/42892 + https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e + https://codex.wordpress.org/Version_4.9.5 + https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/ + + + + + + + + + + CVE-2018-10102 on Ubuntu 20.04 (focal) - medium. + Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-16 09:58:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10102.html + https://core.trac.wordpress.org/changeset/42893 + https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d + https://codex.wordpress.org/Version_4.9.5 + https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/ + + + + + + + + + + CVE-2018-10111 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-16 09:58:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10111.html + https://github.com/xiaoqx/pocs/tree/master/gegl + + + + + + + + + + CVE-2018-10112 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-16 09:58:00 UTC + https://bugzilla.gnome.org/show_bug.cgi?id=795249 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10112.html + https://github.com/xiaoqx/pocs/tree/master/gegl + + + + + + + + + + CVE-2018-10113 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-16 09:58:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10113.html + https://github.com/xiaoqx/pocs/tree/master/gegl + + + + + + + + + + CVE-2018-10114 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-16 09:58:00 UTC + https://bugzilla.gnome.org/show_bug.cgi?id=795248 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10114.html + https://github.com/xiaoqx/pocs/tree/master/gegl + + + + + + + + + + CVE-2018-10115 on Ubuntu 20.04 (focal) - medium. + Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-02 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897674 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10115.html + https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ + https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/ + + + + + + + + + + CVE-2018-10126 on Ubuntu 20.04 (focal) - low. + LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-21 21:29:00 UTC + http://bugzilla.maptools.org/show_bug.cgi?id=2786 (old) + https://gitlab.com/libtiff/libtiff/issues/128 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10126.html + + + + mdeslaur> as of 2021-02-24, no upstream fix + + + + + + + + + CVE-2018-10186 on Ubuntu 20.04 (focal) - untriaged. + In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-17 20:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10186.html + https://github.com/radare/radare2/issues/9915 + + + + + + + + + + CVE-2018-10187 on Ubuntu 20.04 (focal) - untriaged. + In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-17 20:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10187.html + https://github.com/radare/radare2/issues/9913 + + + + + + + + + + CVE-2018-10191 on Ubuntu 20.04 (focal) - untriaged. + In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-17 21:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/mruby/+bug/1763905 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10191.html + https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626 + https://github.com/mruby/mruby/issues/3995 + + + + + + + + + + CVE-2018-10196 on Ubuntu 20.04 (focal) - low. + NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-30 21:29:00 UTC + https://gitlab.com/graphviz/graphviz/issues/1367 + https://issuetracker.google.com/issues/77810342 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898841 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10196.html + + + + + + + + + + CVE-2018-10198 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-06 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10198.html + https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework + https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2018-10199 on Ubuntu 20.04 (focal) - untriaged. + In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-18 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10199.html + https://github.com/mruby/mruby/commit/b51b21fc63c9805862322551387d9036f2b63433 + https://github.com/mruby/mruby/issues/4001 + + + + + + + + + + CVE-2018-10243 on Ubuntu 20.04 (focal) - medium. + htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-04 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10243.html + + + + + + + + + + + + + CVE-2018-10245 on Ubuntu 20.04 (focal) - negligible. + A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-04-20 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10245.html + https://github.com/theyiyibest/AWStatsFullPathDisclosure + + + + + + + + + + CVE-2018-10254 on Ubuntu 20.04 (focal) - low. + Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-21 16:29:00 UTC + https://sourceforge.net/p/nasm/bugs/561/ + https://bugzilla.nasm.us/show_bug.cgi?id=3392475 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896523 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10254.html + + + + mdeslaur> no fix as of 2019-04-25 + + + + + + + + + CVE-2018-10289 on Ubuntu 20.04 (focal) - untriaged. + In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-22 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896545 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10289.html + https://bugs.ghostscript.com/show_bug.cgi?id=699271 + + + + + + + + + + CVE-2018-10316 on Ubuntu 20.04 (focal) - negligible. + Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 02:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392474 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10316.html + + + + + + + + + + CVE-2018-10361 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-25 05:29:00 UTC + Matthias Gerstner + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896836 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10361.html + http://www.openwall.com/lists/oss-security/2018/04/24/1 + https://bugzilla.suse.com/show_bug.cgi?id=1033055 + + + + + + + + + + CVE-2018-10372 on Ubuntu 20.04 (focal) - low. + process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-25 09:29:00 UTC + 2018-04-25 09:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23064 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10372.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-10373 on Ubuntu 20.04 (focal) - low. + concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-25 09:29:00 UTC + 2018-04-25 09:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23065 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10373.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-10380 on Ubuntu 20.04 (focal) - medium. + kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-08 12:29:00 UTC + Fabian Vogt + https://bugs.launchpad.net/bugs/1768649 + https://bugs.launchpad.net/bugs/1769187 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10380.html + https://www.kde.org/info/security/advisory-20180503-1.txt + https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 (Plasma 5.12) + https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 (Plasma 5.12) + https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 (Plasma 5.8) + https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b (Plasma 5.8) + + + + sbeattie> first attempt at fixing this caused a regression in at least artful and xenial, thus reverted. + + + + + + + + + CVE-2018-10392 on Ubuntu 20.04 (focal) - low. + mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-26 05:29:00 UTC + https://gitlab.xiph.org/xiph/vorbis/issues/2335 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10392.html + + + + + + + + + + CVE-2018-10393 on Ubuntu 20.04 (focal) - low. + bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-26 05:29:00 UTC + https://gitlab.xiph.org/xiph/vorbis/issues/2334 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10393.html + + + + mdeslaur> same patch as CVE-2017-14160 + + + + + + + + + CVE-2018-1046 on Ubuntu 20.04 (focal) - medium. + pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-16 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898255 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1046.html + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html + + + + + + + + + + CVE-2018-1047 on Ubuntu 20.04 (focal) - untriaged. + A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-01-24 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1047.html + https://issues.jboss.org/browse/WFLY-9620 + https://developer.jboss.org/thread/276826 + https://bugzilla.redhat.com/show_bug.cgi?id=1528361 + + + + + + + + + + CVE-2018-10471 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-27 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10471.html + https://xenbits.xen.org/xsa/advisory-259.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-10472 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-27 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10472.html + https://xenbits.xen.org/xsa/advisory-258.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-1048 on Ubuntu 20.04 (focal) - untriaged. + It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-01-24 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1048.html + https://bugzilla.redhat.com/show_bug.cgi?id=1534343 + + + + + + + + + + CVE-2018-1051 on Ubuntu 20.04 (focal) - low. + It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-25 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1051.html + https://bugzilla.redhat.com/show_bug.cgi?id=1535411 + + + + msalvatore> Incomplete fix for CVE-2016-9606 not applied. That fix just disables msalvatore> the YamlProvider by default. There is no fix for this issue msalvatore> other than to mitigate it by requiring authentication and authorization msalvatore> on endpoints expecting YAML input. + + + + + + + + + + + + CVE-2018-10528 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-29 03:29:00 UTC + 2018-04-28 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897185 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10528.html + https://github.com/LibRaw/LibRaw/issues/144 + https://ubuntu.com/security/notices/USN-3639-1 + + + + + + + + + + + + + + + + + CVE-2018-10529 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-29 03:29:00 UTC + 2018-04-28 + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897186 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10529.html + https://github.com/LibRaw/LibRaw/issues/144 + https://ubuntu.com/security/notices/USN-3639-1 + + + + + + + + + + + + + + + + + CVE-2018-10534 on Ubuntu 20.04 (focal) - low. + The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-29 15:29:00 UTC + 2018-04-29 15:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23110 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10534.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-10535 on Ubuntu 20.04 (focal) - low. + The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-29 15:29:00 UTC + 2018-04-29 15:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23113 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10535.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-1054 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-07 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892124 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1054.html + https://bugzilla.redhat.com/show_bug.cgi?id=1537314 + https://pagure.io/389-ds-base/issue/49545 + + + + + + + + + + CVE-2018-1059 on Ubuntu 20.04 (focal) - low. + The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 18:29:00 UTC + 2018-04-24 + Maxime Coquelin + https://bugzilla.redhat.com/show_bug.cgi?id=1544298 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896688 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1059.html + https://access.redhat.com/security/cve/cve-2018-1059 + https://ubuntu.com/security/notices/USN-3642-1 + https://ubuntu.com/security/notices/USN-3642-2 + + + + + + + + + + CVE-2018-1060 on Ubuntu 20.04 (focal) - low. + python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-18 14:29:00 UTC + 2018-06-18 + mdeslaur + https://bugs.python.org/issue32981 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1060.html + https://ubuntu.com/security/notices/USN-3817-1 + https://ubuntu.com/security/notices/USN-3817-2 + + + + + + + + + + CVE-2018-1061 on Ubuntu 20.04 (focal) - low. + python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 12:29:00 UTC + 2018-06-19 + mdeslaur + https://bugs.python.org/issue32981 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1061.html + https://ubuntu.com/security/notices/USN-3817-1 + https://ubuntu.com/security/notices/USN-3817-2 + + + + mdeslaur> same commits as CVE-2018-1060 + + + + + + + + + CVE-2018-1063 on Ubuntu 20.04 (focal) - low. + Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-02 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1063.html + https://bugzilla.redhat.com/show_bug.cgi?id=1550122 + + + + + + + + + + CVE-2018-10657 on Ubuntu 20.04 (focal) - medium. + Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-02 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10657.html + https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb + https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/ + https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI/edit#heading=h.fj95ykuss7s1 + + + + leosilva> code is quite different in bionic and artful versus patch. + + + + + + + + + CVE-2018-1067 on Ubuntu 20.04 (focal) - medium. + In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-21 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1067.html + https://issues.jboss.org/browse/UNDERTOW-1302 + + + + + + + + + + CVE-2018-10685 on Ubuntu 20.04 (focal) - medium. + In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-02 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10685.html + https://github.com/ckolivas/lrzip/issues/95 + + + + + + + + + + CVE-2018-10733 on Ubuntu 20.04 (focal) - low. + There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-04 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897954 + https://bugzilla.redhat.com/show_bug.cgi?id=1574844 + https://bugs.launchpad.net/ubuntu/+source/libgxps/+bug/1797785 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10733.html + + + + + + + + + + CVE-2018-10753 on Ubuntu 20.04 (focal) - medium. + Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-05 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897966 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10753.html + https://github.com/leesavide/abcm2ps/issues/16 + https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc + https://drive.google.com/drive/u/2/folders/1DvBEh5D-eW4UkvX3947UQh62i7hUIFN1 + + + + + + + + + + CVE-2018-10756 on Ubuntu 20.04 (focal) - low. + Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10756.html + https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e + https://tomrichards.net/2020/05/cve-2018-10756-transmission/ + + + + + + + + + + CVE-2018-10767 on Ubuntu 20.04 (focal) - low. + There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-06 23:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898133 + https://bugzilla.redhat.com/show_bug.cgi?id=1575188 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10767.html + + + + + + + + + + CVE-2018-10771 on Ubuntu 20.04 (focal) - untriaged. + Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-05-07 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898130 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10771.html + https://github.com/leesavide/abcm2ps/issues/17 + https://github.com/leesavide/abcm2ps/commit/dc0372993674d0b50fedfbf7b9fad1239b8efc5f + https://drive.google.com/open?id=1HE9cht7WJPauA66acyJrEywXX8R4Hg-2 + + + + + + + + + + CVE-2018-10773 on Ubuntu 20.04 (focal) - untriaged. + NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-05-07 07:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898135 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10773.html + https://docs.google.com/document/d/1k598A16gV9HPwFXnYkyrPwoRbnbFX6LAMRyzb_dxLCM/edit + + + + + + + + + + CVE-2018-10774 on Ubuntu 20.04 (focal) - untriaged. + Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-05-07 07:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898135 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10774.html + https://docs.google.com/document/d/1BuCxbXaGL_3DyaWF8sGnMAWolmYQneRrxHt4mNPkBE4/edit + + + + + + + + + + CVE-2018-10775 on Ubuntu 20.04 (focal) - untriaged. + NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-05-07 07:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898135 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10775.html + https://drive.google.com/drive/u/1/folders/1qtq272m7jJaEUPGFLvyXmIl5zNJv7rd1 + + + + + + + + + + CVE-2018-10841 on Ubuntu 20.04 (focal) - medium. + glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes. It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker could possibly use this to add himself to trusted storage pool and performing privileged operations on volumes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-20 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901968 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10841.html + https://review.gluster.org/#/c/20328/ + http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841 + + + + + + + + + + CVE-2018-10844 on Ubuntu 20.04 (focal) - medium. + It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-22 13:29:00 UTC + 2018-08-22 + mdeslaur + https://gitlab.com/gnutls/gnutls/issues/456 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10844.html + https://eprint.iacr.org/2018/747 + https://ubuntu.com/security/notices/USN-3999-1 + + + + mdeslaur> RHEL7 update brings back SHA256 + + + + + + + + + CVE-2018-10845 on Ubuntu 20.04 (focal) - medium. + It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-22 13:29:00 UTC + 2018-08-22 + mdeslaur + https://gitlab.com/gnutls/gnutls/issues/456 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10845.html + https://eprint.iacr.org/2018/747 + https://ubuntu.com/security/notices/USN-3999-1 + + + + mdeslaur> same commits as listed in CVE-2018-10844 + + + + + + + + + CVE-2018-10846 on Ubuntu 20.04 (focal) - medium. + A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-22 13:29:00 UTC + 2018-08-22 + mdeslaur + https://gitlab.com/gnutls/gnutls/issues/456 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10846.html + https://eprint.iacr.org/2018/747 + https://ubuntu.com/security/notices/USN-3999-1 + + + + mdeslaur> same commits as listed in CVE-2018-10844 + + + + + + + + + CVE-2018-10850 on Ubuntu 20.04 (focal) - medium. + 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 20:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1588056 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10850.html + + + + + + + + + + CVE-2018-10851 on Ubuntu 20.04 (focal) - medium. + PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-29 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10851.html + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html + https://downloads.powerdns.com/patches/2018-03/ + https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html + https://downloads.powerdns.com/patches/2018-04/ + + + + + + + + + + + + + CVE-2018-10852 on Ubuntu 20.04 (focal) - low. + The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 14:29:00 UTC + Jakub Hrozek + https://pagure.io/SSSD/sssd/issue/3766 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902860 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10852.html + https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/XUCDLKDVH7HZKPSJ7GEJAVNZS5CW35EK/ + + + + + + + + + + CVE-2018-10857 on Ubuntu 20.04 (focal) - medium. + git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-16 20:29:00 UTC + Joey Hess + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10857.html + http://www.openwall.com/lists/oss-security/2018/06/26/4 + https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/ + + + + + + + + + + CVE-2018-10859 on Ubuntu 20.04 (focal) - medium. + git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-16 18:29:00 UTC + Daniel Dent and Joey Hess + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10859.html + http://www.openwall.com/lists/oss-security/2018/06/26/4 + https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/ + + + + + + + + + + CVE-2018-1086 on Ubuntu 20.04 (focal) - medium. + pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-12 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895313 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1086.html + http://www.openwall.com/lists/oss-security/2018/04/09/2 + + + + + + + + + + CVE-2018-10861 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 14:29:00 UTC + http://tracker.ceph.com/issues/24838 + https://bugzilla.redhat.com/show_bug.cgi?id=1593308 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10861.html + + + + + + + + + + CVE-2018-10871 on Ubuntu 20.04 (focal) - medium. + 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10871.html + https://pagure.io/389-ds-base/issue/49789 + + + + + + + + + + CVE-2018-10873 on Ubuntu 20.04 (focal) - medium. + A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-17 12:29:00 UTC + 2018-08-17 + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906316 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906315 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10873.html + https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873 + https://ubuntu.com/security/notices/USN-3751-1 + + + + leosilva> for xenial this bug is affected in spice-protocol only. + + + + + + + + + + + + CVE-2018-10874 on Ubuntu 20.04 (focal) - medium. + In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-02 13:29:00 UTC + 2018-07-02 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10874.html + https://bugzilla.redhat.com/show_bug.cgi?id=1596528 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10874 + https://ubuntu.com/security/notices/USN-4072-1 + + + + + + + + + + CVE-2018-10875 on Ubuntu 20.04 (focal) - medium. + A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 22:29:00 UTC + 2018-07-13 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10875.html + https://bugzilla.redhat.com/show_bug.cgi?id=1596533 + https://ubuntu.com/security/notices/USN-4072-1 + + + + + + + + + + CVE-2018-1088 on Ubuntu 20.04 (focal) - medium. + A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. It was discovered that GlusterFS incorrectly handled mounting gluster volumes. An attacker could possibly use this issue to also mount shared gluster volumes and escalate privileges through malicious cronjobs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-18 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1088.html + https://bugzilla.redhat.com/show_bug.cgi?id=1558721 + + + + + + + + + + CVE-2018-1089 on Ubuntu 20.04 (focal) - medium. + 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-09 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898138 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1089.html + http://www.openwall.com/lists/oss-security/2018/05/07/2 + + + + + + + + + + CVE-2018-10893 on Ubuntu 20.04 (focal) - medium. + Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-11 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10893.html + https://bugzilla.redhat.com/show_bug.cgi?id=1598234 + + + + + + + + + + CVE-2018-10904 on Ubuntu 20.04 (focal) - medium. + It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. It was discovered that GlusterFS incorrectly handled file paths. An attacker could possibly use this issue to create arbitrary files and execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10904.html + https://bugzilla.redhat.com/show_bug.cgi?id=1601298 + https://review.gluster.org/21072 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904 + https://review.gluster.org/#/c/glusterfs/+/21072/ + + + + + + + + + + CVE-2018-10906 on Ubuntu 20.04 (focal) - low. + In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-24 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904216 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904439 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10906.html + https://github.com/libfuse/libfuse/pull/268 + https://sourceforge.net/p/fuse/mailman/message/36374753/ + + + + + + + + + + + + + CVE-2018-10907 on Ubuntu 20.04 (focal) - medium. + It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. It was discovered that GlusterFS incorrectly handled mounting volumes. An attacker could possibly use this issue to cause a denial of service or run arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10907.html + https://bugzilla.redhat.com/show_bug.cgi?id=1601642 + https://review.gluster.org/21070 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907 + https://review.gluster.org/#/c/glusterfs/+/21070/ + + + + + + + + + + CVE-2018-10911 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. It was discovered that GlusterFS incorrectly handled negative key length values. An attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10911.html + https://bugzilla.redhat.com/show_bug.cgi?id=1601657 + https://review.gluster.org/21067 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911 + https://review.gluster.org/#/c/glusterfs/+/21067/ + + + + + + + + + + CVE-2018-10913 on Ubuntu 20.04 (focal) - medium. + An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. It was discovered that GlusterFS incorrectly handled FUSE requests. An attacker could use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10913.html + https://bugzilla.redhat.com/show_bug.cgi?id=1607618 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913 + https://review.gluster.org/#/c/glusterfs/+/21071/ + + + + + + + + + + CVE-2018-10914 on Ubuntu 20.04 (focal) - medium. + It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. It was discovered that GlusterFS incorrectly handled FUSE requests. An attacker could use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10914.html + https://bugzilla.redhat.com/show_bug.cgi?id=1607617 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10914 + + + + + + + + + + CVE-2018-10920 on Ubuntu 20.04 (focal) - medium. + Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-02 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905325 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10920.html + https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10920 + + + + + + + + + + CVE-2018-10923 on Ubuntu 20.04 (focal) - medium. + It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. It was discovered that GlusterFS incorrectly handled file creation. An authenticated attacker could possibly use this issue to create arbitrary files and obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10923.html + https://bugzilla.redhat.com/show_bug.cgi?id=1610659 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923 + + + + + + + + + + CVE-2018-10926 on Ubuntu 20.04 (focal) - medium. + A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. It was discovered that GlusterFS incorrectly handled RPC requests. An attacker could possibly use this issue to write iles to an arbitrary location and execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10926.html + https://bugzilla.redhat.com/show_bug.cgi?id=1613143 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10926 + + + + + + + + + + CVE-2018-10927 on Ubuntu 20.04 (focal) - medium. + A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. It was discovered that GlusterFS incorrectly handled RPC requests. An attacker could possibly use this issue to write iles to an arbitrary location and execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10927.html + https://bugzilla.redhat.com/show_bug.cgi?id=1612658 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10927 + + + + + + + + + + CVE-2018-10928 on Ubuntu 20.04 (focal) - medium. + A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. It was discovered that GlusterFS incorrectly handled RPC requests. An attacker could possibly use this issue to write iles to an arbitrary location and execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10928.html + https://bugzilla.redhat.com/show_bug.cgi?id=1612659 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10928 + + + + + + + + + + CVE-2018-10929 on Ubuntu 20.04 (focal) - medium. + A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. It was discovered that GlusterFS incorrectly handled RPC requests. An attacker could possibly use this issue to write iles to an arbitrary location and execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10929.html + https://bugzilla.redhat.com/show_bug.cgi?id=1612660 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10929 + + + + + + + + + + CVE-2018-10930 on Ubuntu 20.04 (focal) - medium. + A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. It was discovered that GlusterFS incorrectly handled RPC requests. An attacker could possibly use this issue to write iles to an arbitrary location and execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10930.html + https://bugzilla.redhat.com/show_bug.cgi?id=1612664 + https://review.gluster.org/21068 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930 + https://review.gluster.org/#/c/glusterfs/+/21068/ + + + + + + + + + + CVE-2018-10932 on Ubuntu 20.04 (focal) - medium. + lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-21 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905901 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10932.html + https://github.com/intel/openlldp/pull/7 + https://github.com/intel/openlldp/commit/41feb359a9d0082b0bcf68b1f2b37227f02af4f1 + + + + + + + + + + CVE-2018-10935 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-11 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10935.html + https://pagure.io/389-ds-base/issue/49890 + + + + + + + + + + CVE-2018-10936 on Ubuntu 20.04 (focal) - low. + A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-30 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10936.html + + + + + + + + + + CVE-2018-1098 on Ubuntu 20.04 (focal) - medium. + A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1098.html + https://github.com/coreos/etcd/issues/9353 + https://bugzilla.redhat.com/show_bug.cgi?id=1552714 + https://github.com/etcd-io/etcd/issues/10479 + + + + msalvatore> Waiting for upstream to backport fix to 3.2 branch. msalvatore> See https://github.com/etcd-io/etcd/issues/10479 + + + + + + + + + CVE-2018-10981 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-10 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10981.html + https://xenbits.xen.org/xsa/advisory-262.html + http://openwall.com/lists/oss-security/2018/05/08/3 + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-10982 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-10 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10982.html + https://xenbits.xen.org/xsa/advisory-261.html + http://openwall.com/lists/oss-security/2018/05/08/2 + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-1099 on Ubuntu 20.04 (focal) - low. + DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1099.html + https://github.com/coreos/etcd/issues/9353 + https://bugzilla.redhat.com/show_bug.cgi?id=1552717 + https://github.com/etcd-io/etcd/issues/10479 + + + + msalvatore> Waiting for upstream to backport fix to 3.2 branch. msalvatore> See https://github.com/etcd-io/etcd/issues/10479 + + + + + + + + + CVE-2018-10992 on Ubuntu 20.04 (focal) - medium. + lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-11 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898373 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10992.html + https://bugs.debian.org/898373 + + + + + + + + + + CVE-2018-10995 on Ubuntu 20.04 (focal) - medium. + SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). It was discovered that SLurm mishandles user names and group ids. A local attacker could use this to gain administrative privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-30 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900548 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10995.html + https://www.schedmd.com/news.php?id=203 + https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html + https://github.com/SchedMD/slurm/commit/033dc0d1d28b8d2ba1a5187f564a01c15187eb4e + https://github.com/SchedMD/slurm/commit/df545955e4f119974c278bff0c47155257d5afc7 + + + + + + + + + + CVE-2018-11033 on Ubuntu 20.04 (focal) - medium. + The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-14 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11033.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=40842 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> reproducer doesn't seem to crash poppler, marking as mdeslaur> not-affected + + + + + + + + + + + + CVE-2018-11039 on Ubuntu 20.04 (focal) - medium. + Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-25 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11039.html + https://pivotal.io/security/cve-2018-11039 + + + + + + + + + + CVE-2018-11040 on Ubuntu 20.04 (focal) - medium. + Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-25 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11040.html + https://pivotal.io/security/cve-2018-11040 + + + + + + + + + + CVE-2018-11099 on Ubuntu 20.04 (focal) - medium. + The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted vcf file. It was discovered that VCFtools improperly handled certain input. If a user was tricked into opening a crafted input file, VCFtools could be made to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-17 19:29:00 UTC + 2018-05-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11099.html + http://seclists.org/fulldisclosure/2018/May/43 + https://ubuntu.com/security/notices/USN-3974-1 + + + + + + + + + + CVE-2018-1110 on Ubuntu 20.04 (focal) - untriaged. + A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 02:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896681 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1110.html + http://www.openwall.com/lists/oss-security/2018/04/23/2 + + + + + + + + + + CVE-2018-1112 on Ubuntu 20.04 (focal) - medium. + glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-25 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1112.html + https://bugzilla.redhat.com/show_bug.cgi?id=1570891 + https://access.redhat.com/articles/3422521 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1112 + https://review.gluster.org/#/c/19899/1..2 + + + + + + + + + + CVE-2018-11129 on Ubuntu 20.04 (focal) - low. + The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file. It was discovered that VCFtools improperly handled certain input. If a user was tricked into opening a crafted input file, VCFtools could be made to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-17 19:29:00 UTC + 2018-05-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11129.html + http://seclists.org/fulldisclosure/2018/May/43 + https://ubuntu.com/security/notices/USN-3974-1 + + + + + + + + + + CVE-2018-11130 on Ubuntu 20.04 (focal) - low. + The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file. It was discovered that VCFtools improperly handled certain input. If a user was tricked into opening a crafted input file, VCFtools could be made to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-17 19:29:00 UTC + 2018-05-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11130.html + http://seclists.org/fulldisclosure/2018/May/43 + https://ubuntu.com/security/notices/USN-3974-1 + + + + + + + + + + CVE-2018-1114 on Ubuntu 20.04 (focal) - medium. + It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-11 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1114.html + https://issues.jboss.org/browse/UNDERTOW-1338 + https://bugs.openjdk.java.net/browse/JDK-6956385 + + + + + + + + + + CVE-2018-11202 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-16 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11202.html + https://jira.hdfgroup.org/browse/HDFFV-10476 + https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4 + + + + + + + + + + CVE-2018-11203 on Ubuntu 20.04 (focal) - medium. + A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-16 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11203.html + https://jira.hdfgroup.org/browse/HDFFV-10477 + https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/d0362ce438aef8ad690d5b084d929403c9877107 + + + + + + + + + + CVE-2018-11204 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-16 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11204.html + https://jira.hdfgroup.org/browse/HDFFV-10478 + https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4 + + + + ebarretto> same fix of CVE-2018-11206 + + + + + + + + + CVE-2018-11205 on Ubuntu 20.04 (focal) - medium. + A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-16 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11205.html + https://jira.hdfgroup.org/browse/HDFFV-10479 + + + + + + + + + + CVE-2018-11206 on Ubuntu 20.04 (focal) - medium. + An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-16 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11206.html + https://jira.hdfgroup.org/browse/HDFFV-10480 + https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4 + + + + + + + + + + CVE-2018-11207 on Ubuntu 20.04 (focal) - medium. + A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-16 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11207.html + https://jira.hdfgroup.org/browse/HDFFV-10481 + https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/d0362ce438aef8ad690d5b084d929403c9877107 + + + + + + + + + + CVE-2018-1121 on Ubuntu 20.04 (focal) - low. + procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 20:29:00 UTC + 2018-05-17 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1121.html + https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt + http://seclists.org/oss-sec/2018/q2/122 + + + + mdeslaur> this may need to be fixed in the kernel, not in procps tyhicks> As of 2018-10-01, no upstream fix is available. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-11212 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-16 17:29:00 UTC + 2018-05-16 + mdeslaur + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11212.html + https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a + https://ubuntu.com/security/notices/USN-3706-1 + https://ubuntu.com/security/notices/USN-3706-2 + + + + jdstrand> libjpeg-turbo is a fork of libjpeg8 + + + + + + + + + + + + + CVE-2018-11213 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-16 17:29:00 UTC + 2018-05-16 + mdeslaur + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11213.html + https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a + https://ubuntu.com/security/notices/USN-3706-1 + https://ubuntu.com/security/notices/USN-3706-2 + + + + jdstrand> libjpeg-turbo is a fork of libjpeg8 mdeslaur> same fix as CVE-2016-3616 + + + + + + + + + + + + + CVE-2018-11214 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-16 17:29:00 UTC + 2018-05-16 + mdeslaur + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902176 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11214.html + https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a + https://ubuntu.com/security/notices/USN-3706-1 + https://ubuntu.com/security/notices/USN-3706-2 + + + + jdstrand> libjpeg-turbo is a fork of libjpeg8 mdeslaur> same fix as CVE-2016-3616 mdeslaur> same commit as CVE-2018-11213 + + + + + + + + + + + + + CVE-2018-11236 on Ubuntu 20.04 (focal) - medium. + stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-18 16:29:00 UTC + 2018-05-18 16:29:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899071 + https://sourceware.org/bugzilla/show_bug.cgi?id=22786 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11236.html + https://ubuntu.com/security/notices/USN-4416-1 + + + + + + + + + + CVE-2018-11243 on Ubuntu 20.04 (focal) - medium. + PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-18 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11243.html + https://github.com/upx/upx/issues/206 + https://github.com/upx/upx/issues/207 + https://github.com/upx/upx/blob/devel/NEWS + + + + + + + + + + CVE-2018-11254 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-18 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11254.html + https://bugzilla.redhat.com/show_bug.cgi?id=1576174 + + + + + + + + + + CVE-2018-11255 on Ubuntu 20.04 (focal) - low. + An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-18 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11255.html + https://bugzilla.redhat.com/show_bug.cgi?id=1575502 + + + + + + + + + + CVE-2018-11256 on Ubuntu 20.04 (focal) - low. + An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-18 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11256.html + https://bugzilla.redhat.com/show_bug.cgi?id=1575851 + + + + + + + + + + CVE-2018-1128 on Ubuntu 20.04 (focal) - medium. + It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 14:29:00 UTC + http://tracker.ceph.com/issues/24836 + https://bugzilla.redhat.com/show_bug.cgi?id=1575866 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1128.html + + + + + + + + + + CVE-2018-1129 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 14:29:00 UTC + http://tracker.ceph.com/issues/24837 + https://bugzilla.redhat.com/show_bug.cgi?id=1576057 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1129.html + + + + + + + + + + CVE-2018-11307 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-09 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11307.html + https://github.com/FasterXML/jackson-databind/issues/2032 + https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb737 + + + + + + + + + + CVE-2018-11319 on Ubuntu 20.04 (focal) - medium. + Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-20 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894736 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11319.html + https://github.com/vim-syntastic/syntastic/issues/2170 + https://github.com/vim-syntastic/syntastic/commit/6d7c0b394e001233dd09ec473fbea2002c72632f + https://bugs.debian.org/894736 + + + + + + + + + + CVE-2018-11364 on Ubuntu 20.04 (focal) - low. + sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11364.html + https://github.com/ChijinZ/security_advisories/tree/master/ReadStat-7bced5b + + + + + + + + + + CVE-2018-11365 on Ubuntu 20.04 (focal) - low. + sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11365.html + https://github.com/ChijinZ/security_advisories/tree/master/ReadStat-7bced5b + + + + + + + + + + CVE-2018-11375 on Ubuntu 20.04 (focal) - medium. + The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11375.html + https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68 + https://github.com/radare/radare2/issues/9928 + + + + + + + + + + CVE-2018-11376 on Ubuntu 20.04 (focal) - medium. + The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11376.html + https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf + https://github.com/radare/radare2/issues/9904 + + + + + + + + + + CVE-2018-11377 on Ubuntu 20.04 (focal) - medium. + The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11377.html + https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4 + https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422 + https://github.com/radare/radare2/issues/9901 + + + + + + + + + + CVE-2018-11378 on Ubuntu 20.04 (focal) - medium. + The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11378.html + https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7 + https://github.com/radare/radare2/issues/9969 + + + + + + + + + + CVE-2018-11379 on Ubuntu 20.04 (focal) - medium. + The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11379.html + https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c + https://github.com/radare/radare2/issues/9926 + + + + + + + + + + CVE-2018-11380 on Ubuntu 20.04 (focal) - medium. + The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11380.html + https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134 + https://github.com/radare/radare2/issues/9970 + + + + + + + + + + CVE-2018-11381 on Ubuntu 20.04 (focal) - medium. + The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11381.html + https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3 + https://github.com/radare/radare2/issues/9902 + + + + + + + + + + CVE-2018-11382 on Ubuntu 20.04 (focal) - medium. + The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11382.html + https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff + https://github.com/radare/radare2/issues/10091 + + + + + + + + + + CVE-2018-11383 on Ubuntu 20.04 (focal) - medium. + The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11383.html + https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a + https://github.com/radare/radare2/issues/9943 + + + + + + + + + + CVE-2018-11384 on Ubuntu 20.04 (focal) - medium. + The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11384.html + https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add + https://github.com/radare/radare2/issues/9903 + + + + + + + + + + CVE-2018-11385 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11385.html + https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/ + + + + + + + + + + CVE-2018-11406 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11406.html + https://symfony.com/blog/cve-2018-11406-csrf-token-fixation + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/ + + + + + + + + + + CVE-2018-11407 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403. It was discovered that Symfony allowed unauthorized access on a misconfigured LDAP server. A remote attacker could use this vulnerability to gain unauthorized access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 16:29:00 UTC + mikesalvatore + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11407.html + https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password + + + + + + + + + + CVE-2018-11408 on Ubuntu 20.04 (focal) - low. + The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11408.html + https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/ + + + + + + + + + + CVE-2018-11416 on Ubuntu 20.04 (focal) - low. + jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-24 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11416.html + https://github.com/tjko/jpegoptim/blob/master/README + https://github.com/tjko/jpegoptim/issues/57 + + + + + + + + + + CVE-2018-11439 on Ubuntu 20.04 (focal) - low. + The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-30 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11439.html + http://seclists.org/fulldisclosure/2018/May/49 + + + + msalvatore> patch released in 1.9.1-2.1+deb8u1 + + + + + + + + + CVE-2018-11468 on Ubuntu 20.04 (focal) - medium. + The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-25 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901912 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11468.html + https://github.com/Orc/discount/issues/189 + https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase + + + + + + + + + + CVE-2018-11496 on Ubuntu 20.04 (focal) - medium. + In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-26 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11496.html + https://github.com/ckolivas/lrzip/issues/96 + https://github.com/ckolivas/lrzip/commit/907b66b8cb4ba7384abf8d82f09204b127d328bd + https://github.com/ckolivas/lrzip/commit/a81248e47d276cf59b8c7e22558e2b5035e87b33 + + + + + + + + + + CVE-2018-11499 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-26 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900182 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11499.html + https://github.com/sass/libsass/issues/2643 + + + + + + + + + + CVE-2018-11503 on Ubuntu 20.04 (focal) - medium. + The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-26 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11503.html + https://github.com/Orc/discount/issues/189#issuecomment-392247798 + + + + + + + + + + CVE-2018-11504 on Ubuntu 20.04 (focal) - medium. + The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-26 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11504.html + https://github.com/Orc/discount/issues/189#issuecomment-392247798 + + + + + + + + + + CVE-2018-11529 on Ubuntu 20.04 (focal) - medium. + VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. It was discovered that VLC mishandled certain crafted MKV files. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-11 16:29:00 UTC + mikesalvatore + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11529.html + http://seclists.org/fulldisclosure/2018/Jul/28 + + + + + + + + + + CVE-2018-11627 on Ubuntu 20.04 (focal) - untriaged. + Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-05-31 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11627.html + https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a + https://github.com/sinatra/sinatra/issues/1428 + + + + + + + + + + CVE-2018-11646 on Ubuntu 20.04 (focal) - medium. + webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-01 13:29:00 UTC + Mishra Dhiraj + https://bugs.webkit.org/show_bug.cgi?id=186164 + https://bugzilla.gnome.org/show_bug.cgi?id=795740 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11646.html + https://webkitgtk.org/security/WSA-2018-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-11652 on Ubuntu 20.04 (focal) - untriaged. + CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-06-01 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900608 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11652.html + https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7 + + + + + + + + + + CVE-2018-11693 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11693.html + https://github.com/sass/libsass/issues/2661 + + + + + + + + + + CVE-2018-11694 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11694.html + https://github.com/sass/libsass/issues/2663 + + + + + + + + + + CVE-2018-11695 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11695.html + https://github.com/sass/libsass/issues/2664 + + + + + + + + + + CVE-2018-11696 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11696.html + https://github.com/sass/libsass/issues/2665 + + + + + + + + + + CVE-2018-11697 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11697.html + https://github.com/sass/libsass/issues/2656 + + + + + + + + + + CVE-2018-11698 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11698.html + https://github.com/sass/libsass/issues/2662 + + + + + + + + + + CVE-2018-11710 on Ubuntu 20.04 (focal) - medium. + soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation. It was discovered that OpenMPT incorrectly handled certain files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11710.html + https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/ + https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150 + + + + + + + + + + CVE-2018-11712 on Ubuntu 20.04 (focal) - medium. + WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 14:29:00 UTC + https://bugs.webkit.org/show_bug.cgi?id=184804 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11712.html + https://webkitgtk.org/security/WSA-2018-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-11713 on Ubuntu 20.04 (focal) - low. + WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-04 14:29:00 UTC + Dirkjan Ochtman + https://bugs.webkit.org/show_bug.cgi?id=126384 + https://bugzilla.gnome.org/show_bug.cgi?id=792212 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11713.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 mdeslaur> It looks like this requires a new API introduced in libsoup mdeslaur> 2.62.0 to be fixed. We are not going to backport the new API. mdeslaur> Marking releases older than bionic as ignored. + + + + + + + + + + + + CVE-2018-11723 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901967 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11723.html + http://seclists.org/fulldisclosure/2018/Jun/15 + http://packetstormsecurity.com/files/148113/libpff-2018-04-28-Information-Disclosure.html + + + + + + + + + + CVE-2018-11727 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11727.html + http://seclists.org/fulldisclosure/2018/Jun/17 + http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html + + + + + + + + + + CVE-2018-11728 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11728.html + http://seclists.org/fulldisclosure/2018/Jun/17 + http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html + + + + + + + + + + CVE-2018-11729 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11729.html + http://seclists.org/fulldisclosure/2018/Jun/17 + http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html + + + + + + + + + + CVE-2018-11730 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11730.html + http://seclists.org/fulldisclosure/2018/Jun/17 + http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html + + + + + + + + + + CVE-2018-11731 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11731.html + http://seclists.org/fulldisclosure/2018/Jun/17 + http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html + + + + + + + + + + CVE-2018-11737 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-05 11:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11737.html + https://github.com/sleuthkit/sleuthkit/issues/1266 + + + + + + + + + + CVE-2018-11738 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-05 11:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11738.html + https://github.com/sleuthkit/sleuthkit/issues/1265 + + + + + + + + + + CVE-2018-11739 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-05 11:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11739.html + https://github.com/sleuthkit/sleuthkit/issues/1267 + + + + + + + + + + CVE-2018-11740 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-05 11:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11740.html + https://github.com/sleuthkit/sleuthkit/issues/1264 + + + + + + + + + + CVE-2018-11743 on Ubuntu 20.04 (focal) - medium. + The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-05 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900845 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11743.html + https://github.com/mruby/mruby/issues/4027 + + + + + + + + + + CVE-2018-11761 on Ubuntu 20.04 (focal) - low. + In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-19 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11761.html + https://www.openwall.com/lists/oss-security/2018/09/19/4 + https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E + + + + + + + + + + CVE-2018-11762 on Ubuntu 20.04 (focal) - medium. + In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-19 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11762.html + https://www.openwall.com/lists/oss-security/2018/09/19/5 + https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E + + + + + + + + + + CVE-2018-11771 on Ubuntu 20.04 (focal) - low. + When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-16 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906301 + https://issues.apache.org/jira/browse/COMPRESS-463 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11771.html + http://www.openwall.com/lists/oss-security/2018/08/16/2 + http://www.securitytracker.com/id/1041503 + https://lists.apache.org/thread.html/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E + + + + + + + + + + CVE-2018-11775 on Ubuntu 20.04 (focal) - medium. + TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-10 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11775.html + http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt + https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d + https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=02971a40e281713a8397d3a1809c164b594abfbb + + + + + + + + + + CVE-2018-11782 on Ubuntu 20.04 (focal) - medium. + In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-26 16:15:00 UTC + 2019-07-31 12:00:00 UTC + Ace Olszowka + 2019-07-31 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11782.html + https://subversion.apache.org/security/CVE-2018-11782-advisory.txt + https://ubuntu.com/security/notices/USN-4082-2 + https://ubuntu.com/security/notices/USN-4082-1 + + + + + + + + + + CVE-2018-11783 on Ubuntu 20.04 (focal) - medium. + sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-07 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11783.html + https://github.com/apache/trafficserver/pull/4701 + https://www.openwall.com/lists/oss-security/2019/02/13/6 + + + + + + + + + + CVE-2018-11796 on Ubuntu 20.04 (focal) - medium. + In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11796.html + https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E + + + + + + + + + + CVE-2018-11797 on Ubuntu 20.04 (focal) - medium. + In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11797.html + https://www.openwall.com/lists/oss-security/2018/10/05/4 + + + + + + + + + + + + + CVE-2018-11802 on Ubuntu 20.04 (focal) - medium. + In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11802.html + https://issues.apache.org/jira/browse/SOLR-12514 + + + + + + + + + + CVE-2018-11803 on Ubuntu 20.04 (focal) - medium. + Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 17:29:00 UTC + 2019-01-18 + leosilva + Ivan Zhakov + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11803.html + https://subversion.apache.org/security/CVE-2018-11803-advisory.txt + https://ubuntu.com/security/notices/USN-3869-1 + + + + leosilva> as mentioned in the description, code was introduced in 1.10 leosilva> trusty, xenial, bionic and precise/esm are not affected. + + + + + + + + + CVE-2018-11813 on Ubuntu 20.04 (focal) - low. + libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-06 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11813.html + https://github.com/ChijinZ/security_advisories/blob/master/libjpeg-v9c/mail.pdf + https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9c + + + + + + + + + + + + + + CVE-2018-1199 on Ubuntu 20.04 (focal) - medium. + Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-16 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1199.html + https://pivotal.io/security/cve-2018-1199 + + + + + + + + + + CVE-2018-12019 on Ubuntu 20.04 (focal) - medium. + The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 23:29:00 UTC + Marcus Brinkmann, Kai Michaelis + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12019.html + https://neopg.io/blog/enigmail-signature-spoof/ + https://sourceforge.net/p/enigmail/forum/announce/thread/b948279f/ + + + + + + + + + + CVE-2018-12020 on Ubuntu 20.04 (focal) - medium. + mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 21:29:00 UTC + 2018-06-08 + sbeattie + Marcus Brinkmann + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901088 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12020.html + https://dev.gnupg.org/T4012 + https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html + https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=210e402acd3e284b32db1901e43bf1470e659e49 (STABLE-BRANCH-2-2) + https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac (STABLE-BRANCH-1-4) + https://ubuntu.com/security/notices/USN-3675-1 + https://sourceforge.net/p/enigmail/forum/announce/thread/b948279f/ + https://neopg.io/blog/gpg-signature-spoof/ + https://ubuntu.com/security/notices/USN-3675-2 + https://ubuntu.com/security/notices/USN-3675-3 + https://ubuntu.com/security/notices/USN-3964-1 + + + + + + + + + + + + + + + CVE-2018-12022 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12022.html + https://github.com/FasterXML/jackson-databind/issues/2052 + https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1 + + + + + + + + + + CVE-2018-12023 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12023.html + https://github.com/FasterXML/jackson-databind/issues/2058 + https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1 + + + + + + + + + + CVE-2018-12026 on Ubuntu 20.04 (focal) - medium. + During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-17 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12026.html + https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ + https://blog.phusion.nl/passenger-5-3-2 + + + + + + + + + + CVE-2018-12027 on Ubuntu 20.04 (focal) - medium. + An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-17 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12027.html + https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ + https://blog.phusion.nl/passenger-5-3-2 + + + + + + + + + + CVE-2018-12028 on Ubuntu 20.04 (focal) - medium. + An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-17 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12028.html + https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ + https://blog.phusion.nl/passenger-5-3-2 + + + + + + + + + + CVE-2018-12029 on Ubuntu 20.04 (focal) - medium. + A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-17 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12029.html + https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/ + https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86 + https://blog.phusion.nl/passenger-5-3-2 + https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc + + + + + + + + + + CVE-2018-12034 on Ubuntu 20.04 (focal) - low. + In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-15 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12034.html + https://github.com/VirusTotal/yara/issues/891 + https://bnbdr.github.io/posts/swisscheese/ + https://github.com/bnbdr/swisscheese + + + + + + + + + + CVE-2018-12035 on Ubuntu 20.04 (focal) - medium. + In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-15 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12035.html + https://github.com/VirusTotal/yara/issues/891 + https://bnbdr.github.io/posts/swisscheese/ + https://github.com/bnbdr/swisscheese + + + + + + + + + + CVE-2018-12040 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)." + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12040.html + https://bugzilla.redhat.com/show_bug.cgi?id=1590702 + http://packetstormsecurity.com/files/148125/SensioLabs-Symfony-3.3.6-Cross-Site-Scripting.html + + + + + + + + + + CVE-2018-12066 on Ubuntu 20.04 (focal) - medium. + BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900967 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12066.html + https://gitlab.labs.nic.cz/labs/bird/blob/v1.6.4/NEWS#L11 + http://bird.network.cz + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900967 + https://gitlab.labs.nic.cz/labs/bird/commit/e8bc64e308586b6502090da2775af84cd760ed0d + + + + + + + + + + CVE-2018-12088 on Ubuntu 20.04 (focal) - low. + S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-10 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12088.html + https://groups.google.com/forum/#!topic/s3ql/4TzCVIMkA4o + https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020 + https://bitbucket.org/nikratio/s3ql/issues/272/t3_verifypy-test_retrieve-sometimes-fails + + + + + + + + + + CVE-2018-12096 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901962 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12096.html + http://seclists.org/fulldisclosure/2018/Jun/33 + + + + + + + + + + CVE-2018-12097 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901962 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12097.html + http://seclists.org/fulldisclosure/2018/Jun/33 + + + + + + + + + + CVE-2018-12098 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901962 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12098.html + http://seclists.org/fulldisclosure/2018/Jun/33 + + + + + + + + + + CVE-2018-12115 on Ubuntu 20.04 (focal) - medium. + In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written. Nikita Skovoroda discovered that Node.js mishandled certain input, leading to an out of bounds write. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-21 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12115.html + https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/ + + + + + + + + + + CVE-2018-12116 on Ubuntu 20.04 (focal) - medium. + Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server. Arkadiy Tetelman discovered that Node.js improperly handled certain malformed HTTP requests. An attacker could use this vulnerability to inject unexpected HTTP requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-28 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12116.html + https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ + + + + + + + + + + CVE-2018-12121 on Ubuntu 20.04 (focal) - medium. + Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-28 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12121.html + https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-12121 + + + + msalvatore> RedHat found that the patch from the november-2018 security msalvatore> release caused some regressions. The patches below are perhapse a msalvatore> better approach to resolving this CVE. http-parser must be patched. msalvatore> I'm deferring this until a http-parser v2.9.0 makes it into the msalvatore> archive. + + + + + + + + + CVE-2018-12122 on Ubuntu 20.04 (focal) - medium. + Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. Jan Maybach discovered that Nde.js did not time out if incomplete HTTP/HTTPS headers were received. An attacker could use this vulnerability to cause a denial of service by keeping HTTP/HTTPS connections alive for a long period of time. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-28 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12122.html + https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ + + + + + + + + + + CVE-2018-12123 on Ubuntu 20.04 (focal) - low. + Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. Martin Bajanik discovered that the url.parse() method would return incorrect results if it received specially crafted input. An attacker could use this vulnerability to spoof the hostname and bypass hostname-specific security controls. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-28 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12123.html + https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ + + + + + + + + + + CVE-2018-12126 on Ubuntu 20.04 (focal) - high. + Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + High + Copyright (C) 2019 Canonical Ltd. + 2019-05-30 16:29:00 UTC + 2019-05-14 17:00:00 UTC + Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom + 2019-05-14 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12126.html + https://ubuntu.com/security/notices/USN-3977-1 + https://ubuntu.com/security/notices/USN-3978-1 + https://ubuntu.com/security/notices/USN-3979-1 + https://ubuntu.com/security/notices/USN-3980-1 + https://ubuntu.com/security/notices/USN-3981-1 + https://ubuntu.com/security/notices/USN-3982-1 + https://ubuntu.com/security/notices/USN-3983-1 + https://ubuntu.com/security/notices/USN-3982-2 + https://ubuntu.com/security/notices/USN-3980-2 + https://ubuntu.com/security/notices/USN-3984-1 + https://ubuntu.com/security/notices/USN-3981-2 + https://ubuntu.com/security/notices/USN-3983-2 + https://ubuntu.com/security/notices/USN-3985-1 + https://ubuntu.com/security/notices/USN-3985-2 + https://ubuntu.com/security/notices/USN-3977-2 + https://ubuntu.com/security/notices/USN-3977-3 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-12127 on Ubuntu 20.04 (focal) - high. + Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + High + Copyright (C) 2019 Canonical Ltd. + 2019-05-30 16:29:00 UTC + 2019-05-14 17:00:00 UTC + Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida + 2019-05-14 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12127.html + https://ubuntu.com/security/notices/USN-3977-1 + https://ubuntu.com/security/notices/USN-3978-1 + https://ubuntu.com/security/notices/USN-3979-1 + https://ubuntu.com/security/notices/USN-3980-1 + https://ubuntu.com/security/notices/USN-3981-1 + https://ubuntu.com/security/notices/USN-3982-1 + https://ubuntu.com/security/notices/USN-3983-1 + https://ubuntu.com/security/notices/USN-3982-2 + https://ubuntu.com/security/notices/USN-3980-2 + https://ubuntu.com/security/notices/USN-3984-1 + https://ubuntu.com/security/notices/USN-3981-2 + https://ubuntu.com/security/notices/USN-3983-2 + https://ubuntu.com/security/notices/USN-3985-1 + https://ubuntu.com/security/notices/USN-3985-2 + https://ubuntu.com/security/notices/USN-3977-2 + https://ubuntu.com/security/notices/USN-3977-3 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-12130 on Ubuntu 20.04 (focal) - high. + Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + High + Copyright (C) 2019 Canonical Ltd. + 2019-05-30 16:29:00 UTC + 2019-05-14 17:00:00 UTC + Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss + 2019-05-14 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12130.html + https://ubuntu.com/security/notices/USN-3977-1 + https://ubuntu.com/security/notices/USN-3978-1 + https://ubuntu.com/security/notices/USN-3979-1 + https://ubuntu.com/security/notices/USN-3980-1 + https://ubuntu.com/security/notices/USN-3981-1 + https://ubuntu.com/security/notices/USN-3982-1 + https://ubuntu.com/security/notices/USN-3983-1 + https://ubuntu.com/security/notices/USN-3982-2 + https://ubuntu.com/security/notices/USN-3980-2 + https://ubuntu.com/security/notices/USN-3984-1 + https://ubuntu.com/security/notices/USN-3981-2 + https://ubuntu.com/security/notices/USN-3983-2 + https://ubuntu.com/security/notices/USN-3985-1 + https://ubuntu.com/security/notices/USN-3985-2 + https://ubuntu.com/security/notices/USN-3977-2 + https://ubuntu.com/security/notices/USN-3977-3 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-12182 on Ubuntu 20.04 (focal) - low. + Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 20:29:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=1136 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12182.html + https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html + + + + + + + + + + CVE-2018-12183 on Ubuntu 20.04 (focal) - low. + Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 20:29:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=1126 + https://bugzilla.tianocore.org/show_bug.cgi?id=1137 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12183.html + https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html + + + + + + + + + + CVE-2018-12207 on Ubuntu 20.04 (focal) - high. + Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). + + Ubuntu 20.04 + + + + High + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 20:15:00 UTC + 2019-11-12 18:00:00 UTC + Deepak Gupta + 2019-11-12 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12207.html + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html + https://software.intel.com/security-software-guidance/api-app/insights/deep-dive-machine-check-error-avoidance-page-size-change + https://xenbits.xen.org/xsa/advisory-304.html + https://ubuntu.com/security/notices/USN-4183-1 + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4185-2 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + + + + tyhicks> This issue only affects processors manufactured by Intel that support Extended Page Tables (EPT) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-12227 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-12 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12227.html + http://downloads.asterisk.org/pub/security/AST-2018-008.html + https://issues.asterisk.org/jira/browse/ASTERISK-27818 + + + + + + + + + + CVE-2018-12247 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-12 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12247.html + https://github.com/mruby/mruby/commit/55edae0226409de25e59922807cb09acb45731a2 + https://github.com/mruby/mruby/issues/4036 + + + + + + + + + + CVE-2018-12248 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-12 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12248.html + https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b + https://github.com/mruby/mruby/issues/4038 + + + + + + + + + + CVE-2018-12249 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-12 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12249.html + https://github.com/mruby/mruby/commit/faa4eaf6803bd11669bc324b4c34e7162286bfa3 + https://github.com/mruby/mruby/issues/4037 + + + + + + + + + + CVE-2018-12291 on Ubuntu 20.04 (focal) - medium. + The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12291.html + https://github.com/matrix-org/synapse/pull/3371 + https://github.com/matrix-org/synapse/releases/tag/v0.31.1 + + + + + + + + + + CVE-2018-12293 on Ubuntu 20.04 (focal) - medium. + The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + 2018-06-14 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12293.html + https://webkitgtk.org/security/WSA-2018-0005.html + https://ubuntu.com/security/notices/USN-3687-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-12294 on Ubuntu 20.04 (focal) - medium. + WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12294.html + https://webkitgtk.org/security/WSA-2018-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-12320 on Ubuntu 20.04 (focal) - medium. + There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 16:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901630 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12320.html + https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548 + https://github.com/radare/radare2/issues/10293 + + + + + + + + + + CVE-2018-12321 on Ubuntu 20.04 (focal) - low. + There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 16:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901629 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12321.html + https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d + https://github.com/radare/radare2/issues/10296 + + + + + + + + + + CVE-2018-12322 on Ubuntu 20.04 (focal) - low. + There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 16:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901628 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12322.html + https://github.com/radare/radare2/commit/bbb4af56003c1afdad67af0c4339267ca38b1017 + https://github.com/radare/radare2/issues/10294 + + + + + + + + + + CVE-2018-12327 on Ubuntu 20.04 (focal) - negligible. + Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-06-20 14:29:00 UTC + 2018-06-20 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12327.html + https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f + https://ubuntu.com/security/notices/USN-4229-1 + + + + + + + + + + CVE-2018-12356 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-15 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901574 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12356.html + https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html + https://neopg.io/blog/pass-signature-spoof/ + http://www.openwall.com/lists/oss-security/2018/06/14/3 + http://openwall.com/lists/oss-security/2018/06/14/3 + https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d + + + + + + + + + + CVE-2018-12375 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 13:29:00 UTC + 2018-09-06 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12375.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12375 + https://ubuntu.com/security/notices/USN-3761-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12376 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 13:29:00 UTC + 2018-09-06 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12376.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12376 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12376 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12376 + https://ubuntu.com/security/notices/USN-3761-1 + https://ubuntu.com/security/notices/USN-3793-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-12386 on Ubuntu 20.04 (focal) - medium. + A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 13:29:00 UTC + 2018-10-03 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12386.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386 + https://ubuntu.com/security/notices/USN-3778-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-12387 on Ubuntu 20.04 (focal) - medium. + A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 13:29:00 UTC + 2018-10-03 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12387.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387 + https://ubuntu.com/security/notices/USN-3778-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-12388 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12388.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12388 + https://ubuntu.com/security/notices/USN-3801-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12390 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12390.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12390 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390 + https://ubuntu.com/security/notices/USN-3801-1 + https://ubuntu.com/security/notices/USN-3868-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-12392 on Ubuntu 20.04 (focal) - medium. + When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12392.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12392 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12392 + https://ubuntu.com/security/notices/USN-3801-1 + https://ubuntu.com/security/notices/USN-3868-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-12393 on Ubuntu 20.04 (focal) - medium. + A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12393.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12393 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12393 + https://ubuntu.com/security/notices/USN-3801-1 + https://ubuntu.com/security/notices/USN-3868-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-12395 on Ubuntu 20.04 (focal) - medium. + By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12395.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12395 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12395 + https://ubuntu.com/security/notices/USN-3801-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12396 on Ubuntu 20.04 (focal) - medium. + A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12396.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12396 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12396 + https://ubuntu.com/security/notices/USN-3801-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12397 on Ubuntu 20.04 (focal) - medium. + A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12397.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12397 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12397 + https://ubuntu.com/security/notices/USN-3801-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12398 on Ubuntu 20.04 (focal) - medium. + By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12398.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12398 + https://ubuntu.com/security/notices/USN-3801-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12399 on Ubuntu 20.04 (focal) - low. + When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12399.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12399 + https://ubuntu.com/security/notices/USN-3801-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12401 on Ubuntu 20.04 (focal) - low. + Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12401.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12401 + https://ubuntu.com/security/notices/USN-3801-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12402 on Ubuntu 20.04 (focal) - low. + The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the "Save Page As..." menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies. This vulnerability affects Firefox < 63. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12402.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12402 + https://ubuntu.com/security/notices/USN-3801-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12403 on Ubuntu 20.04 (focal) - low. + If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-10-24 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12403.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12403 + https://ubuntu.com/security/notices/USN-3801-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12405 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-12-11 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12405.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12405 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-12405 + https://ubuntu.com/security/notices/USN-3844-1 + https://ubuntu.com/security/notices/USN-3868-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-12406 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + 2018-12-11 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12406.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12406 + https://ubuntu.com/security/notices/USN-3844-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-12423 on Ubuntu 20.04 (focal) - low. + In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-14 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901549 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12423.html + https://github.com/matrix-org/synapse/pull/3397 + https://bugs.debian.org/901549 + https://github.com/matrix-org/matrix-doc/issues/1304 + https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2/ + + + + + + + + + + CVE-2018-12436 on Ubuntu 20.04 (focal) - medium. + wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-15 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901627 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12436.html + https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca + https://www.wolfssl.com/wolfssh-and-rohnp/ + https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/ + + + + + + + + + + CVE-2018-12482 on Ubuntu 20.04 (focal) - medium. + OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-04 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905396 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12482.html + https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/ + + + + + + + + + + CVE-2018-12483 on Ubuntu 20.04 (focal) - medium. + OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-04 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905396 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12483.html + https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/ + + + + + + + + + + CVE-2018-12495 on Ubuntu 20.04 (focal) - low. + The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-15 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901912 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12495.html + https://github.com/Orc/discount/issues/189#issuecomment-397541501 + + + + + + + + + + CVE-2018-12520 on Ubuntu 20.04 (focal) - high. + An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access. It was discovered that ntopng did not properly seed its random number generator, leading to predictable session tokens. An attacker could use this vulnerability to hijack a user's session. + + Ubuntu 20.04 + + + + High + Copyright (C) 2018 Canonical Ltd. + 2018-07-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12520.html + http://seclists.org/fulldisclosure/2018/Jul/14 + https://gist.github.com/Psychotropos/3e8c047cada9b1fb716e6a014a428b7f + https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a + + + + + + + + + + CVE-2018-12536 on Ubuntu 20.04 (focal) - low. + In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-27 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12536.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=535670 + https://github.com/eclipse/jetty.project/issues/2560 + + + + + + + + + + CVE-2018-12550 on Ubuntu 20.04 (focal) - medium. + When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12550.html + https://mosquitto.org/blog/2019/02/version-1-5-6-released/ + https://mosquitto.org/files/cve/2018-12550 + + + + ebarretto> mosquitto's version on Trusty is EOL. + + + + + + + + + CVE-2018-12556 on Ubuntu 20.04 (focal) - medium. + The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn release packages with their own key. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-16 17:29:00 UTC + Marcus Brinkmann + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12556.html + http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html + http://seclists.org/fulldisclosure/2019/Apr/38 + https://github.com/RUB-NDS/Johnny-You-Are-Fired + https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf + https://github.com/yarnpkg/website/commits/master + https://www.openwall.com/lists/oss-security/2019/04/30/4 + https://neopg.io/blog/yarn-signature-bypass/ + + + + seth-arnold> It appears this is about the install.sh that is run via a curl url | bash - auto-updated mechanism inside the program. It looks like it tries to determine if it was installed via deb and if so, runs: sudo apt-get update && sudo apt-get install yarn seth-arnold> So it's possible the unsafe mechanism isn't used in our packages. seth-arnold> It's also possible this is seriously unsafe. + + + + + + + + + CVE-2018-12558 on Ubuntu 20.04 (focal) - low. + The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f"). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-20 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12558.html + http://www.openwall.com/lists/oss-security/2018/06/19/3 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873 + https://metacpan.org/pod/Email::Address + + + + + + + + + + CVE-2018-1257 on Ubuntu 20.04 (focal) - low. + Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-11 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1257.html + https://pivotal.io/security/cve-2018-1257 + + + + + + + + + + CVE-2018-12581 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. It was discovered phpmyadmin incorrectly handled database names. An attacker could possibly use this to trigger an XSS attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-21 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12581.html + https://www.phpmyadmin.net/security/PMASA-2018-3/ + + + + + + + + + + CVE-2018-12633 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-22 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12633.html + http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bd23a7269834dc7c1f93e83535d16ebc44b75eba + https://bugzilla.kernel.org/show_bug.cgi?id=200131 + https://github.com/torvalds/linux/commit/bd23a7269834dc7c1f93e83535d16ebc44b75eba + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-12641 on Ubuntu 20.04 (focal) - low. + An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-22 12:29:00 UTC + 2018-06-22 12:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452 + https://sourceware.org/bugzilla/show_bug.cgi?id=23058 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12641.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-12648 on Ubuntu 20.04 (focal) - low. + The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-22 13:29:00 UTC + https://bugs.freedesktop.org/show_bug.cgi?id=106981 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902175 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12648.html + + + + + + + + + + CVE-2018-12689 on Ubuntu 20.04 (focal) - medium. + phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-22 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902186 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12689.html + https://www.exploit-db.com/exploits/44926/ + + + + + + + + + + CVE-2018-12697 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-23 23:29:00 UTC + 2018-06-23 23:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 + https://sourceware.org/bugzilla/show_bug.cgi?id=23057 + https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12697.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-12698 on Ubuntu 20.04 (focal) - low. + demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-23 23:29:00 UTC + 2018-06-23 23:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 + https://sourceware.org/bugzilla/show_bug.cgi?id=23057 + https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12698.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-12699 on Ubuntu 20.04 (focal) - low. + finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-23 23:29:00 UTC + 2018-06-23 23:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 + https://sourceware.org/bugzilla/show_bug.cgi?id=23057 + https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12699.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-12700 on Ubuntu 20.04 (focal) - low. + A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-23 23:29:00 UTC + 2018-06-23 23:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 + https://sourceware.org/bugzilla/show_bug.cgi?id=23057 + https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763102 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12700.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-12713 on Ubuntu 20.04 (focal) - low. + GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-24 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12713.html + https://github.com/GNOME/gimp/commit/c21eff4b031acb04fb4dfce8bd5fdfecc2b6524f + https://gitlab.gnome.org/GNOME/gimp/issues/1689 + + + + + + + + + + CVE-2018-1285 on Ubuntu 20.04 (focal) - medium. + Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-11 17:15:00 UTC + 2020-05-11 17:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1285.html + https://issues.apache.org/jira/browse/LOG4NET-575 + https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7 + https://lists.apache.org/thread.html/reab1c277c95310bad1038255e0757857b2fbe291411b4fa84552028a%40%3Cdev.logging.apache.org%3E + https://ubuntu.com/security/notices/USN-4699-1 + + + + + + + + + + CVE-2018-1287 on Ubuntu 20.04 (focal) - untriaged. + In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-02-14 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1287.html + http://www.openwall.com/lists/oss-security/2018/02/11/2 + https://bz.apache.org/bugzilla/show_bug.cgi?id=62039 + + + + + + + + + + CVE-2018-12886 on Ubuntu 20.04 (focal) - low. + stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-22 19:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85434 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12886.html + + + + mdeslaur> Upstream has fixed this in GCC9 only as of 2019-05-30. mdeslaur> 32-bit ARM only, risky backport, and would require archive mdeslaur> rebuild. mdeslaur> Setting priority as low for now, we may decide this issue is mdeslaur> not worth fixing in stable releases. + + + + + + + + + + + + + + + + + + CVE-2018-12891 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-02 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12891.html + https://xenbits.xen.org/xsa/advisory-264.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-12892 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-02 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12892.html + https://xenbits.xen.org/xsa/advisory-266.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-12893 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-02 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12893.html + https://xenbits.xen.org/xsa/advisory-265.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-12895 on Ubuntu 20.04 (focal) - medium. + WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12895.html + https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/ + + + + + + + + + + CVE-2018-12911 on Ubuntu 20.04 (focal) - medium. + WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-19 13:29:00 UTC + 2018-07-19 + mdeslaur + https://bugs.webkit.org/show_bug.cgi?id=186554 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12911.html + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-12928 on Ubuntu 20.04 (focal) - negligible. + In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-06-28 14:29:00 UTC + Sergej Schumilo + https://launchpad.net/bugs/1763384 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12928.html + https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2 + https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ + https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/ + + + + sbeattie> As of 2019-09-06, there is no upstream fix available + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-12929 on Ubuntu 20.04 (focal) - low. + ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-28 14:29:00 UTC + Sergej Schumilo and Cornelius Aschermann + https://launchpad.net/bugs/1763403 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12929.html + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403 + https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2 + + + + sbeattie> As of 2019-09-06, there is no upstream fix available + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-12930 on Ubuntu 20.04 (focal) - low. + ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-28 14:29:00 UTC + Sergej Schumilo and Cornelius Aschermann + https://launchpad.net/bugs/1763403 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12930.html + https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2 + + + + sbeattie> As of 2019-09-06, there is no upstream fix available + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-12931 on Ubuntu 20.04 (focal) - low. + ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-28 14:29:00 UTC + Sergej Schumilo and Cornelius Aschermann + https://launchpad.net/bugs/1763403 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12931.html + https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2 + + + + sbeattie> As of 2019-09-06, there is no upstream fix available + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-12932 on Ubuntu 20.04 (focal) - medium. + PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-28 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12932.html + https://bugs.winehq.org/show_bug.cgi?id=45105 + https://bugs.winehq.org/attachment.cgi?id=61284 + https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d + https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949 + https://bugs.launchpad.net/ubuntu/+source/wine/+bug/1764719 + + + + + + + + + + CVE-2018-12933 on Ubuntu 20.04 (focal) - medium. + PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-28 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12933.html + https://bugs.winehq.org/show_bug.cgi?id=45106 + https://bugs.winehq.org/attachment.cgi?id=61285 + https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d + https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949 + https://bugs.launchpad.net/ubuntu/+source/wine/+bug/1764719 + + + + + + + + + + CVE-2018-12934 on Ubuntu 20.04 (focal) - low. + remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-28 14:29:00 UTC + 2018-06-28 14:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 + https://sourceware.org/bugzilla/show_bug.cgi?id=23059 + https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763101 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12934.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + mdeslaur> issue is actually in libiberty + + + + + + + + + CVE-2018-1297 on Ubuntu 20.04 (focal) - untriaged. + When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-02-13 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1297.html + http://www.openwall.com/lists/oss-security/2018/02/11/1 + https://bz.apache.org/bugzilla/show_bug.cgi?id=62039 + + + + + + + + + + CVE-2018-12982 on Ubuntu 20.04 (focal) - low. + Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-29 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12982.html + https://bugzilla.redhat.com/show_bug.cgi?id=1595689 + + + + + + + + + + CVE-2018-12983 on Ubuntu 20.04 (focal) - low. + A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-29 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12983.html + https://bugzilla.redhat.com/show_bug.cgi?id=1595693 + + + + + + + + + + CVE-2018-13005 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-29 14:29:00 UTC + 2018-06-29 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13005.html + https://github.com/gpac/gpac/issues/1088 + https://ubuntu.com/security/notices/USN-3926-1 + + + + + + + + + + CVE-2018-13006 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-29 14:29:00 UTC + 2018-06-29 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13006.html + https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86 + https://ubuntu.com/security/notices/USN-3926-1 + + + + + + + + + + CVE-2018-13033 on Ubuntu 20.04 (focal) - low. + The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-01 16:29:00 UTC + 2018-07-01 16:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23361 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13033.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + mdeslaur> same commit as CVE-2018-8945 + + + + + + + + + CVE-2018-13054 on Ubuntu 20.04 (focal) - high. + An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content. Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged user could potentially use this vulnerability to overwrite arbitrary files as root. + + Ubuntu 20.04 + + + + High + Copyright (C) 2018 Canonical Ltd. + 2018-07-02 14:29:00 UTC + Matthias Gerstner + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13054.html + https://github.com/linuxmint/Cinnamon/pull/7683 + https://github.com/linuxmint/Cinnamon/commit/66e54f43f179fdf041a3e5232178a9910963cfb5 + https://bugzilla.suse.com/show_bug.cgi?id=1083067 + + + + + + + + + + CVE-2018-13065 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-03 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13065.html + https://hackings8n.blogspot.com/2018/07/cve-2018-13065-modsecurity-300-has-xss.html + + + + + + + + + + CVE-2018-1311 on Ubuntu 20.04 (focal) - medium. + The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1311.html + https://marc.info/?l=xerces-c-users&m=157653840106914&w=2 + http://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt + https://issues.apache.org/jira/projects/XERCESC/issues/XERCESC-2188 + + + + + + + + + + CVE-2018-13112 on Ubuntu 20.04 (focal) - untriaged. + get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-07-03 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902952 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13112.html + https://github.com/appneta/tcpreplay/issues/477 + + + + + + + + + + CVE-2018-1313 on Ubuntu 20.04 (focal) - untriaged. + In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-05-07 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1313.html + http://www.openwall.com/lists/oss-security/2018/05/05/1 + https://markmail.org/message/akkappppxcdqrgxk + + + + + + + + + + CVE-2018-1318 on Ubuntu 20.04 (focal) - low. + Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-29 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1318.html + http://www.openwall.com/lists/oss-security/2018/08/29/3 + https://github.com/apache/trafficserver/pull/3195 + + + + + + + + + + CVE-2018-1324 on Ubuntu 20.04 (focal) - low. + A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-16 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1324.html + https://lists.apache.org/thread.html/1c7b6df6d1c5c8583518a0afa017782924918e4d6acfaf23ed5b2089@%3Cdev.commons.apache.org%3E + + + + + + + + + + CVE-2018-13258 on Ubuntu 20.04 (focal) - negligible. + Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-10-04 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13258.html + https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html + https://phabricator.wikimedia.org/T199029 + + + + + + + + + + CVE-2018-13300 on Ubuntu 20.04 (focal) - medium. + In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-05 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13300.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version ebarretto> ffmpeg 2.8 has a subtle difference in the code that make it ebarretto> not affected. + + + + + + + + + + + + + + + + CVE-2018-13301 on Ubuntu 20.04 (focal) - low. + In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-05 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13301.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version + + + + + + + + + + + + + + + CVE-2018-13302 on Ubuntu 20.04 (focal) - medium. + In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-05 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13302.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version + + + + + + + + + + + + + + + + CVE-2018-13303 on Ubuntu 20.04 (focal) - low. + In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-05 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13303.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version + + + + + + + + + + + + + + + + CVE-2018-13304 on Ubuntu 20.04 (focal) - medium. + In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-05 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13304.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version + + + + + + + + + + + + + + + + + CVE-2018-13305 on Ubuntu 20.04 (focal) - medium. + In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-05 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13305.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version + + + + + + + + + + + + + + CVE-2018-1335 on Ubuntu 20.04 (focal) - untriaged. + From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-25 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1335.html + http://www.openwall.com/lists/oss-security/2018/04/25/8 + https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E + + + + + + + + + + CVE-2018-1338 on Ubuntu 20.04 (focal) - untriaged. + A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-25 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1338.html + http://www.openwall.com/lists/oss-security/2018/04/25/6 + https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E + + + + + + + + + + CVE-2018-1339 on Ubuntu 20.04 (focal) - untriaged. + A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-25 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1339.html + http://www.openwall.com/lists/oss-security/2018/04/25/7 + https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E + + + + + + + + + + CVE-2018-13410 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-06 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13410.html + http://seclists.org/fulldisclosure/2018/Jul/24 + + + + + + + + + + CVE-2018-13440 on Ubuntu 20.04 (focal) - low. + The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-08 16:29:00 UTC + 2018-07-08 + https://github.com/mpruett/audiofile/issues/49 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903499 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13440.html + https://ubuntu.com/security/notices/USN-3800-1 + + + + ebarretto> It looks like upstream is not active anymore, some of the open CVEs ebarretto> have a proposed fix on a fork. ebarretto> Marking as deferred for now. + + + + + + + + + CVE-2018-13794 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-09 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13794.html + https://github.com/posva/catimg/issues/34 + + + + + + + + + + CVE-2018-13797 on Ubuntu 20.04 (focal) - medium. + The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13797.html + https://github.com/scravy/node-macaddress/pull/20 + https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332 + https://github.com/scravy/node-macaddress/pull/20/ + https://github.com/scravy/node-macaddress/releases/tag/0.2.9 + https://news.ycombinator.com/item?id=17283394 + + + + + + + + + + CVE-2018-13843 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13843.html + https://github.com/samtools/htslib/issues/731#issue-339662537 + + + + msalvatore> Memory leak occurs in test program + + + + + + + + + CVE-2018-13845 on Ubuntu 20.04 (focal) - medium. + An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c. It was discovered that HTSlib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13845.html + https://github.com/samtools/htslib/issues/731#issuecomment-403681105 + + + + + + + + + + CVE-2018-13866 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13866.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + + + + + + + + + + CVE-2018-13867 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13867.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + + + + + + + + + + CVE-2018-13868 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13868.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + + + + + + + + + + CVE-2018-13869 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13869.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + + + + + + + + + + CVE-2018-13870 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13870.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + + + + + + + + + + CVE-2018-13871 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13871.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + + + + + + + + + + CVE-2018-13872 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13872.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + + + + + + + + + + CVE-2018-13874 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13874.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + + + + + + + + + + CVE-2018-13875 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13875.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + + + + + + + + + + CVE-2018-13876 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13876.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + + + + + + + + + + CVE-2018-13982 on Ubuntu 20.04 (focal) - medium. + Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-18 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13982.html + https://www.openwall.com/lists/oss-security/2018/09/17/4 + https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal + + + + + + + + + + CVE-2018-14015 on Ubuntu 20.04 (focal) - medium. + The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-12 20:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14015.html + https://github.com/radare/radare2/issues/10465 + + + + + + + + + + CVE-2018-14016 on Ubuntu 20.04 (focal) - medium. + The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-12 20:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14016.html + https://github.com/radare/radare2/issues/10464 + + + + + + + + + + CVE-2018-14017 on Ubuntu 20.04 (focal) - medium. + The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-12 20:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14017.html + https://github.com/radare/radare2/issues/10498 + + + + + + + + + + CVE-2018-14028 on Ubuntu 20.04 (focal) - medium. + In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-10 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14028.html + https://core.trac.wordpress.org/ticket/44710 + https://github.com/rastating/wordpress-exploit-framework/pull/52 + https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/ + + + + + + + + + + CVE-2018-14031 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14031.html + https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md + + + + + + + + + + CVE-2018-14033 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14033.html + https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md + + + + + + + + + + CVE-2018-14034 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14034.html + https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md + + + + + + + + + + CVE-2018-14035 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14035.html + https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md + + + + + + + + + + CVE-2018-14040 on Ubuntu 20.04 (focal) - medium. + In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14040.html + https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/ + https://github.com/twbs/bootstrap/issues/26423 + https://github.com/twbs/bootstrap/issues/26625 + https://github.com/twbs/bootstrap/pull/26630 + + + + + + + + + + CVE-2018-14042 on Ubuntu 20.04 (focal) - medium. + In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14042.html + https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/ + https://github.com/twbs/bootstrap/issues/26423 + https://github.com/twbs/bootstrap/issues/26628 + https://github.com/twbs/bootstrap/pull/26630 + + + + + + + + + + CVE-2018-14044 on Ubuntu 20.04 (focal) - medium. + The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905504 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14044.html + https://gitlab.com/soundtouch/soundtouch/issues/7 + https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md + + + + + + + + + + CVE-2018-14045 on Ubuntu 20.04 (focal) - medium. + The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905504 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14045.html + https://gitlab.com/soundtouch/soundtouch/issues/7 + https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md + + + + + + + + + + CVE-2018-14048 on Ubuntu 20.04 (focal) - low. + An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 16:29:00 UTC + https://github.com/glennrp/libpng/issues/238 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14048.html + https://github.com/fouzhe/security/tree/master/libpng + + + + + + + + + + CVE-2018-14072 on Ubuntu 20.04 (focal) - low. + libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-15 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903858 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14072.html + https://github.com/saitoha/libsixel/issues/67#issue-341198610 + + + + + + + + + + CVE-2018-14073 on Ubuntu 20.04 (focal) - low. + libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-15 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903858 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14073.html + https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926 + + + + + + + + + + CVE-2018-14320 on Ubuntu 20.04 (focal) - medium. + This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-17 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14320.html + https://www.zerodayinitiative.com/advisories/ZDI-18-1046/ + + + + + + + + + + CVE-2018-14329 on Ubuntu 20.04 (focal) - negligible. + In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14329.html + https://github.com/samtools/htslib/issues/736 + + + + ebarretto> Neutralised by kernel hardening ebarretto> Upstream won't be fixing it + + + + + + + + + CVE-2018-14332 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-19 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14332.html + https://github.com/clementine-player/Clementine/issues/6078 + https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332 + https://github.com/clementine-player/Clementine/blob/e5ab3e786f9adde12cec3cc90cfe8c1cc6b06320/src/moodbar/moodbarpipeline.cpp#L155 + + + + + + + + + + CVE-2018-14335 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-24 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14335.html + https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20 + + + + + + + + + + CVE-2018-14337 on Ubuntu 20.04 (focal) - medium. + The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 03:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903985 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14337.html + https://github.com/mruby/mruby/issues/4062 + https://github.com/mruby/mruby/commit/695f29cd604787f43be1af16e38d13610bf8312b + https://github.com/mruby/mruby/commit/adb1eae912659d680a9c5b7832e22cf73d36a69a + + + + + + + + + + CVE-2018-14345 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14345.html + https://bugzilla.suse.com/show_bug.cgi?id=1101450 + https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98 + + + + + + + + + + CVE-2018-14346 on Ubuntu 20.04 (focal) - medium. + GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). It was discovered that Libextractor incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 15:29:00 UTC + 2018-07-17 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14346.html + http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html + https://gnunet.org/git/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2018-14347 on Ubuntu 20.04 (focal) - medium. + GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). It was discovered that Libextractor incorrectly handled malformed files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 15:29:00 UTC + 2018-07-17 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14347.html + http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html + https://gnunet.org/bugs/view.php?id=5399 + https://gnunet.org/git/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394 + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2018-14348 on Ubuntu 20.04 (focal) - medium. + libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. It was discovered that libcgroup incorrectly handled log file permissions. An attacker could possibly use thise issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-14 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14348.html + https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/ + + + + + + + + + + CVE-2018-14349 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14349.html + https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1 + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14350 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14350.html + https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485 + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14351 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14351.html + https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741 + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14352 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14352.html + https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4 + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14353 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14353.html + https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23 + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14354 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14354.html + https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14355 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14355.html + https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14356 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14356.html + https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82 + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14357 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14357.html + https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725 + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14358 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14358.html + https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485 + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14359 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14359.html + https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85 + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14360 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14360.html + https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3 + https://neomutt.org/2018/07/16/release + + + + + + + + + + CVE-2018-14361 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14361.html + https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585 + https://neomutt.org/2018/07/16/release + + + + + + + + + + CVE-2018-14362 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + 2018-07-17 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14362.html + https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e + http://www.mutt.org/news.html + https://neomutt.org/2018/07/16/release + https://ubuntu.com/security/notices/USN-3719-1 + https://ubuntu.com/security/notices/USN-3719-2 + https://ubuntu.com/security/notices/USN-3719-3 + + + + + + + + + + + + + CVE-2018-14363 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-17 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14363.html + https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e + https://neomutt.org/2018/07/16/release + + + + + + + + + + CVE-2018-14371 on Ubuntu 20.04 (focal) - medium. + The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14371.html + https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24 + https://github.com/javaserverfaces/mojarra/issues/4364 + + + + + + + + + + CVE-2018-14424 on Ubuntu 20.04 (focal) - medium. + The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-14 18:29:00 UTC + 2018-08-13 + https://gitlab.gnome.org/GNOME/gdm/issues/401 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14424.html + https://ubuntu.com/security/notices/USN-3737-1 + + + + + + + + + + CVE-2018-14449 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14449.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14450 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14450.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14451 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14451.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14452 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14452.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14453 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14453.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14454 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14454.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14455 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14455.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14456 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14456.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14457 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14457.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14458 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14458.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14459 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14459.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + + + + + + + + + + CVE-2018-14460 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-20 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14460.html + https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md + + + + + + + + + + CVE-2018-14473 on Ubuntu 20.04 (focal) - medium. + OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-04 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905396 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14473.html + https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/ + + + + + + + + + + CVE-2018-14505 on Ubuntu 20.04 (focal) - medium. + mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-22 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14505.html + https://github.com/mitmproxy/mitmproxy/issues/3234 + https://github.com/mitmproxy/mitmproxy/pull/3243 + + + + + + + + + + CVE-2018-14521 on Ubuntu 20.04 (focal) - low. + An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14521.html + https://github.com/aubio/aubio/issues/187 + + + + + + + + + + CVE-2018-14522 on Ubuntu 20.04 (focal) - low. + An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14522.html + https://github.com/aubio/aubio/issues/188 + + + + + + + + + + CVE-2018-14523 on Ubuntu 20.04 (focal) - low. + An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14523.html + https://github.com/aubio/aubio/issues/189 + + + + + + + + + + CVE-2018-14553 on Ubuntu 20.04 (focal) - low. + gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-11 13:15:00 UTC + 2020-02-11 13:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1599032 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951287 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14553.html + https://github.com/libgd/libgd/pull/580 + https://ubuntu.com/security/notices/USN-4316-2 + https://ubuntu.com/security/notices/USN-4316-1 + + + + mdeslaur> php uses the system libgd2 + + + + + + + + + + + + CVE-2018-14593 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-04 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14593.html + https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/ + https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de + + + + + + + + + + CVE-2018-14624 on Ubuntu 20.04 (focal) - medium. + A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907778 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14624.html + + + + + + + + + + CVE-2018-14626 on Ubuntu 20.04 (focal) - medium. + PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-29 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14626.html + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html + https://downloads.powerdns.com/patches/2018-05/ + https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html + https://downloads.powerdns.com/patches/2018-06/ + + + + + + + + + + + + + CVE-2018-14635 on Ubuntu 20.04 (focal) - negligible. + When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-09-10 19:29:00 UTC + https://bugs.launchpad.net/neutron/+bug/1757482 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14635.html + + + + + + + + + + CVE-2018-14636 on Ubuntu 20.04 (focal) - low. + Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-10 19:29:00 UTC + https://bugs.launchpad.net/neutron/+bug/1734320 + https://bugs.launchpad.net/neutron/+bug/1767422 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14636.html + + + + + + + + + + CVE-2018-14638 on Ubuntu 20.04 (focal) - medium. + A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-14 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908859 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14638.html + https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638 + + + + + + + + + + CVE-2018-14642 on Ubuntu 20.04 (focal) - medium. + An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14642.html + https://bugzilla.redhat.com/show_bug.cgi?id=1628702 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642 + + + + + + + + + + CVE-2018-14644 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-09 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14644.html + https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html + https://downloads.powerdns.com/patches/2018-07/ + + + + + + + + + + + + + CVE-2018-14647 on Ubuntu 20.04 (focal) - medium. + Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-25 00:29:00 UTC + 2018-09-24 + mdeslaur + https://bugs.python.org/issue34623 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14647.html + https://ubuntu.com/security/notices/USN-3817-1 + https://ubuntu.com/security/notices/USN-3817-2 + + + + + + + + + + CVE-2018-14648 on Ubuntu 20.04 (focal) - medium. + A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-28 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14648.html + https://bugzilla.redhat.com/show_bug.cgi?id=1630668 + + + + + + + + + + CVE-2018-14651 on Ubuntu 20.04 (focal) - medium. + It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. It was discovered that the fix for CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930 was incomplete. A remote authenticated attacker could possibly use this issue to execute arbitrary code or cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-31 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14651.html + https://www.openwall.com/lists/oss-security/2018/10/31/5 + https://bugzilla.redhat.com/show_bug.cgi?id=1632557 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651 + + + + + + + + + + CVE-2018-14653 on Ubuntu 20.04 (focal) - medium. + The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. It was discovered that GlusterFS incorrectly handled RPC requests. A remote authenticated attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-31 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14653.html + https://www.openwall.com/lists/oss-security/2018/10/31/5 + https://bugzilla.redhat.com/show_bug.cgi?id=1633431 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14653 + + + + + + + + + + CVE-2018-14654 on Ubuntu 20.04 (focal) - medium. + The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. It was discovered that GlusterFS incorrectly handled mount volumes operation. A remote attacker could possibly use this issue to create arbitrary files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-31 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14654.html + https://www.openwall.com/lists/oss-security/2018/10/31/5 + https://bugzilla.redhat.com/show_bug.cgi?id=1631576 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654 + + + + + + + + + + CVE-2018-14659 on Ubuntu 20.04 (focal) - medium. + The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. It was discovered that GlusterFS incorrectly handled certain files. A remote authenticated attacker could possibly use this issue to create arbitrary files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-31 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14659.html + https://www.openwall.com/lists/oss-security/2018/10/31/5 + https://bugzilla.redhat.com/show_bug.cgi?id=1635929 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659 + + + + + + + + + + CVE-2018-14660 on Ubuntu 20.04 (focal) - medium. + A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. It was discovered that GlusterFS incorrectly handled certain inputs. A remote authenticated attacker could possibly use this is issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-01 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14660.html + https://www.openwall.com/lists/oss-security/2018/10/31/5 + https://bugzilla.redhat.com/show_bug.cgi?id=1635926 + + + + + + + + + + CVE-2018-14661 on Ubuntu 20.04 (focal) - medium. + It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. It was discovered that GlusterFS incorrectly handled strings. A remote authenticated attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-31 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14661.html + https://www.openwall.com/lists/oss-security/2018/10/31/5 + https://bugzilla.redhat.com/show_bug.cgi?id=1636880 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661 + + + + + + + + + + CVE-2018-14662 on Ubuntu 20.04 (focal) - medium. + It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-15 21:29:00 UTC + 2019-01-15 + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1637327 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921948 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14662.html + https://ubuntu.com/security/notices/USN-4035-1 + + + + + + + + + + CVE-2018-14663 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-26 23:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913231 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14663.html + https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html + + + + + + + + + + CVE-2018-14668 on Ubuntu 20.04 (focal) - medium. + In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14668.html + https://clickhouse.yandex/docs/en/security_changelog/ + + + + + + + + + + CVE-2018-14669 on Ubuntu 20.04 (focal) - medium. + ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14669.html + https://clickhouse.yandex/docs/en/security_changelog/ + + + + + + + + + + CVE-2018-14670 on Ubuntu 20.04 (focal) - medium. + Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14670.html + https://clickhouse.yandex/docs/en/security_changelog/ + + + + + + + + + + CVE-2018-14671 on Ubuntu 20.04 (focal) - medium. + In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14671.html + https://clickhouse.yandex/docs/en/security_changelog/ + + + + + + + + + + CVE-2018-14672 on Ubuntu 20.04 (focal) - medium. + In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14672.html + https://clickhouse.yandex/docs/en/security_changelog/ + + + + + + + + + + CVE-2018-14718 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14718.html + https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44 + https://github.com/FasterXML/jackson-databind/issues/2097 + https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7 + + + + + + + + + + CVE-2018-14719 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14719.html + https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44 + https://github.com/FasterXML/jackson-databind/issues/2097 + https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7 + + + + + + + + + + CVE-2018-14720 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute XML entity (XXE) attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14720.html + https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44 + https://github.com/FasterXML/jackson-databind/issues/2097 + https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7 + + + + + + + + + + CVE-2018-14721 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute server-side request forgery (SSRF). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14721.html + https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44 + https://github.com/FasterXML/jackson-databind/issues/2097 + https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7 + + + + + + + + + + CVE-2018-14722 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-15 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906131 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14722.html + https://bugzilla.suse.com/show_bug.cgi?id=1102721 + + + + + + + + + + CVE-2018-14767 on Ubuntu 20.04 (focal) - low. + In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-31 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14767.html + https://skalatan.de/blog/advisory-hw-2018-05 + + + + + + + + + + CVE-2018-14773 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \Symfony\Component\HttpFoundation\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-03 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14773.html + https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers + + + + + + + + + + CVE-2018-14774 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-03 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14774.html + https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache + + + + + + + + + + CVE-2018-14779 on Ubuntu 20.04 (focal) - high. + A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard. It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager. + + Ubuntu 20.04 + + + + High + Copyright (C) 2018 Canonical Ltd. + 2018-08-15 18:29:00 UTC + 2018-08-15 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906128 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14779.html + https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/ + https://ubuntu.com/security/notices/USN-4276-1 + + + + + + + + + + CVE-2018-14780 on Ubuntu 20.04 (focal) - high. + An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer. It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager. + + Ubuntu 20.04 + + + + High + Copyright (C) 2018 Canonical Ltd. + 2018-08-15 18:29:00 UTC + 2018-08-15 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906128 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14780.html + https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/ + https://ubuntu.com/security/notices/USN-4276-1 + + + + + + + + + + CVE-2018-14912 on Ubuntu 20.04 (focal) - medium. + cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-03 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905382 + https://bugs.launchpad.net/ubuntu/+source/cgit/+bug/1787021 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14912.html + https://bugs.chromium.org/p/project-zero/issues/detail?id=1627 + https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html + https://git.zx2c4.com/cgit/commit/?id=53efaf30b50f095cad8c160488c74bba3e3b2680 + + + + + + + + + + CVE-2018-14938 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service). It was discovered that tcpflow mishandled certain crafted input, resulting in an integer overflow. An attacker could use this vulnerability to leak sensitive information or cause a denial of service (crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-05 03:29:00 UTC + 2018-08-04 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905483 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14938.html + https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb + https://github.com/simsong/tcpflow/issues/182 + https://ubuntu.com/security/notices/USN-3955-1 + + + + + + + + + + CVE-2018-15158 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-01 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15158.html + https://github.com/libyal/libesedb/issues/43 + + + + + + + + + + CVE-2018-15159 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-01 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15159.html + https://github.com/libyal/libesedb/issues/43 + + + + + + + + + + CVE-2018-15160 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-01 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15160.html + https://github.com/libyal/libesedb/issues/43 + + + + + + + + + + CVE-2018-15161 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-01 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15161.html + https://github.com/libyal/libesedb/issues/43 + + + + + + + + + + CVE-2018-15173 on Ubuntu 20.04 (focal) - low. + Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-08 00:29:00 UTC + https://github.com/nmap/nmap/issues/1147 + https://github.com/nmap/nmap/issues/1108 + https://github.com/nmap/nmap/issues/1196 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15173.html + http://code610.blogspot.com/2018/07/crashing-nmap-760.html + http://code610.blogspot.com/2018/07/crashing-nmap-770.html + https://seclists.org/nmap-announce/2019/0 + + + + sbeattie| additional commits may be needed to be pulled from GH#1196 + + + + + + + + + CVE-2018-15468 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-17 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15468.html + https://xenbits.xen.org/xsa/advisory-269.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-15469 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-17 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15469.html + https://xenbits.xen.org/xsa/advisory-268.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-15470 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-17 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15470.html + https://xenbits.xen.org/xsa/advisory-272.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-15474 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-07 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15474.html + https://github.com/splitbrain/dokuwiki/issues/2450 + https://seclists.org/fulldisclosure/2018/Sep/4 + https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/ + + + + + + + + + + CVE-2018-15494 on Ubuntu 20.04 (focal) - medium. + In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-18 02:29:00 UTC + Moritz Bechler + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906540 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15494.html + https://github.com/dojo/dojox/pull/283 + https://dojotoolkit.org/blog/dojo-1-14-released + + + + + + + + + + CVE-2018-15501 on Ubuntu 20.04 (focal) - medium. + In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15501.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406 + https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649 + https://bugzilla.suse.com/show_bug.cgi?id=1104641 + https://github.com/libgit2/libgit2/releases/tag/v0.26.6 + https://github.com/libgit2/libgit2/releases/tag/v0.27.4 + https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html + + + + + + + + + + CVE-2018-15537 on Ubuntu 20.04 (focal) - medium. + Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-29 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15537.html + http://packetstormsecurity.com/files/150330/OCS-Inventory-NG-ocsreports-Shell-Upload.html + http://seclists.org/fulldisclosure/2018/Nov/40 + + + + + + + + + + CVE-2018-15587 on Ubuntu 20.04 (focal) - medium. + GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-11 17:29:00 UTC + 2019-02-11 + Hanno Böck (1) and Marcus Brinkmann (2) + https://gitlab.gnome.org/GNOME/evolution/issues/120 + https://bugzilla.gnome.org/show_bug.cgi?id=796424 + https://gitlab.gnome.org/GNOME/evolution-data-server/issues/3 + https://gitlab.gnome.org/GNOME/evolution-data-server/issues/75 + https://dev.gnupg.org/T4000 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15587.html + https://ubuntu.com/security/notices/USN-3998-1 + + + + mdeslaur> looks like there are two issues here: mdeslaur> #1- evolution shows security bar at bottom of message mdeslaur> #2- mail that is not encrypted looks encrypted + + + + + + + + + + + + CVE-2018-15599 on Ubuntu 20.04 (focal) - low. + The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-21 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15599.html + http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html + http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002109.html + https://old.reddit.com/r/blackhat/comments/97ywnm/openssh_username_enumeration/e4e05n2/ + + + + + + + + + + CVE-2018-15671 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-21 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15671.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb + + + + + + + + + + CVE-2018-15834 on Ubuntu 20.04 (focal) - medium. + In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-12 16:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15834.html + https://github.com/radare/radare2/issues/11274 + https://github.com/radare/radare2/pull/11300 + + + + + + + + + + CVE-2018-15869 on Ubuntu 20.04 (focal) - medium. + An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-25 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907298 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15869.html + https://github.com/hashicorp/packer/issues/6584 + https://github.com/aws/aws-cli/issues/3629 + + + + msalvatore> This CVE may actually be against hashicorp/packer instead of awscli. Monitor https://github.com/hashicorp/packer/issues/6584 to see if this actually affects awscli. redhat> Closing this bug as NOTABUG and asked MITRE for rejection, since the issue does not seem to be in AWS CLI but in Packer. msalvatore> Amazon has addressed this: "The ability to query for images without msalvatore> specifying an owner is the intended design." "This seems to have msalvatore> been a gap in 3rd party software" msalvatore> Ignoring awscli package. + + + + + + + + + CVE-2018-16062 on Ubuntu 20.04 (focal) - low. + dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-29 03:29:00 UTC + 2018-08-28 + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=23541 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907562 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16062.html + https://ubuntu.com/security/notices/USN-4012-1 + + + + + + + + + + CVE-2018-16140 on Ubuntu 20.04 (focal) - medium. + A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-30 01:29:00 UTC + 2018-08-29 + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907660 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16140.html + https://sourceforge.net/p/mcj/tickets/28/ + https://ubuntu.com/security/notices/USN-3760-1 + + + + + + + + + + CVE-2018-16368 on Ubuntu 20.04 (focal) - medium. + SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-03 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16368.html + https://github.com/TeamSeri0us/pocs/tree/master/xpdf + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication that this affects poppler, marking as not-affected + + + + + + + + + + + + CVE-2018-16369 on Ubuntu 20.04 (focal) - medium. + XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-03 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16369.html + https://github.com/TeamSeri0us/pocs/tree/master/xpdf + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication that this affects poppler, marking as not-affected + + + + + + + + + + + + CVE-2018-16382 on Ubuntu 20.04 (focal) - negligible. + Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-09-03 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907866 + https://bugzilla.nasm.us/show_bug.cgi?id=3392503 + https://bugzilla.nasm.us/show_bug.cgi?id=3392447 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16382.html + + + + mdeslaur> same fix as CVE-2018-8883 + + + + + + + + + CVE-2018-16384 on Ubuntu 20.04 (focal) - medium. + A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-03 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16384.html + https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1167 + + + + + + + + + + CVE-2018-16391 on Ubuntu 20.04 (focal) - medium. + Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-03 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16391.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16392 on Ubuntu 20.04 (focal) - medium. + Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-03 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16392.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16393 on Ubuntu 20.04 (focal) - medium. + Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-03 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16393.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16402 on Ubuntu 20.04 (focal) - low. + libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-03 19:29:00 UTC + 2018-09-03 + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=23528 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16402.html + https://ubuntu.com/security/notices/USN-4012-1 + + + + + + + + + + CVE-2018-16403 on Ubuntu 20.04 (focal) - low. + libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-03 19:29:00 UTC + 2018-09-03 + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=23529 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16403.html + https://ubuntu.com/security/notices/USN-4012-1 + + + + + + + + + + CVE-2018-16418 on Ubuntu 20.04 (focal) - medium. + A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16418.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16419 on Ubuntu 20.04 (focal) - medium. + Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16419.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16420 on Ubuntu 20.04 (focal) - medium. + Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16420.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16421 on Ubuntu 20.04 (focal) - medium. + Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16421.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16422 on Ubuntu 20.04 (focal) - medium. + A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16422.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16423 on Ubuntu 20.04 (focal) - medium. + A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16423.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16424 on Ubuntu 20.04 (focal) - medium. + A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16424.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16425 on Ubuntu 20.04 (focal) - medium. + A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16425.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16426 on Ubuntu 20.04 (focal) - medium. + Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16426.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16427 on Ubuntu 20.04 (focal) - medium. + Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16427.html + https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/ + https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1 + + + + + + + + + + CVE-2018-16430 on Ubuntu 20.04 (focal) - medium. + GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. It was discovered that Libextractor incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + 2018-09-04 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907987 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16430.html + https://gnunet.org/bugs/view.php?id=5405 + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2018-16438 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-04 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16438.html + https://github.com/TeamSeri0us/pocs/tree/master/hdf5/h5stat + + + + + + + + + + CVE-2018-16468 on Ubuntu 20.04 (focal) - low. + In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-30 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16468.html + https://github.com/flavorjones/loofah/issues/154 + + + + + + + + + + CVE-2018-16469 on Ubuntu 20.04 (focal) - low. + The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-30 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16469.html + https://hackerone.com/reports/381194 + https://www.npmjs.com/advisories/722 + + + + + + + + + + CVE-2018-16471 on Ubuntu 20.04 (focal) - medium. + There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. It was discovered that Rack incorrectly handled carefully crafted requests. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-13 23:29:00 UTC + 2018-11-13 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913005 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16471.html + https://ubuntu.com/security/notices/USN-4089-1 + + + + + + + + + + CVE-2018-16472 on Ubuntu 20.04 (focal) - medium. + A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-06 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16472.html + https://hackerone.com/reports/390847 + + + + + + + + + + CVE-2018-16476 on Ubuntu 20.04 (focal) - medium. + A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-30 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16476.html + https://www.openwall.com/lists/oss-security/2018/11/27/4 + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2018-16487 on Ubuntu 20.04 (focal) - untriaged. + A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-02-01 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16487.html + https://hackerone.com/reports/380873 + + + + + + + + + + CVE-2018-16491 on Ubuntu 20.04 (focal) - untriaged. + A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-02-01 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16491.html + https://hackerone.com/reports/430831 + + + + + + + + + + CVE-2018-16492 on Ubuntu 20.04 (focal) - untriaged. + A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-02-01 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16492.html + https://hackerone.com/reports/381185 + https://www.npmjs.com/advisories/996 + + + + + + + + + + CVE-2018-16515 on Ubuntu 20.04 (focal) - medium. + Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-18 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908044 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16515.html + https://matrix.org/blog/2018/09/05/pre-disclosure-upcoming-critical-security-fix-for-synapse/ + https://github.com/matrix-org/synapse/issues/3796 + https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1 + + + + msalvatore> This CVE covers a few problems. To exploit the first, you must be msalvatore> "the administrator of any server in a room". To exploit the second msalvatore> two requires a "malicious server". + + + + + + + + + CVE-2018-16517 on Ubuntu 20.04 (focal) - negligible. + asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 23:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392513 + https://fakhrizulkifli.github.io/CVE-2018-16517.html + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16517.html + + + + + + + + + + CVE-2018-16548 on Ubuntu 20.04 (focal) - low. + An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-05 21:29:00 UTC + https://github.com/gdraheim/zziplib/issues/58 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910335 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16548.html + + + + + + + + + + CVE-2018-16586 on Ubuntu 20.04 (focal) - medium. + In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-28 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16586.html + https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2018-16587 on Ubuntu 20.04 (focal) - medium. + In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-28 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16587.html + https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2018-16647 on Ubuntu 20.04 (focal) - medium. + In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16647.html + https://bugs.ghostscript.com/show_bug.cgi?id=699686 + + + + + + + + + + CVE-2018-16648 on Ubuntu 20.04 (focal) - medium. + In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16648.html + https://bugs.ghostscript.com/show_bug.cgi?id=699685 + + + + + + + + + + CVE-2018-16657 on Ubuntu 20.04 (focal) - medium. + In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-07 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908324 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16657.html + https://skalatan.de/blog/advisory-hw-2018-06 + https://github.com/kamailio/kamailio/commit/ad68e402ece8089f133c10de6ce319f9e28c0692 (master) + https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d (5.1) + https://github.com/kamailio/kamailio/commit/f07dabffef98c7088cdbc2bd695a4ae7a241b159 (5.0) + + + + + + + + + + CVE-2018-16737 on Ubuntu 20.04 (focal) - medium. + tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16737.html + http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a + + + + + + + + + + CVE-2018-16738 on Ubuntu 20.04 (focal) - medium. + tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1. The authentication protocol allows an oracle attack that could potentially be exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16738.html + http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a + + + + + + + + + + CVE-2018-16741 on Ubuntu 20.04 (focal) - low. + An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16741.html + https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/ + + + + + + + + + + CVE-2018-16742 on Ubuntu 20.04 (focal) - low. + An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16742.html + https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/ + + + + + + + + + + CVE-2018-16743 on Ubuntu 20.04 (focal) - low. + An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16743.html + https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/ + + + + + + + + + + CVE-2018-16744 on Ubuntu 20.04 (focal) - low. + An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16744.html + https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/ + + + + + + + + + + CVE-2018-16745 on Ubuntu 20.04 (focal) - low. + An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16745.html + https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/ + + + + + + + + + + CVE-2018-16758 on Ubuntu 20.04 (focal) - medium. + Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. Prevent a MITM from forcing a NULL cipher for UDP + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-10 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16758.html + http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f + + + + + + + + + + CVE-2018-16789 on Ubuntu 20.04 (focal) - medium. + libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16789.html + https://github.com/shellinabox/shellinabox/pull/446 + + + + + + + + + + CVE-2018-16831 on Ubuntu 20.04 (focal) - medium. + Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-11 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16831.html + https://github.com/smarty-php/smarty/issues/486 + + + + + + + + + + CVE-2018-16837 on Ubuntu 20.04 (focal) - medium. + Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-23 15:29:00 UTC + 2018-10-23 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16837.html + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837 + https://github.com/ansible/ansible/pull/47436 + https://ubuntu.com/security/notices/USN-4072-1 + + + + + + + + + + CVE-2018-16838 on Ubuntu 20.04 (focal) - low. + A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 18:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1640820 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16838.html + + + + mdeslaur> introduced in https://github.com/SSSD/sssd/commit/60cab26b12 + + + + + + + + + CVE-2018-16846 on Ubuntu 20.04 (focal) - medium. + It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-15 18:29:00 UTC + 2019-01-15 + mdeslaur + http://tracker.ceph.com/issues/35994 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16846.html + https://ubuntu.com/security/notices/USN-4035-1 + + + + + + + + + + CVE-2018-16848 on Ubuntu 20.04 (focal) - medium. + A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16848.html + https://bugzilla.redhat.com/show_bug.cgi?id=1645332 + https://bugs.launchpad.net/mistral/+bug/1785657 + + + + + + + + + + CVE-2018-16849 on Ubuntu 20.04 (focal) - low. + A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-02 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912714 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16849.html + https://bugs.launchpad.net/mistral/+bug/1783708 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16849 + + + + + + + + + + CVE-2018-16855 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-03 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16855.html + https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html + + + + + + + + + + CVE-2018-16856 on Ubuntu 20.04 (focal) - untriaged. + In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-03-26 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16856.html + https://bugzilla.redhat.com/show_bug.cgi?id=1649165 + + + + + + + + + + CVE-2018-16868 on Ubuntu 20.04 (focal) - low. + A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-03 14:29:00 UTC + https://gitlab.com/gnutls/gnutls/issues/630 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16868.html + http://cat.eyalro.net/ + + + + mdeslaur> Fixing this requires fixing CVE-2018-16869 in nettle first, but mdeslaur> nettle changes are too intrusive to backport to stable releases. mdeslaur> In addition, the upstream gnutls28 fix appears to break OpenPGP mdeslaur> support when backported to the version in bionic. + + + + + + + + + CVE-2018-16869 on Ubuntu 20.04 (focal) - low. + A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-03 14:29:00 UTC + 2018-12-03 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16869.html + http://cat.eyalro.net/ + https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html + https://lists.debian.org/debian-lts/2019/03/msg00021.html + https://ubuntu.com/security/notices/USN-4990-1 + + + + mdeslaur> nettle changes are too intrusive to backport to stable releases + + + + + + + + + CVE-2018-16870 on Ubuntu 20.04 (focal) - medium. + It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-03 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16870.html + http://cat.eyalro.net/ + https://github.com/wolfSSL/wolfssl/pull/1950 + + + + + + + + + + CVE-2018-16883 on Ubuntu 20.04 (focal) - low. + sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-19 14:29:00 UTC + Christian Heimes + https://bugzilla.redhat.com/show_bug.cgi?id=1659862 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916824 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16883.html + + + + mdeslaur> fixed in 2.0.0 during code refactor mdeslaur> as of 2020-01-06, no minimal fixes available + + + + + + + + + CVE-2018-16886 on Ubuntu 20.04 (focal) - medium. + etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-14 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16886.html + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886 + https://github.com/etcd-io/etcd/pull/10366 + https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2 + https://github.com/etcd-io/etcd/commit/a9a9466fb8ba11ad7bb6a44d7446fbd072d59887 + https://github.com/etcd-io/etcd/commit/99704e2a97e8710da942bdc737417fc9c9a2c03f + https://github.com/etcd-io/etcd/commit/83c051b701d33261eef91a719e4421c81b000ba4 + https://github.com/etcd-io/etcd/pull/10386 (3.2 backport) + + + + msalvatore> Introduced by https://github.com/etcd-io/etcd/commit/0191509637546621d6f2e18e074e955ab8ef374d + + + + + + + + + CVE-2018-16947 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-12 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908616 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16947.html + http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt + + + + msalvatore> Per the upstream developers, "The in-tree backup suite is not believed to be in common msalvatore> use, so in that sense the impact is limited. Applying a strict firewall msalvatore> policy can also reduce the exposure of the butc to untrusted input and msalvatore> provide some level of remediation." + + + + + + + + + CVE-2018-16948 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-12 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908616 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16948.html + http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt + + + + + + + + + + CVE-2018-16949 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-12 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908616 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16949.html + http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt + + + + + + + + + + CVE-2018-16976 on Ubuntu 20.04 (focal) - medium. + Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-12 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16976.html + https://bugs.debian.org/908699 + https://github.com/sitaramc/gitolite/commit/dc13dfca8fdae5634bb0865f7e9822d2a268ed59 + https://groups.google.com/forum/#!topic/gitolite-announce/WrwDTYdbfRg + + + + + + + + + + CVE-2018-16981 on Ubuntu 20.04 (focal) - medium. + stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-12 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16981.html + https://github.com/nothings/stb/issues/656 + + + + + + + + + + + + + + + + + + + + + + CVE-2018-16982 on Ubuntu 20.04 (focal) - low. + Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-13 02:29:00 UTC + https://github.com/BYVoid/OpenCC/issues/303 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16982.html + + + + + + + + + + CVE-2018-16999 on Ubuntu 20.04 (focal) - low. + Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-13 16:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392508 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16999.html + + + + + + + + + + CVE-2018-17057 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-14 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908866 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17057.html + https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26e + https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed + + + + + + + + + + CVE-2018-17076 on Ubuntu 20.04 (focal) - medium. + GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-16 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908939 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17076.html + https://github.com/logological/gpp/issues/26 + + + + + + + + + + CVE-2018-17095 on Ubuntu 20.04 (focal) - medium. + An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-16 21:29:00 UTC + 2018-09-16 + leosilva + https://github.com/mpruett/audiofile/issues/50 + https://github.com/mpruett/audiofile/issues/51 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17095.html + https://ubuntu.com/security/notices/USN-3800-1 + + + + mdeslaur> no fix as of 2018-09-18 ebarretto> It looks like upstream is not active anymore, some of the open CVEs ebarretto> have a proposed fix on a fork. + + + + + + + + + CVE-2018-17096 on Ubuntu 20.04 (focal) - medium. + The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. It was discovered that SoundTouch incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-16 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17096.html + https://gitlab.com/soundtouch/soundtouch/issues/14 + https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03 + + + + + + + + + + CVE-2018-17097 on Ubuntu 20.04 (focal) - medium. + The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-16 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17097.html + https://gitlab.com/soundtouch/soundtouch/issues/14 + https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03 + + + + + + + + + + CVE-2018-17098 on Ubuntu 20.04 (focal) - medium. + The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-16 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17098.html + https://gitlab.com/soundtouch/soundtouch/issues/14 + https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/2018_09_03 + + + + + + + + + + CVE-2018-17175 on Ubuntu 20.04 (focal) - low. + In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only"). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-18 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909140 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17175.html + https://github.com/marshmallow-code/marshmallow/issues/772 + https://github.com/marshmallow-code/marshmallow/pull/777 + https://github.com/marshmallow-code/marshmallow/pull/782 + + + + + + + + + + CVE-2018-17187 on Ubuntu 20.04 (focal) - untriaged. + The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-11-13 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17187.html + https://qpid.apache.org/cves/CVE-2018-17187.html + https://issues.apache.org/jira/browse/PROTON-1962 + https://github.com/apache/qpid-proton-j/commit/0cb8ca03cec42120dcfc434561592d89a89a805e + https://mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E + + + + + + + + + + CVE-2018-17191 on Ubuntu 20.04 (focal) - medium. + Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-31 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17191.html + https://www.openwall.com/lists/oss-security/2018/12/30/1 + https://lists.apache.org/thread.html/d1c37966a316a326ab4ff4d4bc056322e8adcbe984e8145c0ecda7fa@%3Cdev.netbeans.apache.org%3E + + + + + + + + + + CVE-2018-17197 on Ubuntu 20.04 (focal) - medium. + A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-24 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17197.html + https://www.openwall.com/lists/oss-security/2018/12/22/2 + + + + + + + + + + CVE-2018-17231 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-19 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17231.html + + + + ebarretto> Disputed as attack scenario does not cross a privilege boundary. + + + + + + + + + CVE-2018-17233 on Ubuntu 20.04 (focal) - medium. + A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-20 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17233.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero + + + + + + + + + + CVE-2018-17234 on Ubuntu 20.04 (focal) - medium. + Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-20 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17234.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak + + + + + + + + + + CVE-2018-17237 on Ubuntu 20.04 (focal) - low. + A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-20 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17237.html + https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero + + + + + + + + + + CVE-2018-17281 on Ubuntu 20.04 (focal) - medium. + There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-24 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909554 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17281.html + https://downloads.asterisk.org/pub/security/AST-2018-009.html + https://issues.asterisk.org/jira/browse/ASTERISK-28013 + http://downloads.asterisk.org/pub/security/AST-2018-009.html + http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html + http://seclists.org/fulldisclosure/2018/Sep/31 + http://www.securitytracker.com/id/1041694 + https://seclists.org/bugtraq/2018/Sep/53 + + + + + + + + + + CVE-2018-17358 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-23 18:29:00 UTC + 2018-09-23 18:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23686 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17358.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-17359 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-23 18:29:00 UTC + 2018-09-23 18:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23686 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17359.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-17360 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-23 18:29:00 UTC + 2018-09-23 18:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23685 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17360.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-17432 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-24 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17432.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode + + + + + + + + + + CVE-2018-17433 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-24 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17433.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc + + + + + + + + + + CVE-2018-17434 on Ubuntu 20.04 (focal) - medium. + A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-24 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17434.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters + + + + + + + + + + CVE-2018-17435 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-24 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17435.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode + + + + + + + + + + CVE-2018-17436 on Ubuntu 20.04 (focal) - medium. + ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-24 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17436.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc + + + + + + + + + + CVE-2018-17437 on Ubuntu 20.04 (focal) - medium. + Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-24 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17437.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper + + + + + + + + + + CVE-2018-17438 on Ubuntu 20.04 (focal) - medium. + A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-24 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17438.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect + + + + + + + + + + CVE-2018-17439 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-24 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17439.html + https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims + + + + + + + + + + CVE-2018-17567 on Ubuntu 20.04 (focal) - medium. + Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-28 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17567.html + https://github.com/jekyll/jekyll/pull/7224 + https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/ + + + + + + + + + + CVE-2018-17580 on Ubuntu 20.04 (focal) - untriaged. + A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-09-28 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17580.html + https://github.com/appneta/tcpreplay/issues/485 + https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay + + + + + + + + + + CVE-2018-17582 on Ubuntu 20.04 (focal) - untriaged. + Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-09-28 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17582.html + https://github.com/appneta/tcpreplay/issues/484 + https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay + + + + + + + + + + CVE-2018-17613 on Ubuntu 20.04 (focal) - untriaged. + Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-09-28 10:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17613.html + https://seclists.org/oss-sec/2018/q3/280 + https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html + + + + + + + + + + CVE-2018-17780 on Ubuntu 20.04 (focal) - low. + Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-29 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17780.html + https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html + + + + + + + + + + CVE-2018-17794 on Ubuntu 20.04 (focal) - low. + An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-30 20:29:00 UTC + 2018-09-30 20:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17794.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + mdeslaur> same commit as CVE-2018-12697 to CVE-2018-12700 + + + + + + + + + CVE-2018-17828 on Ubuntu 20.04 (focal) - negligible. + Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-10-01 08:29:00 UTC + https://github.com/gdraheim/zziplib/issues/62 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17828.html + + + + mdeslaur> these tools aren't installed in the binary package mdeslaur> see upstream bug for patch to unzip-mem too + + + + + + + + + CVE-2018-17846 on Ubuntu 20.04 (focal) - low. + The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-01 08:29:00 UTC + https://github.com/golang/go/issues/27842 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17846.html + + + + + + + + + + CVE-2018-17883 on Ubuntu 20.04 (focal) - medium. + An attacker could send an email with a malicious link to an OTRS system or an agent. If a logged in agent opens this link, it could cause the execution of JavaScript in the context of OTRS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17883.html + https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/ + https://github.com/OTRS/otrs/commit/40bbcc261a77c2f4c0383658cd99c07d577179ce + + + + + + + + + + CVE-2018-17937 on Ubuntu 20.04 (focal) - medium. + gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-13 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17937.html + https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01 + + + + + + + + + + CVE-2018-17960 on Ubuntu 20.04 (focal) - untriaged. + CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-11-14 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17960.html + https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/ + https://ckeditor.com/cke4/release/CKEditor-4.11.0 + + + + + + + + + + CVE-2018-17967 on Ubuntu 20.04 (focal) - negligible. + ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-10-03 18:29:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1051 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17967.html + + + + mdeslaur> large backport + + + + + + + + + CVE-2018-17974 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-03 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17974.html + https://github.com/appneta/tcpreplay/issues/486 + https://github.com/SegfaultMasters/covering360/tree/master/tcpreplay + + + + + + + + + + CVE-2018-17977 on Ubuntu 20.04 (focal) - medium. + The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-08 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17977.html + https://www.openwall.com/lists/oss-security/2018/10/05/5 + https://bugzilla.suse.com/show_bug.cgi?id=1111609 + + + + sbeattie> reporter's detailed descriptions were in google drive documents which have been made unavailable. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-17983 on Ubuntu 20.04 (focal) - medium. + cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-04 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17983.html + https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901 + https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29 + + + + + + + + + + CVE-2018-17985 on Ubuntu 20.04 (focal) - low. + An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-04 23:29:00 UTC + 2018-10-04 23:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17985.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + mdeslaur> same commit as CVE-2018-12697 to CVE-2018-12700 + + + + + + + + + CVE-2018-18020 on Ubuntu 20.04 (focal) - low. + In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-06 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18020.html + https://github.com/qpdf/qpdf/issues/243 + + + + + + + + + + CVE-2018-18064 on Ubuntu 20.04 (focal) - low. + cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-08 18:29:00 UTC + https://gitlab.freedesktop.org/cairo/cairo/issues/341 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18064.html + + + + leosilva> as of 2020-11-26, no upstream fix + + + + + + + + + CVE-2018-18074 on Ubuntu 20.04 (focal) - medium. + The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 17:29:00 UTC + 2018-10-09 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18074.html + https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff + https://github.com/requests/requests/issues/4716 + https://github.com/requests/requests/pull/4718 + https://ubuntu.com/security/notices/USN-3790-1 + https://ubuntu.com/security/notices/USN-3790-2 + + + + sbeattie| python-pip needs to a no-change rebuild to pull in the python-requests update for the copy embedded in python-pip-whl + + + + + + + + + CVE-2018-18192 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18192.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + + + + + + + + + + CVE-2018-18193 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18193.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + + + + + + + + + + CVE-2018-18194 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18194.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + + + + + + + + + + CVE-2018-18195 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18195.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + + + + + + + + + + CVE-2018-18196 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18196.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + + + + + + + + + + CVE-2018-18197 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18197.html + https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + + + + + + + + + + CVE-2018-18245 on Ubuntu 20.04 (focal) - low. + Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 15:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917138 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18245.html + https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt + + + + + + + + + + CVE-2018-18246 on Ubuntu 20.04 (focal) - medium. + Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18246.html + https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt + + + + + + + + + + CVE-2018-18247 on Ubuntu 20.04 (focal) - medium. + Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18247.html + https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180029.txt + + + + + + + + + + CVE-2018-18248 on Ubuntu 20.04 (focal) - medium. + Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18248.html + https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txt + + + + + + + + + + CVE-2018-18249 on Ubuntu 20.04 (focal) - medium. + Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18249.html + https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt + + + + + + + + + + CVE-2018-18250 on Ubuntu 20.04 (focal) - medium. + Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18250.html + https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt + + + + + + + + + + CVE-2018-18309 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-15 02:29:00 UTC + 2018-10-15 02:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23770 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18309.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-18310 on Ubuntu 20.04 (focal) - low. + An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-15 02:29:00 UTC + 2018-10-14 + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=23752 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911083 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18310.html + https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html + https://ubuntu.com/security/notices/USN-4012-1 + + + + + + + + + + CVE-2018-18385 on Ubuntu 20.04 (focal) - medium. + Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-16 16:50:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18385.html + https://github.com/asciidoctor/asciidoctor/issues/2888 + + + + + + + + + + CVE-2018-18398 on Ubuntu 20.04 (focal) - medium. + Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-19 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18398.html + https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398/ + + + + + + + + + + CVE-2018-18407 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18407.html + https://github.com/appneta/tcpreplay/issues/488 + https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#user-content-heap-overflow-in-csum_replace4 + + + + + + + + + + CVE-2018-18408 on Ubuntu 20.04 (focal) - medium. + A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18408.html + https://github.com/appneta/tcpreplay/issues/489 + https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#use-after-free-in-post_args + + + + + + + + + + CVE-2018-18409 on Ubuntu 20.04 (focal) - medium. + A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call. It was discovered that tcpflow mishandled certain crafted input. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 04:29:00 UTC + 2018-10-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18409.html + https://github.com/simsong/tcpflow/issues/195 + https://ubuntu.com/security/notices/USN-3955-1 + + + + + + + + + + CVE-2018-18439 on Ubuntu 20.04 (focal) - negligible. + DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-11-20 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18439.html + https://www.openwall.com/lists/oss-security/2018/11/02/2 + + + + + + + + + + CVE-2018-18440 on Ubuntu 20.04 (focal) - negligible. + DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-11-20 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18440.html + https://www.openwall.com/lists/oss-security/2018/11/02/2 + + + + + + + + + + CVE-2018-18454 on Ubuntu 20.04 (focal) - medium. + CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18454.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication this affects poppler + + + + + + + + + + + + CVE-2018-18455 on Ubuntu 20.04 (focal) - medium. + The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18455.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication this affects poppler + + + + + + + + + + + + CVE-2018-18456 on Ubuntu 20.04 (focal) - medium. + The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18456.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication this affects poppler + + + + + + + + + + + + CVE-2018-18457 on Ubuntu 20.04 (focal) - medium. + The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18457.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication this affects poppler + + + + + + + + + + + + CVE-2018-18458 on Ubuntu 20.04 (focal) - medium. + The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18458.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication this affects poppler + + + + + + + + + + + + CVE-2018-18459 on Ubuntu 20.04 (focal) - medium. + The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18459.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication this affects poppler + + + + + + + + + + + + CVE-2018-18483 on Ubuntu 20.04 (focal) - low. + The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 21:29:00 UTC + 2018-10-18 21:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23767 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602 (dupe) + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83472 (dupe) + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79111 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18483.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + mdeslaur> same commit as CVE-2018-12934 + + + + + + + + + CVE-2018-18484 on Ubuntu 20.04 (focal) - low. + An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 21:29:00 UTC + 2018-10-18 21:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18484.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + mdeslaur> same commit as CVE-2018-12697 to CVE-2018-12700 + + + + + + + + + CVE-2018-18499 on Ubuntu 20.04 (focal) - medium. + A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 18:29:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18499.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-18499 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-18499 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-18499 + https://bugzilla.mozilla.org/show_bug.cgi?id=1468523 + https://www.mozilla.org/security/advisories/mfsa2018-20/ + https://www.mozilla.org/security/advisories/mfsa2018-21/ + https://www.mozilla.org/security/advisories/mfsa2018-25/ + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-18500 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 21:29:00 UTC + 2019-01-30 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18500.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18500 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18500 + https://ubuntu.com/security/notices/USN-3874-1 + https://ubuntu.com/security/notices/USN-3897-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-18501 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 21:29:00 UTC + 2019-01-30 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18501.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18501 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18501 + https://ubuntu.com/security/notices/USN-3874-1 + https://ubuntu.com/security/notices/USN-3897-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-18502 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 21:29:00 UTC + 2019-01-30 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18502.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18502 + https://ubuntu.com/security/notices/USN-3874-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-18503 on Ubuntu 20.04 (focal) - medium. + When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 21:29:00 UTC + 2019-01-30 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18503.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18503 + https://ubuntu.com/security/notices/USN-3874-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-18504 on Ubuntu 20.04 (focal) - medium. + A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 21:29:00 UTC + 2019-01-30 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18504.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18504 + https://ubuntu.com/security/notices/USN-3874-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-18505 on Ubuntu 20.04 (focal) - medium. + An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 21:29:00 UTC + 2019-01-30 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18505.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18505 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18505 + https://ubuntu.com/security/notices/USN-3874-1 + https://ubuntu.com/security/notices/USN-3897-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-18506 on Ubuntu 20.04 (focal) - medium. + When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 21:29:00 UTC + 2019-01-30 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18506.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18506 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2018-18506 + https://ubuntu.com/security/notices/USN-3874-1 + https://ubuntu.com/security/notices/USN-3927-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-18511 on Ubuntu 20.04 (focal) - medium. + Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2018-12-31 + chrisccoulson + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818180 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18511.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18511 + https://ubuntu.com/security/notices/USN-3896-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-18511 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-18520 on Ubuntu 20.04 (focal) - low. + An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-19 17:29:00 UTC + 2018-10-19 + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=23787 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911414 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18520.html + https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html + https://ubuntu.com/security/notices/USN-4012-1 + + + + + + + + + + CVE-2018-18521 on Ubuntu 20.04 (focal) - low. + Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-19 17:29:00 UTC + 2018-10-19 + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=23786 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911413 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18521.html + https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html + https://ubuntu.com/security/notices/USN-4012-1 + + + + + + + + + + CVE-2018-18541 on Ubuntu 20.04 (focal) - medium. + In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-20 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911487 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18541.html + https://www.teeworlds.com/forum/viewtopic.php?id=12544 + https://github.com/teeworlds/teeworlds/issues/1536 + https://github.com/teeworlds/teeworlds/commit/a263185571903ead01f6b351a91ea219ac9d215f + https://github.com/teeworlds/teeworlds/commit/aababc63eeeee1bc41672502ca6c7a1dd9f61d94 + https://github.com/teeworlds/teeworlds/commit/f5fa1a92ed81ed8da721e803a036b1553a38e39e + https://bugs.debian.org/911487 + https://teeworlds.com/?page=news&id=12544 + + + + + + + + + + CVE-2018-18584 on Ubuntu 20.04 (focal) - medium. + In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. It was discovered that cabextract incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause cabextract to crash, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-23 02:29:00 UTC + 2018-10-22 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911640 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18584.html + https://www.openwall.com/lists/oss-security/2018/10/22/1 + https://www.cabextract.org.uk/#changes + https://ubuntu.com/security/notices/USN-3814-1 + https://ubuntu.com/security/notices/USN-3814-2 + https://ubuntu.com/security/notices/USN-3814-3 + + + + amurray> We released clamav 0.100.2+dfsg-1ubuntu0.1X.04.2 for precise/esm amurray> and trusty, but subsequently were notified the bundled libmspack is amurray> not actually vulnerable in this case, as the version of libmspack amurray> provided had increased the CAB_BLOCKMAX macro to 65535, meaning that amurray> CAB_INPUTMAX is now 71679, which is impossible to encode in the amurray> 16-bit cfdata_CompressedSize field of a single block. + + + + + + + + + CVE-2018-18605 on Ubuntu 20.04 (focal) - low. + A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-23 17:29:00 UTC + 2018-10-23 17:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23804 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18605.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-18606 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-23 17:29:00 UTC + 2018-10-23 17:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23806 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18606.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-18607 on Ubuntu 20.04 (focal) - low. + An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-23 17:29:00 UTC + 2018-10-23 17:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23805 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18607.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-18650 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-25 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18650.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication this affects poppler + + + + + + + + + + + + CVE-2018-18651 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-25 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18651.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41219&p=41747#p41747 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication this affects poppler + + + + + + + + + + + + CVE-2018-18655 on Ubuntu 20.04 (focal) - medium. + Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-26 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911842 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18655.html + https://bugs.debian.org/911842 + https://telescoper.wordpress.com/2018/10/18/a-breakthrough-for-a-bigot/#comment-339386 + + + + + + + + + + CVE-2018-18662 on Ubuntu 20.04 (focal) - low. + There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-26 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18662.html + https://bugs.ghostscript.com/show_bug.cgi?id=700043 + https://github.com/TeamSeri0us/pocs/tree/master/mupdf + + + + + + + + + + CVE-2018-18700 on Ubuntu 20.04 (focal) - low. + An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-29 12:29:00 UTC + 2018-10-29 12:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18700.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + mdeslaur> same commit as CVE-2018-12697 to CVE-2018-12700 + + + + + + + + + CVE-2018-18701 on Ubuntu 20.04 (focal) - low. + An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-29 12:29:00 UTC + 2018-10-29 12:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18701.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + mdeslaur> same commit as CVE-2018-12697 to CVE-2018-12700 + + + + + + + + + CVE-2018-18718 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-29 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18718.html + https://gitlab.gnome.org/GNOME/gthumb/issues/18 + + + + + + + + + + CVE-2018-18764 on Ubuntu 20.04 (focal) - medium. + An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-29 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18764.html + + + + + + + + + + CVE-2018-18778 on Ubuntu 20.04 (focal) - high. + ACME mini_httpd before 1.30 lets remote users read arbitrary files. It was discovered that ACME mini_httpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files. + + Ubuntu 20.04 + + + + High + Copyright (C) 2018 Canonical Ltd. + 2018-10-29 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18778.html + http://www.acme.com/software/mini_httpd/ + + + + + + + + + + CVE-2018-18826 on Ubuntu 20.04 (focal) - medium. + There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-30 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18826.html + https://bugzilla.libav.org/show_bug.cgi?id=1135 + + + + + + + + + + + + + + CVE-2018-18827 on Ubuntu 20.04 (focal) - medium. + There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-30 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18827.html + https://bugzilla.libav.org/show_bug.cgi?id=1135 + + + + + + + + + + + + + + CVE-2018-18828 on Ubuntu 20.04 (focal) - medium. + There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-30 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18828.html + https://bugzilla.libav.org/show_bug.cgi?id=1135 + + + + + + + + + + + + + + CVE-2018-18829 on Ubuntu 20.04 (focal) - medium. + There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-30 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18829.html + https://bugzilla.libav.org/show_bug.cgi?id=1136 + + + + ebarretto> No fix available as of 2019-03-01 + + + + + + + + + + + + + CVE-2018-18836 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-18 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18836.html + https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L388 + https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L403 + https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca + https://github.com/netdata/netdata/pull/4521 + https://www.red4sec.com/cve/netdata_json_injection.txt + + + + + + + + + + CVE-2018-18837 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-18 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18837.html + https://github.com/netdata/netdata/blob/798c141c49ee85bddc8f48f25d2cb593ec96da07/web/api/web_api_v1.c#L367-L370 + https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca + https://github.com/netdata/netdata/pull/4521 + https://www.red4sec.com/cve/netdata_header_injection.txt + + + + + + + + + + CVE-2018-18838 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-18 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18838.html + https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca + https://github.com/netdata/netdata/pull/4521 + https://www.red4sec.com/cve/netdata_log_injection.txt + + + + + + + + + + CVE-2018-18839 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-18 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18839.html + https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca + https://github.com/netdata/netdata/pull/4521 + + + + + + + + + + CVE-2018-18883 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-01 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18883.html + https://xenbits.xen.org/xsa/advisory-278.txt + https://xenbits.xen.org/xsa/advisory-278.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-19044 on Ubuntu 20.04 (focal) - low. + keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-08 20:29:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1015141 + https://github.com/acassen/keepalived/issues/1048 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19044.html + + + + mdeslaur> xenial and earlier don't have dbus support + + + + + + + + + CVE-2018-19045 on Ubuntu 20.04 (focal) - low. + keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-08 20:29:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1015141 + https://github.com/acassen/keepalived/issues/1048 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19045.html + + + + mdeslaur> xenial and earlier don't have dbus support + + + + + + + + + CVE-2018-19046 on Ubuntu 20.04 (focal) - low. + keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-08 20:29:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1015141 + https://github.com/acassen/keepalived/issues/1048 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19046.html + + + + mdeslaur> xenial and earlier don't have dbus support + + + + + + + + + CVE-2018-19105 on Ubuntu 20.04 (focal) - medium. + LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-08 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19105.html + https://code610.blogspot.com/2018/11/crashing-librecad-213.html + + + + + + + + + + CVE-2018-19120 on Ubuntu 20.04 (focal) - untriaged. + The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-11-29 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913596 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913595 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19120.html + https://www.kde.org/info/security/advisory-20181012-1.txt + + + + + + + + + + CVE-2018-19142 on Ubuntu 20.04 (focal) - untriaged. + Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-11-11 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19142.html + https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2018-19143 on Ubuntu 20.04 (focal) - medium. + Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-11 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19143.html + https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2018-19198 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19198.html + https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b297f04e + https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog + + + + + + + + + + CVE-2018-19199 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19199.html + https://github.com/uriparser/uriparser/commit/f76275d4a91b28d687250525d3a0c5509bbd666f + https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog + + + + + + + + + + CVE-2018-19200 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19200.html + https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539 + https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog + + + + + + + + + + CVE-2018-19205 on Ubuntu 20.04 (focal) - untriaged. + Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19205.html + https://roundcube.net/news/2018/07/27/update-1.3.7-released + https://github.com/roundcube/roundcubemail/issues/6289 + https://github.com/roundcube/roundcubemail/commit/94da947855329c5062ec2a7098eb86fb675aac37 (release-1.3) + https://github.com/roundcube/roundcubemail/commit/2fa112bd836e5e144e270bda11c9fda1a66a22ae (master) + https://github.com/roundcube/roundcubemail/releases/tag/1.3.7 + + + + + + + + + + CVE-2018-19206 on Ubuntu 20.04 (focal) - medium. + steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19206.html + https://roundcube.net/news/2018/10/26/update-1.3.8-released + https://github.com/roundcube/roundcubemail/issues/6410 + https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059 (released-1.3) + https://github.com/roundcube/roundcubemail/commit/adcac3b9de2728c34c4d2b107e54823b6a7f6a5b (master) + https://github.com/roundcube/roundcubemail/releases/tag/1.3.8 + + + + + + + + + + CVE-2018-19208 on Ubuntu 20.04 (focal) - low. + In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1643752 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913702 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19208.html + + + + + + + + + + CVE-2018-19209 on Ubuntu 20.04 (focal) - negligible. + Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392522 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19209.html + + + + + + + + + + CVE-2018-19211 on Ubuntu 20.04 (focal) - low. + In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19211.html + https://bugzilla.redhat.com/show_bug.cgi?id=1643754 + + + + sbeattie> noted elsewhere that this is the same issue as CVE-2018-10754 + + + + + + + + + CVE-2018-19212 on Ubuntu 20.04 (focal) - low. + In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1644196 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19212.html + + + + + + + + + + CVE-2018-19213 on Ubuntu 20.04 (focal) - negligible. + Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392524 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19213.html + + + + mdeslaur> no fix as of 2019-04-25 + + + + + + + + + CVE-2018-19214 on Ubuntu 20.04 (focal) - negligible. + Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392521 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19214.html + + + + + + + + + + CVE-2018-19215 on Ubuntu 20.04 (focal) - negligible. + Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392525 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19215.html + + + + + + + + + + CVE-2018-19216 on Ubuntu 20.04 (focal) - low. + Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392425 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19216.html + + + + debian> Something is not correct about this CVE, the upstream bug is 3392425, but commit references 3392525, and the former is really fixed in 2.13.02 but the latter is unfixed in 2.13.02 and even 2.13.03. + + + + + + + + + CVE-2018-19217 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19217.html + https://bugzilla.redhat.com/show_bug.cgi?id=1643753 + https://lists.gnu.org/archive/html/bug-ncurses/2019-04/msg00020.html + + + + + + + + + + CVE-2018-19218 on Ubuntu 20.04 (focal) - untriaged. + In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19218.html + https://bugzilla.redhat.com/show_bug.cgi?id=1643758 + + + + pfsmorigo> as of 2019-10-04, It's still an open issue + + + + + + + + + CVE-2018-19219 on Ubuntu 20.04 (focal) - untriaged. + In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19219.html + https://bugzilla.redhat.com/show_bug.cgi?id=1643760 + + + + pfsmorigo> as of 2019-10-04, It's still an open issue + + + + + + + + + CVE-2018-19296 on Ubuntu 20.04 (focal) - medium. + PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-16 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19296.html + https://github.com/PHPMailer/PHPMailer/commit/f1231a9771505f4f34da060390d82eadb8448271 + https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27 + https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6 + + + + + + + + + + CVE-2018-19351 on Ubuntu 20.04 (focal) - medium. + Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-18 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19351.html + https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491 + https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst + https://groups.google.com/forum/#!topic/jupyter/hWzu2BSsplY + https://pypi.org/project/notebook/#history + + + + + + + + + + CVE-2018-19358 on Ubuntu 20.04 (focal) - low. + GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-18 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365 + https://gitlab.gnome.org/GNOME/gnome-keyring/issues/5 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19358.html + https://github.com/sungjungk/keyring_crack + https://www.youtube.com/watch?v=Do4E9ZQaPck + https://wiki.gnome.org/Projects/GnomeKeyring/SecurityFAQ + + + + msalvatore> Upstream may say this is by design. See upstream FAQ. + + + + + + + + + CVE-2018-19360 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19360.html + https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b + https://github.com/FasterXML/jackson-databind/issues/2186 + https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8 + https://issues.apache.org/jira/browse/TINKERPOP-2121 + + + + + + + + + + CVE-2018-19361 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19361.html + https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b + https://github.com/FasterXML/jackson-databind/issues/2186 + https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8 + https://issues.apache.org/jira/browse/TINKERPOP-2121 + + + + + + + + + + CVE-2018-19362 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19362.html + https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b + https://github.com/FasterXML/jackson-databind/issues/2186 + https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8 + https://issues.apache.org/jira/browse/TINKERPOP-2121 + + + + + + + + + + CVE-2018-19440 on Ubuntu 20.04 (focal) - medium. + ARM Trusted Firmware-A allows information disclosure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-30 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19440.html + https://github.com/ARM-software/arm-trusted-firmware/pull/1710 + https://github.com/ARM-software/arm-trusted-firmware/wiki/Trusted-Firmware-A-Security-Advisory-TFV-8 + + + + + + + + + + CVE-2018-19443 on Ubuntu 20.04 (focal) - medium. + The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-22 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19443.html + https://discuss.tryton.org/t/security-release-for-issue7792/830 + https://bugs.tryton.org/issue7792 + + + + + + + + + + CVE-2018-19490 on Ubuntu 20.04 (focal) - low. + An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-23 17:29:00 UTC + 2018-11-23 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19490.html + https://sourceforge.net/p/gnuplot/bugs/2093/ + https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ + https://ubuntu.com/security/notices/USN-4541-1 + + + + + + + + + + CVE-2018-19491 on Ubuntu 20.04 (focal) - low. + An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-23 17:29:00 UTC + 2018-11-23 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19491.html + https://sourceforge.net/p/gnuplot/bugs/2094/ + https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ + https://ubuntu.com/security/notices/USN-4541-1 + + + + + + + + + + CVE-2018-19492 on Ubuntu 20.04 (focal) - low. + An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-23 17:29:00 UTC + 2018-11-23 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19492.html + https://sourceforge.net/p/gnuplot/bugs/2089/ + https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ + https://ubuntu.com/security/notices/USN-4541-1 + + + + + + + + + + CVE-2018-19497 on Ubuntu 20.04 (focal) - medium. + In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-29 23:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914796 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19497.html + https://github.com/sleuthkit/sleuthkit/pull/1374 + + + + ebarretto> It looks like the versions in trusty and xenial are not ebarretto> affected. + + + + + + + + + CVE-2018-19502 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. It was discovered that Freeware Advanced Audio Decoder 2 incorrectly handled certain mp4 files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-23 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19502.html + https://sourceforge.net/p/faac/bugs/240/ + https://github.com/TeamSeri0us/pocs/tree/master/faad + + + + + + + + + + CVE-2018-19503 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-23 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19503.html + https://sourceforge.net/p/faac/bugs/240/ + https://github.com/TeamSeri0us/pocs/tree/master/faad + + + + + + + + + + CVE-2018-19504 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-23 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19504.html + https://sourceforge.net/p/faac/bugs/240/ + https://github.com/TeamSeri0us/pocs/tree/master/faad + + + + + + + + + + CVE-2018-19516 on Ubuntu 20.04 (focal) - medium. + messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-12 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915039 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19516.html + https://www.kde.org/info/security/advisory-20181128-1.txt + https://cgit.kde.org/messagelib.git/commit/?id=34765909cdf8e55402a8567b48fb288839c61612 + + + + + + + + + + CVE-2018-19518 on Ubuntu 20.04 (focal) - medium. + University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. It was discovered that UW IMAP incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-25 10:29:00 UTC + 2018-11-25 10:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914632 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913775 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913835 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913836 + https://bugs.launchpad.net/ubuntu/+source/php7.2/+bug/1803657 + https://bugs.php.net/bug.php?id=76428 + https://bugs.php.net/bug.php?id=77153 + https://bugs.php.net/bug.php?id=77160 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19518.html + https://www.openwall.com/lists/oss-security/2018/11/22/3 + https://antichat.com/threads/463395/#post-4254681 + https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php + https://ubuntu.com/security/notices/USN-4160-1 + + + + mdeslaur> php5 in precise and trusty doesn't build imap, it is in a mdeslaur> separate php-imap source package. msalvatore> uw-imap has been defunct since 2008. + + + + + + + + + CVE-2018-19532 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-26 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19532.html + https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-pdftranslatorsettarget-podofo-0-9-6/ + https://sourceforge.net/p/podofo/tickets/32/ + + + + + + + + + + CVE-2018-19565 on Ubuntu 20.04 (focal) - medium. + A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-26 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19565.html + https://seclists.org/oss-sec/2018/q4/165 + https://seclists.org/oss-sec/2018/q4/171 + + + + + + + + + + CVE-2018-19566 on Ubuntu 20.04 (focal) - medium. + A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-26 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19566.html + https://seclists.org/oss-sec/2018/q4/165 + https://seclists.org/oss-sec/2018/q4/171 + + + + + + + + + + CVE-2018-19567 on Ubuntu 20.04 (focal) - medium. + A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-26 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19567.html + https://seclists.org/oss-sec/2018/q4/165 + https://seclists.org/oss-sec/2018/q4/171 + + + + + + + + + + CVE-2018-19568 on Ubuntu 20.04 (focal) - medium. + A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-26 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19568.html + https://seclists.org/oss-sec/2018/q4/165 + https://seclists.org/oss-sec/2018/q4/171 + + + + + + + + + + CVE-2018-19608 on Ubuntu 20.04 (focal) - medium. + Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-05 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915796 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19608.html + http://cat.eyalro.net/ + https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released + https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03 + + + + + + + + + + CVE-2018-19653 on Ubuntu 20.04 (focal) - low. + HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-09 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19653.html + https://github.com/hashicorp/consul/pull/5069 + + + + + + + + + + CVE-2018-19655 on Ubuntu 20.04 (focal) - medium. + A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-29 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19655.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529 + + + + + + + + + + CVE-2018-19755 on Ubuntu 20.04 (focal) - negligible. + There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-11-30 03:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915087 + https://bugzilla.nasm.us/show_bug.cgi?id=3392528 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19755.html + + + + + + + + + + CVE-2018-19756 on Ubuntu 20.04 (focal) - medium. + There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-30 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19756.html + https://bugzilla.redhat.com/show_bug.cgi?id=1649198 + + + + + + + + + + CVE-2018-19757 on Ubuntu 20.04 (focal) - medium. + There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-30 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19757.html + https://bugzilla.redhat.com/show_bug.cgi?id=1649197 + + + + + + + + + + CVE-2018-19759 on Ubuntu 20.04 (focal) - medium. + There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-30 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19759.html + https://bugzilla.redhat.com/show_bug.cgi?id=1649202 + + + + + + + + + + CVE-2018-19761 on Ubuntu 20.04 (focal) - medium. + There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-30 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19761.html + https://bugzilla.redhat.com/show_bug.cgi?id=1649200 + + + + + + + + + + CVE-2018-19762 on Ubuntu 20.04 (focal) - medium. + There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-30 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19762.html + https://bugzilla.redhat.com/show_bug.cgi?id=1649199 + + + + + + + + + + CVE-2018-19763 on Ubuntu 20.04 (focal) - medium. + There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-30 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19763.html + https://bugzilla.redhat.com/show_bug.cgi?id=1649201 + + + + + + + + + + CVE-2018-19777 on Ubuntu 20.04 (focal) - medium. + In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-30 10:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19777.html + https://bugs.ghostscript.com/show_bug.cgi?id=700301 + + + + + + + + + + CVE-2018-19789 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-18 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19789.html + https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path + + + + + + + + + + CVE-2018-19790 on Ubuntu 20.04 (focal) - medium. + An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-18 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19790.html + https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http + + + + + + + + + + CVE-2018-19797 on Ubuntu 20.04 (focal) - medium. + In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-03 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19797.html + https://github.com/sass/libsass/issues/2779 + + + + pfsmorigo> the affected file is src/functions.cpp (not src/fn_utils.cpp) + + + + + + + + + CVE-2018-19800 on Ubuntu 20.04 (focal) - medium. + aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-07 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19800.html + https://github.com/aubio/aubio/blob/0.4.9/ChangeLog + + + + + + + + + + CVE-2018-19801 on Ubuntu 20.04 (focal) - medium. + aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-07 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19801.html + https://github.com/aubio/aubio/blob/0.4.9/ChangeLog + + + + + + + + + + CVE-2018-19802 on Ubuntu 20.04 (focal) - medium. + aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-07 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19802.html + https://github.com/aubio/aubio/blob/0.4.9/ChangeLog + + + + + + + + + + CVE-2018-19827 on Ubuntu 20.04 (focal) - medium. + In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-03 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19827.html + https://github.com/sass/libsass/issues/2782 + + + + + + + + + + CVE-2018-19837 on Ubuntu 20.04 (focal) - medium. + In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-04 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19837.html + https://github.com/sass/libsass/issues/2659 + + + + + + + + + + CVE-2018-19838 on Ubuntu 20.04 (focal) - medium. + In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-04 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19838.html + https://github.com/sass/libsass/issues/2660 + + + + + + + + + + CVE-2018-19839 on Ubuntu 20.04 (focal) - medium. + In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-04 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19839.html + https://github.com/sass/libsass/issues/2657 + https://github.com/sass/libsass/pull/2767 + + + + + + + + + + CVE-2018-19842 on Ubuntu 20.04 (focal) - medium. + getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-04 09:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19842.html + https://github.com/radare/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432 + https://github.com/radare/radare2/issues/12239 + + + + + + + + + + CVE-2018-19843 on Ubuntu 20.04 (focal) - medium. + opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-04 09:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19843.html + https://github.com/radare/radare2/commit/f17bfd9f1da05f30f23a4dd05e9d2363e1406948 + https://github.com/radare/radare2/issues/12242 + + + + + + + + + + CVE-2018-19857 on Ubuntu 20.04 (focal) - medium. + The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-05 11:29:00 UTC + 2018-12-05 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19857.html + https://dyntopia.com/advisories/013-vlc + https://ubuntu.com/security/notices/USN-4074-1 + + + + + + + + + + CVE-2018-19865 on Ubuntu 20.04 (focal) - low. + A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-05 11:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19865.html + http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ + https://codereview.qt-project.org/#/c/243666/ + https://codereview.qt-project.org/#/c/244569/ + https://codereview.qt-project.org/#/c/244687/ + https://codereview.qt-project.org/#/c/244845/ + https://codereview.qt-project.org/#/c/245283/ + https://codereview.qt-project.org/#/c/245293/ + https://codereview.qt-project.org/#/c/245312/ + https://codereview.qt-project.org/#/c/245638/ + https://codereview.qt-project.org/#/c/245640/ + https://codereview.qt-project.org/#/c/246630/ + + + + + + + + + + CVE-2018-19869 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-26 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19869.html + https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ + + + + + + + + + + CVE-2018-19871 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-26 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19871.html + https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ + https://codereview.qt-project.org/#/c/237761/ + + + + + + + + + + CVE-2018-19882 on Ubuntu 20.04 (focal) - negligible. + In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-12-06 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19882.html + https://bugs.ghostscript.com/show_bug.cgi?id=700342 + https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203 + + + + ebarretto> Negligable security impact, crash in CLI tool + + + + + + + + + CVE-2018-19886 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-06 00:29:00 UTC + Liu Zhu + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915763 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19886.html + https://github.com/knik0/faac/issues/23 + + + + + + + + + + CVE-2018-19887 on Ubuntu 20.04 (focal) - untriaged. + An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-12-06 00:29:00 UTC + Liu Zhu + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915763 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19887.html + https://github.com/knik0/faac/issues/21 + + + + + + + + + + CVE-2018-19888 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the HCB_ESC case. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-06 00:29:00 UTC + Liu Zhu + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915763 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19888.html + https://github.com/knik0/faac/issues/25 + + + + + + + + + + CVE-2018-19889 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 6 case. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-06 00:29:00 UTC + Liu Zhu + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915763 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19889.html + https://github.com/knik0/faac/issues/22 + + + + + + + + + + CVE-2018-19890 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 2 case. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-06 00:29:00 UTC + Liu Zhu + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915763 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19890.html + https://github.com/knik0/faac/issues/20 + + + + + + + + + + CVE-2018-19891 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 10 case. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-06 00:29:00 UTC + Liu Zhu + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915763 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19891.html + https://github.com/knik0/faac/issues/24 + + + + + + + + + + CVE-2018-19931 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 07:29:00 UTC + 2018-12-07 07:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23942 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19931.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-19932 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 07:29:00 UTC + 2018-12-07 07:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23932 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19932.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-19960 on Ubuntu 20.04 (focal) - medium. + The debug_mode function in web/web.py in OnionShare through 1.3.1, when logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915859 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19960.html + https://bugs.debian.org/915859 + + + + + + + + + + CVE-2018-19961 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-08 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19961.html + https://xenbits.xen.org/xsa/advisory-275.txt + https://xenbits.xen.org/xsa/advisory-275.html + + + + + + + + + + CVE-2018-19962 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-08 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19962.html + https://xenbits.xen.org/xsa/advisory-275.txt + https://xenbits.xen.org/xsa/advisory-275.html + + + + + + + + + + CVE-2018-19965 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-08 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19965.html + https://xenbits.xen.org/xsa/advisory-279.txt + https://xenbits.xen.org/xsa/advisory-279.html + + + + + + + + + + CVE-2018-19966 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-08 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19966.html + https://xenbits.xen.org/xsa/advisory-280.txt + https://xenbits.xen.org/xsa/advisory-280.html + + + + + + + + + + CVE-2018-19967 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-08 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19967.html + https://xenbits.xen.org/xsa/advisory-282.txt + https://xenbits.xen.org/xsa/advisory-282.html + + + + + + + + + + CVE-2018-19968 on Ubuntu 20.04 (focal) - medium. + An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-11 17:29:00 UTC + 2018-12-11 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19968.html + https://www.phpmyadmin.net/security/PMASA-2018-6/ + https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732 + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2018-19969 on Ubuntu 20.04 (focal) - medium. + phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-11 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19969.html + https://www.phpmyadmin.net/security/PMASA-2018-7/ + + + + ebarretto> According to Debian ebarretto> Upstream explicitly fixed only the 4.7/4.8 branch but the problem ebarretto> exists in earlier versions as well. At least parts of the listed ebarretto> commits are needed. + + + + + + + + + CVE-2018-19970 on Ubuntu 20.04 (focal) - medium. + In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this for an XSS attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-11 17:29:00 UTC + 2018-12-11 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19970.html + https://www.phpmyadmin.net/security/PMASA-2018-8/ + https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2018-19974 on Ubuntu 20.04 (focal) - medium. + In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19974.html + https://github.com/VirusTotal/yara/issues/999 + https://bnbdr.github.io/posts/extracheese/ + https://github.com/bnbdr/swisscheese/ + + + + + + + + + + CVE-2018-19975 on Ubuntu 20.04 (focal) - medium. + In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19975.html + https://github.com/VirusTotal/yara/issues/999 + https://bnbdr.github.io/posts/extracheese/ + https://github.com/bnbdr/swisscheese/ + + + + + + + + + + CVE-2018-19976 on Ubuntu 20.04 (focal) - low. + In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19976.html + https://github.com/VirusTotal/yara/issues/999 + https://bnbdr.github.io/posts/extracheese/ + https://github.com/bnbdr/swisscheese/ + + + + + + + + + + CVE-2018-1999010 on Ubuntu 20.04 (focal) - medium. + FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1999010.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version + + + + + + + + + + + + + + CVE-2018-1999011 on Ubuntu 20.04 (focal) - medium. + FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1999011.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version ebarretto> According to upstream FFmpeg: ebarretto> Code does not exist in 2.8 + + + + + + + + + + + + + + CVE-2018-1999012 on Ubuntu 20.04 (focal) - medium. + FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1999012.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version + + + + + + + + + + + + + + + CVE-2018-1999013 on Ubuntu 20.04 (focal) - medium. + FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1999013.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version + + + + + + + + + + + + + + CVE-2018-1999014 on Ubuntu 20.04 (focal) - medium. + FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1999014.html + + + + mdeslaur> marking chromium-browser as ignored, since we do full-version mdeslaur> updates, and rely on upstream's bundled ffmpeg version + + + + + + + + + + + + + + + CVE-2018-1999015 on Ubuntu 20.04 (focal) - medium. + FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1999015.html + https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32a + + + + + + + + + + + + + CVE-2018-1999022 on Ubuntu 20.04 (focal) - medium. + PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1999022.html + http://blog.pear.php.net/2018/07/19/security-vulnerability-announcement-html_quickform/ + https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform + + + + + + + + + + CVE-2018-1999023 on Ubuntu 20.04 (focal) - medium. + The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1999023.html + https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380 + + + + + + + + + + CVE-2018-1999024 on Ubuntu 20.04 (focal) - low. + MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-23 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1999024.html + https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html + https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1 + + + + + + + + + + CVE-2018-20002 on Ubuntu 20.04 (focal) - low. + The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-10 02:29:00 UTC + 2018-12-10 02:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23952 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20002.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-20004 on Ubuntu 20.04 (focal) - medium. + An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-10 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20004.html + https://github.com/michaelrsweet/mxml/issues/233 + https://github.com/fouzhe/security/tree/master/mxml#stack-buffer-overflow-in-function-mxml_write_node + + + + + + + + + + CVE-2018-20005 on Ubuntu 20.04 (focal) - medium. + An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-10 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20005.html + https://github.com/michaelrsweet/mxml/issues/234 + https://github.com/fouzhe/security/tree/master/mxml#heap-use-after-free-in-function-mxmlwalknext + + + + + + + + + + CVE-2018-20020 on Ubuntu 20.04 (focal) - medium. + LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-19 16:29:00 UTC + 2018-12-19 + mdeslaur + https://github.com/LibVNC/libvncserver/issues/250 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20020.html + https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/ + https://ubuntu.com/security/notices/USN-3877-1 + https://ubuntu.com/security/notices/USN-4547-1 + https://ubuntu.com/security/notices/USN-4547-2 + https://ubuntu.com/security/notices/USN-4587-1 + + + + + + + + + + + + + + CVE-2018-20021 on Ubuntu 20.04 (focal) - medium. + LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-19 16:29:00 UTC + 2018-12-19 + mdeslaur + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941 + https://github.com/LibVNC/libvncserver/issues/251 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20021.html + https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/ + https://ubuntu.com/security/notices/USN-3877-1 + https://ubuntu.com/security/notices/USN-4547-1 + https://ubuntu.com/security/notices/USN-4547-2 + https://ubuntu.com/security/notices/USN-4587-1 + + + + + + + + + + + + + + CVE-2018-20022 on Ubuntu 20.04 (focal) - medium. + LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-19 16:29:00 UTC + 2018-12-19 + mdeslaur + https://github.com/LibVNC/libvncserver/issues/252 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20022.html + https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/ + https://ubuntu.com/security/notices/USN-3877-1 + https://ubuntu.com/security/notices/USN-4547-1 + https://ubuntu.com/security/notices/USN-4547-2 + https://ubuntu.com/security/notices/USN-4587-1 + + + + + + + + + + + + + + CVE-2018-20024 on Ubuntu 20.04 (focal) - medium. + LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-19 16:29:00 UTC + 2018-12-19 + mdeslaur + https://github.com/LibVNC/libvncserver/issues/254 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20024.html + https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/ + https://ubuntu.com/security/notices/USN-3877-1 + https://ubuntu.com/security/notices/USN-4547-1 + https://ubuntu.com/security/notices/USN-4547-2 + https://ubuntu.com/security/notices/USN-4587-1 + + + + + + + + + + + + + CVE-2018-20060 on Ubuntu 20.04 (focal) - low. + urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-11 17:29:00 UTC + 2018-12-11 + mdeslaur + https://github.com/urllib3/urllib3/issues/1316 + https://bugzilla.redhat.com/show_bug.cgi?id=1649153 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20060.html + https://github.com/urllib3/urllib3/blob/master/CHANGES.rst + https://ubuntu.com/security/notices/USN-3990-1 + + + + + + + + + + CVE-2018-20147 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-14 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20147.html + https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/ + + + + + + + + + + CVE-2018-20148 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-14 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20148.html + https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/ + + + + + + + + + + CVE-2018-20149 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-14 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20149.html + https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/ + https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a + + + + + + + + + + CVE-2018-20150 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-14 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20150.html + https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/ + https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460 + + + + + + + + + + CVE-2018-20152 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-14 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20152.html + https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/ + + + + + + + + + + CVE-2018-20153 on Ubuntu 20.04 (focal) - medium. + In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-14 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916403 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20153.html + https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/ + + + + + + + + + + CVE-2018-20167 on Ubuntu 20.04 (focal) - medium. + Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916630 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20167.html + https://phab.enlightenment.org/T7504 + https://git.enlightenment.org/apps/terminology.git/commit/?id=1ac204da9148e7bccb1b5f34b523e2094dfc39e2 + https://phab.enlightenment.org/rTRM1ac204da9148e7bccb1b5f34b523e2094dfc39e2 + https://www.enlightenment.org/news/2018-12-16-terminology-1.3.1 + + + + + + + + + + CVE-2018-20174 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-15 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20174.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-20175 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-15 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20175.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-20176 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-15 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20176.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-20177 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-15 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20177.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-20178 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-15 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20178.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-20179 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-15 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20179.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-20180 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-15 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20180.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-20181 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-15 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20181.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-20182 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-15 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20182.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-20184 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 19:29:00 UTC + 2018-12-17 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916721 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20184.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b + https://sourceforge.net/p/graphicsmagick/bugs/583/ + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2018-20185 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 19:29:00 UTC + 2018-12-17 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916719 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20185.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293 + https://sourceforge.net/p/graphicsmagick/bugs/582/ + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2018-20187 on Ubuntu 20.04 (focal) - medium. + A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-08 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918732 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20187.html + https://github.com/randombit/botan/pull/1792 + https://github.com/randombit/botan/commit/70aa7303acfff9eefc24598c289a84db3579ebd1 + + + + + + + + + + CVE-2018-20189 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 20:29:00 UTC + 2018-12-17 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20189.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589 + https://sourceforge.net/p/graphicsmagick/bugs/585/ + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2018-20190 on Ubuntu 20.04 (focal) - medium. + In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-17 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20190.html + https://github.com/sass/libsass/issues/2786 + + + + + + + + + + CVE-2018-20194 on Ubuntu 20.04 (focal) - medium. + There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case. It was discovered that Freeware Advanced Audio Decoder 2 incorrectly validated user input when processing crafted AAC files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-18 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20194.html + https://github.com/knik0/faad2/issues/21 + + + + + + + + + + CVE-2018-20195 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-18 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20195.html + https://github.com/knik0/faad2/issues/25 + + + + + + + + + + CVE-2018-20196 on Ubuntu 20.04 (focal) - medium. + There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled. It was discovered that Freeware Advanced Audio Decoder 2 incorrectly handled certain mp4 files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-18 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20196.html + https://github.com/knik0/faad2/issues/19 + + + + + + + + + + CVE-2018-20197 on Ubuntu 20.04 (focal) - medium. + There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case. It was discovered that Freeware Advanced Audio Decoder 2 incorrectly validated user input when processing crafted AAC files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-18 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20197.html + https://github.com/knik0/faad2/issues/20 + + + + danielwang> very similar to CVE-2018-20194, same fix: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c + + + + + + + + + CVE-2018-20198 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case. It was discovered that Freeware Advanced Audio Decoder 2 incorrectly handled implicit channel mapping reconfiguration when processing crafted AAC files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-18 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20198.html + https://github.com/knik0/faad2/issues/23 + + + + danielwang> same underlying issue as CVE-2018-20362, same fix + + + + + + + + + CVE-2018-20199 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case. It was discovered that Freeware Advanced Audio Decoder 2 incorrectly handled certain mp4 files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-18 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20199.html + https://github.com/knik0/faad2/issues/24 + + + + + + + + + + CVE-2018-20200 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-18 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20200.html + https://github.com/square/okhttp/issues/4967 + https://cxsecurity.com/issue/WLB-2018120252 + https://github.com/square/okhttp/commits/master + https://github.com/square/okhttp/releases + https://square.github.io/okhttp/3.x/okhttp/ + + + + + + + + + + CVE-2018-20217 on Ubuntu 20.04 (focal) - medium. + A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-26 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917387 + http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20217.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/ + + + + + + + + + + CVE-2018-20337 on Ubuntu 20.04 (focal) - low. + There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-21 09:29:00 UTC + 2018-12-21 + mdeslaur + https://github.com/LibRaw/LibRaw/issues/192 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917080 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20337.html + https://ubuntu.com/security/notices/USN-3989-1 + + + + + + + + + + + + + + + + + CVE-2018-20340 on Ubuntu 20.04 (focal) - medium. + Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:00:00 UTC + sbeattie + Christian Reitter + 2019-02-08 11:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/libu2f-host/+bug/1814153 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20340.html + + + + sbeattie> requires libpam-u2f setup or other yubikey based software applications. Browser U2F implmentations are NOT affected. + + + + + + + + + CVE-2018-20348 on Ubuntu 20.04 (focal) - medium. + libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20348.html + https://github.com/libyal/libpff/issues/48 + + + + + + + + + + CVE-2018-20357 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20357.html + https://github.com/knik0/faad2/issues/28 + + + + + + + + + + CVE-2018-20358 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20358.html + https://github.com/knik0/faad2/issues/31 + + + + + + + + + + CVE-2018-20359 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20359.html + https://github.com/knik0/faad2/issues/29 + + + + + + + + + + CVE-2018-20360 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. It was discovered that Freeware Advanced Audio Decoder 2 incorrectly handled certain mp4 files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20360.html + https://github.com/knik0/faad2/issues/32 + + + + + + + + + + CVE-2018-20361 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20361.html + https://github.com/knik0/faad2/issues/30 + + + + + + + + + + CVE-2018-20362 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case. It was discovered that Freeware Advanced Audio Decoder 2 incorrectly handled implicit channel mapping reconfiguration when processing crafted AAC files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20362.html + https://github.com/knik0/faad2/issues/26 + + + + + + + + + + CVE-2018-20363 on Ubuntu 20.04 (focal) - low. + LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 17:29:00 UTC + 2018-12-22 + mdeslaur + https://github.com/LibRaw/LibRaw/issues/193 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917113 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20363.html + https://ubuntu.com/security/notices/USN-3989-1 + + + + mdeslaur> debian says https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7 mdeslaur> is also needed + + + + + + + + + + + + + + + + CVE-2018-20364 on Ubuntu 20.04 (focal) - low. + LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 17:29:00 UTC + 2018-12-22 + mdeslaur + https://github.com/LibRaw/LibRaw/issues/194 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917112 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20364.html + https://ubuntu.com/security/notices/USN-3989-1 + + + + + + + + + + + + + + + + + CVE-2018-20365 on Ubuntu 20.04 (focal) - low. + LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 17:29:00 UTC + 2018-12-22 + mdeslaur + https://github.com/LibRaw/LibRaw/issues/195 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917111 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20365.html + https://ubuntu.com/security/notices/USN-3989-1 + + + + + + + + + + + + + + + + + CVE-2018-20374 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-23 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20374.html + https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00015.html + + + + + + + + + + CVE-2018-20375 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-23 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20375.html + https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00014.html + + + + + + + + + + CVE-2018-20376 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-23 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20376.html + https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00013.html + + + + + + + + + + CVE-2018-20406 on Ubuntu 20.04 (focal) - low. + Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-23 23:29:00 UTC + 2018-12-23 + https://bugs.python.org/issue34656 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20406.html + https://python-security.readthedocs.io/vuln/pickle-load-dos.html + https://ubuntu.com/security/notices/USN-4127-1 + https://ubuntu.com/security/notices/USN-4127-2 + + + + mdeslaur> bug says 2.7 is not affected + + + + + + + + + CVE-2018-20430 on Ubuntu 20.04 (focal) - medium. + GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. It was discovered that Libextractor incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-24 05:29:00 UTC + 2018-12-24 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917214 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20430.html + https://gnunet.org/bugs/view.php?id=5493 + https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110 + https://gnunet.org/git/libextractor.git/tree/ChangeLog + https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2018-20431 on Ubuntu 20.04 (focal) - medium. + GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. It was discovered that Libextractor incorrectly handled metadata. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-24 05:29:00 UTC + 2018-12-24 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917213 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20431.html + https://gnunet.org/bugs/view.php?id=5494 + https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7 + https://gnunet.org/git/libextractor.git/tree/ChangeLog + https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2018-20450 on Ubuntu 20.04 (focal) - low. + The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20450.html + https://github.com/evanmiller/libxls/issues/34 + + + + + + + + + + CVE-2018-20451 on Ubuntu 20.04 (focal) - low. + The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20451.html + https://github.com/uvoteam/libdoc/issues/2 + + + + + + + + + + CVE-2018-20452 on Ubuntu 20.04 (focal) - medium. + The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20452.html + https://github.com/evanmiller/libxls/issues/35 + + + + + + + + + + CVE-2018-20453 on Ubuntu 20.04 (focal) - low. + The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20453.html + https://github.com/uvoteam/libdoc/issues/1 + + + + + + + + + + CVE-2018-20455 on Ubuntu 20.04 (focal) - medium. + In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20455.html + https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185 + https://github.com/radare/radare2/issues/12373 + + + + + + + + + + CVE-2018-20456 on Ubuntu 20.04 (focal) - medium. + In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20456.html + https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185 + https://github.com/radare/radare2/issues/12372 + + + + + + + + + + CVE-2018-20457 on Ubuntu 20.04 (focal) - medium. + In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20457.html + https://github.com/radare/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7 + https://github.com/radare/radare2/issues/12417 + https://github.com/devnexen/radare2/commit/88a8adf080a9f8ed5a4250a2507752e133ba54dd + + + + + + + + + + CVE-2018-20458 on Ubuntu 20.04 (focal) - medium. + In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20458.html + https://github.com/radare/radare2/commit/30f4c7b52a4e2dc0d0b1bae487d90f5437c69d19 + https://github.com/radare/radare2/issues/12374 + https://github.com/radare/radare2/commit/4e98402f09a0ef0bb8559a33a4c1988c54938eaf + + + + + + + + + + CVE-2018-20459 on Ubuntu 20.04 (focal) - medium. + In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917322 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20459.html + https://github.com/radare/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7 + https://github.com/radare/radare2/issues/12418 + https://github.com/devnexen/radare2/commit/88a8adf080a9f8ed5a4250a2507752e133ba54dd + + + + + + + + + + CVE-2018-20460 on Ubuntu 20.04 (focal) - medium. + In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20460.html + https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf + https://github.com/radare/radare2/issues/12376 + + + + + + + + + + CVE-2018-20461 on Ubuntu 20.04 (focal) - medium. + In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-25 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20461.html + https://github.com/radare/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267 + https://github.com/radare/radare2/issues/12375 + + + + + + + + + + CVE-2018-20532 on Ubuntu 20.04 (focal) - medium. + There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. It was discovered that libsolv incorrectly handled certain malformed input. An attacker could use this issue to cause libsolv to crash, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-28 16:29:00 UTC + 2018-12-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20532.html + https://bugzilla.redhat.com/show_bug.cgi?id=1652605 + https://github.com/openSUSE/libsolv/pull/291 + https://ubuntu.com/security/notices/USN-3916-1 + + + + + + + + + + CVE-2018-20533 on Ubuntu 20.04 (focal) - medium. + There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. It was discovered that libsolv incorrectly handled certain malformed input. An attacker could use this issue to cause libsolv to crash, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-28 16:29:00 UTC + 2018-12-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20533.html + https://bugzilla.redhat.com/show_bug.cgi?id=1652599 + https://github.com/openSUSE/libsolv/pull/291 + https://ubuntu.com/security/notices/USN-3916-1 + + + + + + + + + + CVE-2018-20534 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application. It was discovered that libsolv incorrectly handled certain malformed input. An attacker could use this issue to cause libsolv to crash, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-28 16:29:00 UTC + 2018-12-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20534.html + https://bugzilla.redhat.com/show_bug.cgi?id=1652604 + https://github.com/openSUSE/libsolv/pull/291 + https://ubuntu.com/security/notices/USN-3916-1 + + + + + + + + + + CVE-2018-20535 on Ubuntu 20.04 (focal) - low. + There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-28 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918270 + https://bugzilla.nasm.us/show_bug.cgi?id=3392530 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20535.html + + + + mdeslaur> no fix as of 2019-04-25 + + + + + + + + + CVE-2018-20538 on Ubuntu 20.04 (focal) - low. + There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-28 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918269 + https://bugzilla.nasm.us/show_bug.cgi?id=3392531 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20538.html + + + + mdeslaur> no fix as of 2019-04-25 + + + + + + + + + CVE-2018-20552 on Ubuntu 20.04 (focal) - low. + Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-28 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917574 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20552.html + https://github.com/appneta/tcpreplay/issues/530 + https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2 + + + + + + + + + + CVE-2018-20553 on Ubuntu 20.04 (focal) - low. + Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len in common/get.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-28 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917574 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20553.html + https://github.com/appneta/tcpreplay/issues/530 + https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2 + + + + + + + + + + CVE-2018-20573 on Ubuntu 20.04 (focal) - low. + The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-28 16:29:00 UTC + https://github.com/jbeder/yaml-cpp/issues/655 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918148 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918147 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20573.html + + + + + + + + + + CVE-2018-20574 on Ubuntu 20.04 (focal) - low. + The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-28 16:29:00 UTC + https://github.com/jbeder/yaml-cpp/issues/654 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918146 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918145 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20574.html + + + + mdeslaur> same commit as CVE-2018-20573 + + + + + + + + + CVE-2018-20592 on Ubuntu 20.04 (focal) - medium. + In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-30 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20592.html + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err (error output) + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err (error output) + https://github.com/michaelrsweet/mxml/issues/237 + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err + + + + + + + + + + CVE-2018-20593 on Ubuntu 20.04 (focal) - medium. + In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-30 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20593.html + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err (error output) + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err (error output) + https://github.com/michaelrsweet/mxml/issues/237 + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err + https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err + + + + + + + + + + CVE-2018-20623 on Ubuntu 20.04 (focal) - low. + In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-31 19:29:00 UTC + 2018-12-31 19:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24049 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20623.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + mdeslaur> need to validate correct commit, see bug + + + + + + + + + CVE-2018-20657 on Ubuntu 20.04 (focal) - negligible. + The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 14:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20657.html + + + + mdeslaur> 10-byte memleak, not considered important to be fixed by mdeslaur> upstream, so no patch is available as of 2020-10-19 + + + + + + + + + CVE-2018-20671 on Ubuntu 20.04 (focal) - low. + load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-04 16:29:00 UTC + 2019-01-04 16:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24005 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20671.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-20673 on Ubuntu 20.04 (focal) - low. + The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-04 18:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24039 + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88783 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20673.html + + + + mdeslaur> code was removed in 2.32, see bug for more info + + + + + + + + + CVE-2018-20676 on Ubuntu 20.04 (focal) - low. + In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-09 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20676.html + https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ + https://github.com/twbs/bootstrap/issues/27044 + https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906 + https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628 + https://github.com/twbs/bootstrap/pull/27047 + + + + + + + + + + + + + CVE-2018-20677 on Ubuntu 20.04 (focal) - low. + In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-09 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20677.html + https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ + https://github.com/twbs/bootstrap/issues/27045 + https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906 + https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628 + https://github.com/twbs/bootstrap/pull/27047 + + + + + + + + + + + + + CVE-2018-20683 on Ubuntu 20.04 (focal) - medium. + commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-10 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918849 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20683.html + https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae + https://groups.google.com/forum/#!topic/gitolite-announce/6xbjjmpLePQ + https://bugs.debian.org/918849 + https://github.com/sitaramc/gitolite/blob/master/CHANGELOG + + + + + + + + + + CVE-2018-20685 on Ubuntu 20.04 (focal) - medium. + In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-10 21:29:00 UTC + 2019-01-10 + mdeslaur + Harry Sintonen + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919101 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20685.html + https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt + https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037459.html + https://ubuntu.com/security/notices/USN-3885-1 + + + + seth-arnold> openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. mdeslaur> mdeslaur> The recommended workaround for this issue is to switch to using mdeslaur> sftp instead of scp. + + + + + + + + + + + + CVE-2018-20721 on Ubuntu 20.04 (focal) - medium. + URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. It was discovered that uriparser incorrectly handled certain URIs. An attacker could use this vulnerability to cause a crash or possibly leak sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20721.html + https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4 + https://github.com/uriparser/uriparser/blob/master/ChangeLog + + + + + + + + + + CVE-2018-20723 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20723.html + https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d + https://github.com/Cacti/cacti/issues/2215 + https://github.com/Cacti/cacti/blob/develop/CHANGELOG + + + + + + + + + + CVE-2018-20724 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20724.html + https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53 + https://github.com/Cacti/cacti/issues/2212 + https://github.com/Cacti/cacti/blob/develop/CHANGELOG + + + + + + + + + + CVE-2018-20725 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20725.html + https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d + https://github.com/Cacti/cacti/issues/2214 + https://github.com/Cacti/cacti/blob/develop/CHANGELOG + + + + + + + + + + CVE-2018-20726 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20726.html + https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d + https://github.com/Cacti/cacti/issues/2213 + https://github.com/Cacti/cacti/blob/develop/CHANGELOG + + + + + + + + + + CVE-2018-20743 on Ubuntu 20.04 (focal) - medium. + murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-25 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919249 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20743.html + https://github.com/mumble-voip/mumble/issues/3505 + https://github.com/mumble-voip/mumble/pull/3510 + https://github.com/mumble-voip/mumble/pull/3512 + https://bugs.debian.org/919249 + + + + + + + + + + CVE-2018-20748 on Ubuntu 20.04 (focal) - medium. + LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-30 18:29:00 UTC + 2019-01-30 + mdeslaur + https://github.com/LibVNC/libvncserver/issues/273 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20748.html + https://ubuntu.com/security/notices/USN-3877-1 + https://ubuntu.com/security/notices/USN-4547-1 + https://ubuntu.com/security/notices/USN-4587-1 + + + + mdeslaur> Further fixes for CVE-2018-20019 + + + + + + + + + + + + CVE-2018-20751 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20751.html + https://sourceforge.net/p/podofo/tickets/33/ + https://sourceforge.net/p/podofo/code/1954 + https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6/ + + + + + + + + + + CVE-2018-20752 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20752.html + https://bitbucket.org/LaNMaSteR53/recon-ng/issues/285/csv-injection-vulnerability-identified-in + https://bitbucket.org/LaNMaSteR53/recon-ng/commits/41e96fd58891439974fb0c920b349f8926c71d4c#chg-modules/reporting/csv.py + + + + + + + + + + CVE-2018-20760 on Ubuntu 20.04 (focal) - medium. + In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-06 23:29:00 UTC + 2019-02-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20760.html + https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d + https://github.com/gpac/gpac/issues/1177 + https://ubuntu.com/security/notices/USN-3926-1 + + + + + + + + + + CVE-2018-20761 on Ubuntu 20.04 (focal) - medium. + GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-06 23:29:00 UTC + 2019-02-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20761.html + https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658 + https://github.com/gpac/gpac/issues/1186 + https://ubuntu.com/security/notices/USN-3926-1 + + + + + + + + + + CVE-2018-20762 on Ubuntu 20.04 (focal) - medium. + GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-06 23:29:00 UTC + 2019-02-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20762.html + https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658 + https://github.com/gpac/gpac/issues/1187 + https://ubuntu.com/security/notices/USN-3926-1 + + + + + + + + + + CVE-2018-20763 on Ubuntu 20.04 (focal) - medium. + In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-06 23:29:00 UTC + 2019-02-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20763.html + https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd + https://github.com/gpac/gpac/issues/1188 + https://ubuntu.com/security/notices/USN-3926-1 + + + + + + + + + + CVE-2018-20786 on Ubuntu 20.04 (focal) - low. + libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-24 14:29:00 UTC + 2019-02-24 14:29:00 UTC + leosilva + https://github.com/vim/vim/issues/3711 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20786.html + https://ubuntu.com/security/notices/USN-4309-1 + + + + + + + + + + + + + CVE-2018-20797 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-27 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923415 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20797.html + https://sourceforge.net/p/podofo/tickets/34/ + + + + + + + + + + CVE-2018-20800 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-13 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20800.html + https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/ + https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework + + + + + + + + + + CVE-2018-20802 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20802.html + https://jira.mongodb.org/browse/SERVER-36993 + + + + + + + + + + CVE-2018-20803 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10; v3.4 versions prior to 3.4.19. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20803.html + https://jira.mongodb.org/browse/SERVER-38070 + + + + + + + + + + CVE-2018-20804 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20804.html + https://jira.mongodb.org/browse/SERVER-35636 + + + + + + + + + + CVE-2018-20805 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20805.html + https://jira.mongodb.org/browse/SERVER-38164 + + + + + + + + + + CVE-2018-20806 on Ubuntu 20.04 (focal) - medium. + Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-17 23:32:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924731 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20806.html + https://github.com/lota/phamm/issues/24 + + + + + + + + + + CVE-2018-20821 on Ubuntu 20.04 (focal) - medium. + The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20821.html + https://github.com/sass/libsass/issues/2658 + + + + + + + + + + CVE-2018-20822 on Ubuntu 20.04 (focal) - medium. + LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20822.html + https://github.com/sass/libsass/issues/2671 + + + + + + + + + + CVE-2018-20843 on Ubuntu 20.04 (focal) - low. + In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-24 17:15:00 UTC + 2019-06-24 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031 + https://github.com/libexpat/libexpat/issues/186 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20843.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 + https://github.com/libexpat/libexpat/pull/262 + https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes + https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 + https://ubuntu.com/security/notices/USN-4040-1 + https://ubuntu.com/security/notices/USN-4040-2 + + + + mdeslaur> xmlparse.c doesn't appear to be built in the firefox package + + + + + + + + + + + + + + + + CVE-2018-20845 on Ubuntu 20.04 (focal) - medium. + Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-26 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20845.html + https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf + + + + ebarretto> Marking emscripten ignored as openjpeg2 code is only for test/example. mdeslaur> Ubuntu openjpeg2 packages are built with BUILD_MJ2:BOOL=OFF, so mdeslaur> the vulnerable code is not compiled + + + + + + + + + + + + + + + CVE-2018-20846 on Ubuntu 20.04 (focal) - medium. + Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-26 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20846.html + https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc + + + + ebarretto> Marking emscripten ignored as openjpeg2 code is only for test/example. emitorino> Debian binary packages built with BUILD_MJ2:BOOL=OFF emitorino> According to https://github.com/uclouvain/openjpeg/pull/1168#commitcomment-32961642 the patch https://github.com/uclouvain/openjpeg/commit/e1740e7ce79d0a1676db4da0f4189b64e85f52cb was reverted because it did not compile. Code is not present in upstream master anymore mdeslaur> Ubuntu packages are built with BUILD_MJ2:BOOL=OFF, so the mdeslaur> affected code isn't compiled + + + + + + + + + + + + + + CVE-2018-20847 on Ubuntu 20.04 (focal) - medium. + An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-26 18:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931294 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20847.html + https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949 + https://github.com/uclouvain/openjpeg/issues/431 + https://github.com/uclouvain/openjpeg/pull/1168/commits/c58df149900df862806d0e892859b41115875845 + + + + ebarretto> Marking emscripten ignored as openjpeg2 code is only for test/example. + + + + + + + + + + + + + + CVE-2018-20852 on Ubuntu 20.04 (focal) - medium. + http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-13 21:15:00 UTC + 2019-07-13 + mdeslaur + https://bugs.python.org/issue35121 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20852.html + https://python-security.readthedocs.io/vuln/cookie-domain-check.html + https://ubuntu.com/security/notices/USN-4127-1 + https://ubuntu.com/security/notices/USN-4127-2 + + + + + + + + + + CVE-2018-20871 on Ubuntu 20.04 (focal) - medium. + In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-30 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20871.html + + + + + + + + + + CVE-2018-21010 on Ubuntu 20.04 (focal) - medium. + OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or potentially execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-05 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-21010.html + + + + + + + + + + + + + + + + CVE-2018-21015 on Ubuntu 20.04 (focal) - medium. + AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-16 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-21015.html + https://github.com/gpac/gpac/issues/1179 + + + + + + + + + + + + + CVE-2018-21016 on Ubuntu 20.04 (focal) - medium. + audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-16 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-21016.html + https://github.com/gpac/gpac/issues/1180 + + + + + + + + + + + + + CVE-2018-21017 on Ubuntu 20.04 (focal) - low. + GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-16 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-21017.html + https://github.com/gpac/gpac/commit/d2371b4b204f0a3c0af51ad4e9b491144dd1225c + https://github.com/gpac/gpac/issues/1183 + + + + + + + + + + CVE-2018-21030 on Ubuntu 20.04 (focal) - medium. + Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-31 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-21030.html + https://github.com/jupyter/notebook/pull/3341 + https://github.com/jupyter/notebook/releases/tag/5.5.0 + + + + + + + + + + CVE-2018-21035 on Ubuntu 20.04 (focal) - low. + In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-28 21:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953049 + https://bugreports.qt.io/browse/QTBUG-70693 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-21035.html + https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 + + + + mdeslaur> upstream commit just adds new settings allowing users to lower mdeslaur> allowed frame/message size, it doesn't change the default mdeslaur> behaviour + + + + + + + + + CVE-2018-21232 on Ubuntu 20.04 (focal) - low. + re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-29 14:15:00 UTC + Sergei Trofimovich + https://github.com/skvadrik/re2c/issues/219 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-21232.html + https://www.openwall.com/lists/oss-security/2020/04/27/2 + + + + + + + + + + CVE-2018-21234 on Ubuntu 20.04 (focal) - medium. + Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-21 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961298 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-21234.html + https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16 + https://github.com/oblac/jodd/issues/628 + https://github.com/oblac/jodd/compare/v5.0.3...v5.0.4 + + + + + + + + + + CVE-2018-21247 on Ubuntu 20.04 (focal) - low. + An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + https://github.com/LibVNC/libvncserver/issues/253 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-21247.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + + + + + + + + + + + + + + CVE-2018-25004 on Ubuntu 20.04 (focal) - medium. + A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.6; MongoDB Server v3.6 versions prior to 3.6.11. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-01 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-25004.html + https://jira.mongodb.org/browse/SERVER-38275 + + + + + + + + + + CVE-2018-25009 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2018-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-25009.html + https://ubuntu.com/security/notices/USN-4971-1 + https://ubuntu.com/security/notices/USN-4971-2 + + + + + + + + + + CVE-2018-25010 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2018-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-25010.html + https://ubuntu.com/security/notices/USN-4971-1 + https://ubuntu.com/security/notices/USN-4971-2 + + + + + + + + + + CVE-2018-25011 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2018-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-25011.html + https://ubuntu.com/security/notices/USN-4971-1 + https://ubuntu.com/security/notices/USN-4971-2 + + + + + + + + + + CVE-2018-25012 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2018-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-25012.html + https://ubuntu.com/security/notices/USN-4971-1 + https://ubuntu.com/security/notices/USN-4971-2 + + + + mdeslaur> same commit as CVE-2018-25009 + + + + + + + + + CVE-2018-25013 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2018-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-25013.html + https://ubuntu.com/security/notices/USN-4971-1 + https://ubuntu.com/security/notices/USN-4971-2 + + + + + + + + + + CVE-2018-25014 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2018-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-25014.html + https://ubuntu.com/security/notices/USN-4971-1 + https://ubuntu.com/security/notices/USN-4971-2 + + + + + + + + + + CVE-2018-25015 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-07 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-25015.html + https://git.kernel.org/linus/a0ff660058b88d12625a783ce9e5c1371c87951f + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0ff660058b88d12625a783ce9e5c1371c87951f + https://syzkaller.appspot.com/bug?id=a8d38d1b68ffc744c53bd9b9fc1dbd6c86b1afe2 + https://sites.google.com/view/syzscope/warning-held-lock-freed + https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.16 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-25017 on Ubuntu 20.04 (focal) - untriaged. + RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-25017.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5256 + https://github.com/darktable-org/rawspeed/commit/dbe7591e54bad5e6430d38be6bed051582da76b9 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2018-227.yaml + + + + + + + + + + CVE-2018-25018 on Ubuntu 20.04 (focal) - medium. + UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990541 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-25018.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml + https://github.com/aawc/unrar/releases + + + + + + + + + + CVE-2018-2579 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2579.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2581 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2581.html + + + + + + + + + + CVE-2018-2582 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to access unauthorized resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2582.html + https://ubuntu.com/security/notices/USN-3613-1 + + + + + + + + + + CVE-2018-2588 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2588.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2599 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2599.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2602 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). It was discovered that the Internationalization component of OpenJDK did not restrict search paths when loading resource bundle classes. A local attacker could use this to trick a user into running malicious code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2602.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2603 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that OpenJDK did not properly restrict memory allocations when parsing DER input. A remote attacker could possibly use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2603.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2618 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). It was discovered that the Java Cryptography Extension (JCE) implementation in OpenJDK in some situations did guarantee sufficient strength of keys during key agreement. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2618.html + http://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + sbeattie> see release notes regarding JDK-8185292 if javax.crypto.KeyAgreement's generateSecret(String) method is failing. + + + + + + + + + CVE-2018-2629 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). It was discovered that the Java GSS implementation in OpenJDK in some situations did not properly handle GSS contexts in the native GSS library. An attacker could possibly use this to access unauthorized resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2629.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2633 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). It was discovered that the LDAP implementation in OpenJDK did not properly handle LDAP referrals in some situations. An attacker could possibly use this to expose sensitive information or gain unauthorized privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2633.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2634 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). It was discovered that the Java GSS implementation in OpenJDK in some situations did not properly apply subject credentials. An attacker could possibly use this to expose sensitive information or gain access to unauthorized resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2634.html + https://bugs.openjdk.java.net/browse/JDK-6560359 + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2637 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). It was discovered that the Java Management Extensions (JMX) component of OpenJDK did not properly apply deserialization filters in some situations. An attacker could use this to bypass deserialization restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2637.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2641 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). It was discovered that a use-after-free vulnerability existed in the AWT component of OpenJDK when loading the GTK library. An attacker could possibly use this to execute arbitrary code and escape Java sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2641.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2663 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). It was discovered that in some situations OpenJDK did not properly validate objects when performing deserialization. An attacker could use this to cause a denial of service (application crash or excessive memory consumption). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2663.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2676 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2676.html + + + + + + + + + + CVE-2018-2677 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). It was discovered that the AWT component of OpenJDK did not properly restrict the amount of memory allocated when deserializing some objects. An attacker could use this to cause a denial of service (excessive memory consumption). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2677.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2678 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). It was discovered that the JNDI component of OpenJDK did not properly restrict the amount of memory allocated when deserializing objects in some situations. An attacker could use this to cause a denial of service (excessive memory consumption). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + 2018-01-17 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2678.html + https://ubuntu.com/security/notices/USN-3613-1 + https://ubuntu.com/security/notices/USN-3614-1 + + + + + + + + + + CVE-2018-2685 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2685.html + + + + + + + + + + CVE-2018-2686 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2686.html + + + + + + + + + + CVE-2018-2687 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2687.html + http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html + + + + + + + + + + CVE-2018-2688 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2688.html + http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html + + + + + + + + + + CVE-2018-2689 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2689.html + http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html + + + + + + + + + + CVE-2018-2690 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2690.html + http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html + + + + + + + + + + CVE-2018-2693 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2693.html + http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html + http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html + + + + + + + + + + CVE-2018-2694 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2694.html + http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html + + + + + + + + + + CVE-2018-2698 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2698.html + http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html + + + + + + + + + + CVE-2018-2830 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2830.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + + + + + + + + CVE-2018-2831 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 02:29:00 UTC + Roman Fiedler + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2831.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + + + + + + + + CVE-2018-2835 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 02:29:00 UTC + Vasily Vasiliev + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2835.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + + + + + + + + CVE-2018-2836 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 02:29:00 UTC + Vasily Vasiliev + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2836.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + + + + + + + + CVE-2018-2837 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 02:29:00 UTC + Vasily Vasiliev + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2837.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + + + + + + + + CVE-2018-2842 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 02:29:00 UTC + Reno Robert + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2842.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + + + + + + + + CVE-2018-2843 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 02:29:00 UTC + Reno Robert + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2843.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + + + + + + + + CVE-2018-2844 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 02:29:00 UTC + Reno Robert + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2844.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + + + + + + + + CVE-2018-2845 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 02:29:00 UTC + Reno Robert + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2845.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + + + + + + + + CVE-2018-2860 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 02:29:00 UTC + Niklas Baumstark + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2860.html + http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html + + + + + + + + + + CVE-2018-2941 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2941.html + + + + + + + + + + CVE-2018-2952 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + 2018-07-18 + sbeattie + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-2952.html + https://ubuntu.com/security/notices/USN-3735-1 + https://ubuntu.com/security/notices/USN-3734-1 + https://ubuntu.com/security/notices/USN-3747-1 + + + + + + + + + + + + + CVE-2018-3005 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3005.html + + + + + + + + + + CVE-2018-3055 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3055.html + + + + + + + + + + CVE-2018-3085 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3085.html + + + + + + + + + + CVE-2018-3086 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3086.html + + + + + + + + + + CVE-2018-3087 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3087.html + + + + + + + + + + CVE-2018-3088 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3088.html + + + + + + + + + + CVE-2018-3089 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3089.html + + + + + + + + + + CVE-2018-3090 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3090.html + + + + + + + + + + CVE-2018-3091 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-18 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3091.html + + + + + + + + + + CVE-2018-3209 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3209.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + + + + + + + + + + CVE-2018-3287 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3287.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3288 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3288.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3289 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3289.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3290 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3290.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3291 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3291.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3292 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3292.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3293 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3293.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3294 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows low privileged attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3294.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3295 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3295.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3296 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3296.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3297 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3297.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3298 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 01:31:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3298.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html + http://www.securitytracker.com/id/1041887 + + + + + + + + + + CVE-2018-3309 on Ubuntu 20.04 (focal) - high. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + High + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3309.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2018-3613 on Ubuntu 20.04 (focal) - low. + Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 20:29:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=415 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3613.html + https://bugzilla.tianocore.org/attachment.cgi?id=44 + https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html + https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html + + + + + + + + + + CVE-2018-3639 on Ubuntu 20.04 (focal) - medium. + Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-22 12:29:00 UTC + 2018-05-21 21:00:00 UTC + Jann Horn and Ken Johnson + 2018-05-21 21:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3639.html + https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html + http://xenbits.xen.org/xsa/advisory-263.html + https://ubuntu.com/security/notices/USN-3652-1 + https://ubuntu.com/security/notices/USN-3653-1 + https://ubuntu.com/security/notices/USN-3653-2 + https://ubuntu.com/security/notices/USN-3654-1 + https://ubuntu.com/security/notices/USN-3654-2 + https://ubuntu.com/security/notices/USN-3655-1 + https://ubuntu.com/security/notices/USN-3655-2 + https://ubuntu.com/security/notices/USN-3651-1 + https://ubuntu.com/security/notices/USN-3680-1 + https://ubuntu.com/security/notices/USN-3679-1 + https://ubuntu.com/security/notices/USN-3756-1 + https://ubuntu.com/security/notices/USN-3777-3 + + + + tyhicks> "Variant 4" tyhicks> The break-fix lines for this CVE are not complete since a large number of patches are required to mitigate this issue. The commit(s) listed are chosen as placeholders for automated CVE triage purposes. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-3719 on Ubuntu 20.04 (focal) - medium. + mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-07 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898315 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3719.html + https://nodesecurity.io/advisories/578 + + + + + + + + + + CVE-2018-3721 on Ubuntu 20.04 (focal) - untriaged. + lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-06-07 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890575 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3721.html + https://snyk.io/vuln/npm:lodash:20180130 + https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a + https://www.npmjs.com/advisories/577 + + + + + + + + + + CVE-2018-3728 on Ubuntu 20.04 (focal) - untriaged. + hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-03-30 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3728.html + https://snyk.io/vuln/npm:hoek:20180212 + + + + + + + + + + CVE-2018-3737 on Ubuntu 20.04 (focal) - medium. + sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-07 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901093 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3737.html + https://github.com/joyent/node-sshpk/issues/44 + https://github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957 + + + + + + + + + + CVE-2018-3741 on Ubuntu 20.04 (focal) - medium. + There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-30 19:29:00 UTC + Kaarlo Haikonen + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3741.html + http://www.openwall.com/lists/oss-security/2018/03/22 + + + + + + + + + + CVE-2018-3750 on Ubuntu 20.04 (focal) - medium. + The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-03 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3750.html + https://nodesecurity.io/advisories/612 + https://github.com/unclechu/node-deep-extend/issues/39 + https://github.com/unclechu/node-deep-extend/pull/40 + https://hackerone.com/reports/311333 + + + + + + + + + + CVE-2018-3760 on Ubuntu 20.04 (focal) - medium. + There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901913 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3760.html + http://www.openwall.com/lists/oss-security/2018/06/19/2 + https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f + + + + + + + + + + CVE-2018-3774 on Ubuntu 20.04 (focal) - medium. + Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-12 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3774.html + https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a + https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de + https://hackerone.com/reports/384029 + + + + + + + + + + CVE-2018-3836 on Ubuntu 20.04 (focal) - medium. + An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability. It was discovered that Leptonica incorrectly handled certain input arguments. An attacker could possibly use this issue to execute arbitrary commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3836.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516 + + + + + + + + + + CVE-2018-3846 on Ubuntu 20.04 (focal) - medium. + In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-16 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892458 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3846.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529 + + + + + + + + + + CVE-2018-3848 on Ubuntu 20.04 (focal) - medium. + In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-16 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892458 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3848.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531 + + + + + + + + + + CVE-2018-3849 on Ubuntu 20.04 (focal) - medium. + In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-16 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892458 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3849.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531 + + + + + + + + + + CVE-2018-3977 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-01 15:29:00 UTC + 2018-11-01 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912617 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912618 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3977.html + https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645 + https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8 + https://ubuntu.com/security/notices/USN-4238-1 + + + + + + + + + + + + + CVE-2018-3979 on Ubuntu 20.04 (focal) - low. + A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-01 21:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3979.html + https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647 + + + + mdeslaur> as of 2019-05-06, no fix available + + + + + + + + + CVE-2018-4013 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. It was discovered that liveMedia incorrectly handled certain network packets. An attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-19 13:29:00 UTC + https://bugs.launchpad.net/bugs/1802160 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4013.html + http://lists.live555.com/pipermail/live-devel/2018-October/021071.html + https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684 + + + + + + + + + + CVE-2018-4022 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-26 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4022.html + https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694 + + + + + + + + + + CVE-2018-4088 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-01-29 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4088.html + https://webkitgtk.org/security/WSA-2018-0002.html + https://ubuntu.com/security/notices/USN-3551-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4089 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4089.html + https://webkitgtk.org/security/WSA-2018-0002.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4096 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-01-29 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4096.html + https://webkitgtk.org/security/WSA-2018-0002.html + https://ubuntu.com/security/notices/USN-3551-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4101 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + Yuan Deng + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4101.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4113 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4113.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4114 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4114.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4117 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4117.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2018-4118 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + Jun Kokatsu + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4118.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4119 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4119.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4120 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + Hanming Zhang + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4120.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4121 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4121.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4122 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4122.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4125 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4125.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4127 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4127.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4128 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4128.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4129 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4129.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4130 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4130.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + CVE-2018-4133 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + Anton Lopanitsyn, Linus Särud, Yuji Tounai + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4133.html + https://support.apple.com/HT208695 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4146 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4146.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4161 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4161.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4162 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4162.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4163 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4163.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208696 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4165 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 06:29:00 UTC + 2018-04-03 + Hanming Zhang + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4165.html + https://support.apple.com/HT208693 + https://support.apple.com/HT208694 + https://support.apple.com/HT208695 + https://support.apple.com/HT208697 + https://support.apple.com/HT208698 + https://webkitgtk.org/security/WSA-2018-0003.html + https://ubuntu.com/security/notices/USN-3635-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4188 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4188.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 mdeslaur> no indication that this affects webkit2gtk + + + + + + + + + CVE-2018-4190 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + 2018-06-08 + Jun Kokatsu + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4190.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + https://webkitgtk.org/security/WSA-2018-0005.html + https://ubuntu.com/security/notices/USN-3687-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4191 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4191.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4192 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + Markus Gaasedelen, Nick Burnett, and Patrick Biernat + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4192.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208851 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + https://webkitgtk.org/security/WSA-2018-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4197 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4197.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4199 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + 2018-06-08 + Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4199.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + https://webkitgtk.org/security/WSA-2018-0005.html + https://ubuntu.com/security/notices/USN-3687-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4200 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + 2018-05-07 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4200.html + https://webkitgtk.org/security/WSA-2018-0004.html + https://ubuntu.com/security/notices/USN-3640-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4201 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4201.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208851 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + https://webkitgtk.org/security/WSA-2018-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4204 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4204.html + https://webkitgtk.org/security/WSA-2018-0004.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4207 on Ubuntu 20.04 (focal) - medium. + In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-11 18:29:00 UTC + 2018-09-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4207.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4208 on Ubuntu 20.04 (focal) - medium. + In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-11 18:29:00 UTC + 2018-09-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4208.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4209 on Ubuntu 20.04 (focal) - medium. + In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-11 18:29:00 UTC + 2018-09-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4209.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4210 on Ubuntu 20.04 (focal) - medium. + In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-11 18:29:00 UTC + 2018-09-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4210.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4212 on Ubuntu 20.04 (focal) - medium. + In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-11 18:29:00 UTC + 2018-09-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4212.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4213 on Ubuntu 20.04 (focal) - medium. + In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-11 18:29:00 UTC + 2018-09-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4213.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4214 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4214.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208851 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + https://webkitgtk.org/security/WSA-2018-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4218 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + 2018-06-08 + Natalie Silvanovich + https://bugs.chromium.org/p/project-zero/issues/detail?id=1553 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4218.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208851 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + https://www.exploit-db.com/exploits/44861/ + https://webkitgtk.org/security/WSA-2018-0005.html + https://ubuntu.com/security/notices/USN-3687-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4222 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + 2018-06-08 + Natalie Silvanovich + https://bugs.chromium.org/p/project-zero/issues/detail?id=1545 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4222.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208851 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + https://www.exploit-db.com/exploits/44859/ + https://webkitgtk.org/security/WSA-2018-0005.html + https://ubuntu.com/security/notices/USN-3687-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4232 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + 2018-06-08 + Aymeric Chaib + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4232.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + https://webkitgtk.org/security/WSA-2018-0005.html + https://ubuntu.com/security/notices/USN-3687-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4233 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + 2018-06-08 + Samuel Groß + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4233.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208851 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + https://webkitgtk.org/security/WSA-2018-0005.html + https://ubuntu.com/security/notices/USN-3687-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4246 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 18:29:00 UTC + 2018-06-08 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4246.html + http://www.securitytracker.com/id/1041029 + https://support.apple.com/HT208848 + https://support.apple.com/HT208850 + https://support.apple.com/HT208851 + https://support.apple.com/HT208852 + https://support.apple.com/HT208853 + https://support.apple.com/HT208854 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 mdeslaur> no indication that this affects webkit2gtk + + + + + + + + + + + + CVE-2018-4261 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-08-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4261.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4262 on Ubuntu 20.04 (focal) - medium. + In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-11 18:29:00 UTC + 2018-08-06 + Mateusz Krzywicki + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4262.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4263 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-08-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4263.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4264 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-08-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4264.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4265 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-08-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4265.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4266 on Ubuntu 20.04 (focal) - medium. + A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-08-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4266.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4267 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-08-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4267.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4270 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-08-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4270.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4271 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4271.html + https://webkitgtk.org/security/WSA-2018-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4272 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-08-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4272.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4273 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-08-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4273.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4278 on Ubuntu 20.04 (focal) - medium. + In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-11 18:29:00 UTC + 2018-08-06 + Jun Kokatsu + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4278.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4284 on Ubuntu 20.04 (focal) - medium. + A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-08-06 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4284.html + https://support.apple.com/en-us/HT208934 + https://webkitgtk.org/security/WSA-2018-0006.html + https://ubuntu.com/security/notices/USN-3743-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4299 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Samuel Groß + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4299.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4306 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4306.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4309 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4309.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4311 on Ubuntu 20.04 (focal) - medium. + The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Erling Alf Ellingsen + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4311.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4312 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4312.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4314 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4314.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4315 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4315.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4316 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + crixer, Hanming Zhang + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4316.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4317 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4317.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4318 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4318.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4319 on Ubuntu 20.04 (focal) - medium. + A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + John Pettitt + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4319.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4323 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4323.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4328 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Ivan Fratric + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4328.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4345 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-11-22 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4345.html + https://webkitgtk.org/security/WSA-2018-0008.html + https://ubuntu.com/security/notices/USN-3828-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4358 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4358.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4359 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + Samuel Groß + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4359.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4361 on Ubuntu 20.04 (focal) - medium. + A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-09-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4361.html + https://www.openwall.com/lists/oss-security/2018/09/29/1 + https://webkitgtk.org/security/WSA-2018-0007.html + https://ubuntu.com/security/notices/USN-3781-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4372 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-11-22 + HyungSeok Han, DongHyeon Oh, and Sang Kil Cha + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4372.html + https://webkitgtk.org/security/WSA-2018-0008.html + https://ubuntu.com/security/notices/USN-3828-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4373 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4373.html + https://webkitgtk.org/security/WSA-2018-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4375 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + Yu Haiwan and Wu Hongjun + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4375.html + https://webkitgtk.org/security/WSA-2018-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4376 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4376.html + https://webkitgtk.org/security/WSA-2018-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4378 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4378.html + https://webkitgtk.org/security/WSA-2018-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4382 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4382.html + https://webkitgtk.org/security/WSA-2018-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4386 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-11-22 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4386.html + https://webkitgtk.org/security/WSA-2018-0008.html + https://ubuntu.com/security/notices/USN-3828-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4392 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4392.html + https://webkitgtk.org/security/WSA-2018-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4416 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4416.html + https://webkitgtk.org/security/WSA-2018-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4437 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + 2018-12-17 + HyungSeok Han, DongHyeon Oh, and Sang Kil Cha + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4437.html + https://webkitgtk.org/security/WSA-2018-0009.html + https://ubuntu.com/security/notices/USN-3854-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4438 on Ubuntu 20.04 (focal) - medium. + A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4438.html + https://webkitgtk.org/security/WSA-2018-0009.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4441 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4441.html + https://webkitgtk.org/security/WSA-2018-0009.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4442 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4442.html + https://webkitgtk.org/security/WSA-2018-0009.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4443 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4443.html + https://webkitgtk.org/security/WSA-2018-0009.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-4464 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + HyungSeok Han, DongHyeon Oh, and Sang Kil Cha + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4464.html + https://webkitgtk.org/security/WSA-2018-0009.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2018-5089 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2018-01-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5089.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/ + https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/ + https://ubuntu.com/security/notices/USN-3544-1 + https://ubuntu.com/security/notices/USN-3529-1 + https://ubuntu.com/security/notices/USN-3688-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-5090 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2018-01-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5090.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/ + https://ubuntu.com/security/notices/USN-3544-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> This is not fixed in mozjs52, but it's unclear whether it is unaffected or just ignored as the bugs are still private. Specifically, the following need investigating: - https://bugzilla.mozilla.org/show_bug.cgi?id=1412653 (https://hg.mozilla.org/releases/mozilla-release/rev/935393b713cb) - https://bugzilla.mozilla.org/show_bug.cgi?id=1418966 (https://hg.mozilla.org/releases/mozilla-release/rev/32bb2e9efd34) - https://bugzilla.mozilla.org/show_bug.cgi?id=1427126 (https://hg.mozilla.org/releases/mozilla-release/rev/3e7bec52b143) - https://bugzilla.mozilla.org/show_bug.cgi?id=1382851 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1421786 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1415748 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1415788 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1418841 (https://hg.mozilla.org/releases/mozilla-release/rev/f24456236534) - https://bugzilla.mozilla.org/show_bug.cgi?id=1384544 (https://hg.mozilla.org/releases/mozilla-release/rev/971c6a19e3b5) + + + + + + + + + + + + CVE-2018-5093 on Ubuntu 20.04 (focal) - medium. + A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2018-01-23 + chrisccoulson + https://bugzilla.mozilla.org/show_bug.cgi?id=1384544 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5093.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/ + https://ubuntu.com/security/notices/USN-3544-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> This is not fixed in mozjs52, but it's unclear whether it is unaffected or just ignored as the bug is still private. See https://hg.mozilla.org/releases/mozilla-release/rev/622c05a8e7a1 + + + + + + + + + + + + CVE-2018-5094 on Ubuntu 20.04 (focal) - medium. + A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2018-01-23 + chrisccoulson + https://bugzilla.mozilla.org/show_bug.cgi?id=1415883 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5094.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/ + https://ubuntu.com/security/notices/USN-3544-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> This is not fixed in mozjs52, but it's unclear whether it is unaffected or just ignored as the bug is still private. See https://hg.mozilla.org/releases/mozilla-release/rev/2467d71d0e0d + + + + + + + + + + + + CVE-2018-5125 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2018-03-14 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5125.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ + https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ + https://ubuntu.com/security/notices/USN-3596-1 + https://ubuntu.com/security/notices/USN-3545-1 + https://ubuntu.com/security/notices/USN-3688-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-5126 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2018-03-14 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5126.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ + https://ubuntu.com/security/notices/USN-3596-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> This is not fixed in mozjs52, but it's unclear whether it is unaffected or just ignored as the bugs are still private. Specifically, the following need investigating: - https://bugzilla.mozilla.org/show_bug.cgi?id=1414768 (https://hg.mozilla.org/releases/mozilla-release/rev/8bb6aeb63d5d) - https://bugzilla.mozilla.org/show_bug.cgi?id=1416523 (https://hg.mozilla.org/releases/mozilla-release/rev/5fc563433fcf) - https://bugzilla.mozilla.org/show_bug.cgi?id=1425691 (https://hg.mozilla.org/releases/mozilla-release/rev/cc126cc0f071) - https://bugzilla.mozilla.org/show_bug.cgi?id=1441006 (https://hg.mozilla.org/releases/mozilla-release/rev/1f4e74a5ace8) - https://bugzilla.mozilla.org/show_bug.cgi?id=1422631 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1426603 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1373934 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1423173 (https://hg.mozilla.org/releases/mozilla-release/rev/6a92a108abeb) + + + + + + + + + + + + CVE-2018-5145 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2018-03-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5145.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ + https://ubuntu.com/security/notices/USN-3545-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> It's not clear whether this affects mozjs52, as the bugs are still private and some aren't referenced by any changesets. The following need investigating: - https://bugzilla.mozilla.org/show_bug.cgi?id=1348955 + + + + + + + + + + + + CVE-2018-5150 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2018-05-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5150.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5150 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5150 + https://ubuntu.com/security/notices/USN-3645-1 + https://ubuntu.com/security/notices/USN-3660-1 + https://ubuntu.com/security/notices/USN-3688-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-5151 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-11 21:29:00 UTC + 2018-05-11 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5151.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151 + https://ubuntu.com/security/notices/USN-3645-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> This is not fixed in mozjs52, but it's unclear whether it is unaffected or just ignored as the bugs are still private. Specifically, the following need investigating: - https://bugzilla.mozilla.org/show_bug.cgi?id=1437455 (https://hg.mozilla.org/releases/mozilla-release/rev/4c96fc4ec2b0) - https://bugzilla.mozilla.org/show_bug.cgi?id=1447989 (https://hg.mozilla.org/releases/mozilla-release/rev/faa0174ca76e) - https://bugzilla.mozilla.org/show_bug.cgi?id=1438827 (https://hg.mozilla.org/releases/mozilla-release/rev/f9ec9a7399fa) - https://bugzilla.mozilla.org/show_bug.cgi?id=1436983 (https://hg.mozilla.org/releases/mozilla-release/rev/39b39fc61d53) - https://bugzilla.mozilla.org/show_bug.cgi?id=1439655 (can't find a changeset referencing it) - https://bugzilla.mozilla.org/show_bug.cgi?id=1367727 (can't find a changeset referencing it) + + + + + + + + + + + + CVE-2018-5186 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 13:29:00 UTC + 2018-06-27 + chrisccoulson + Christian Holler, Jason Kratzer, Jon Coppeard, Randell Jesup, Ronald Crane, and Boris Zbarsky + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5186.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5186 + https://ubuntu.com/security/notices/USN-3705-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-5187 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 13:29:00 UTC + 2018-06-27 + chrisccoulson + Christian Holler, Sebastian Hengst, Nils Ohlmeier, Jon Coppeard, Randell Jesup, Ted Campbell, Gary Kwong, and Jean-Yves Avenard + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5187.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187 + https://ubuntu.com/security/notices/USN-3705-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2018-5188 on Ubuntu 20.04 (focal) - medium. + Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-18 13:29:00 UTC + 2018-06-27 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5188.html + https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5188 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-5188 + https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-5188 + https://ubuntu.com/security/notices/USN-3705-1 + https://ubuntu.com/security/notices/USN-3714-1 + https://ubuntu.com/security/notices/USN-3749-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2018-5295 on Ubuntu 20.04 (focal) - untriaged. + In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-01-08 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5295.html + https://bugzilla.redhat.com/show_bug.cgi?id=1531897 + + + + + + + + + + CVE-2018-5296 on Ubuntu 20.04 (focal) - untriaged. + In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-01-08 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5296.html + https://bugzilla.redhat.com/show_bug.cgi?id=1531956 + + + + + + + + + + CVE-2018-5308 on Ubuntu 20.04 (focal) - untriaged. + PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-01-09 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5308.html + https://bugzilla.redhat.com/show_bug.cgi?id=1532390 + + + + + + + + + + CVE-2018-5309 on Ubuntu 20.04 (focal) - untriaged. + In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-01-09 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5309.html + https://bugzilla.redhat.com/show_bug.cgi?id=1532381 + + + + + + + + + + CVE-2018-5389 on Ubuntu 20.04 (focal) - low. + The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-06 21:29:00 UTC + Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak and Marcin Szymanek + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5389.html + https://www.usenix.org/conference/usenixsecurity18/presentation/felsch + https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf + https://www.usenix.org/sites/default/files/conference/protected-files/security18_slides_felsch.pdf + + + + ebarretto> vulnerability in IKEv1 protocol, not fixable in implementation ebarretto> use strong passphrase or public-key cryptography + + + + + + + + + + + + + CVE-2018-5392 on Ubuntu 20.04 (focal) - low. + mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-14 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5392.html + https://sourceforge.net/p/mingw-w64/mailman/message/31034877/ + https://sourceware.org/bugzilla/show_bug.cgi?id=17321 + https://sourceware.org/bugzilla/show_bug.cgi?id=19011 + https://www.kb.cert.org/vuls/id/307144 (describes workaround) + + + + + + + + + + CVE-2018-5650 on Ubuntu 20.04 (focal) - medium. + In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-12 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5650.html + https://github.com/ckolivas/lrzip/issues/88 + + + + + + + + + + CVE-2018-5685 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-14 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887158 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5685.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6 + https://sourceforge.net/p/graphicsmagick/bugs/541/ + + + + + + + + + + CVE-2018-5686 on Ubuntu 20.04 (focal) - medium. + In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-14 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887130 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5686.html + https://bugs.ghostscript.com/show_bug.cgi?id=698860 + + + + + + + + + + CVE-2018-5709 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-01-16 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5709.html + https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow + + + + ebarretto> according to debian security tracker: non-issue, codepath is ebarretto> only run on trusted input, potential integer overflow is ebarretto> non-issue + + + + + + + + + CVE-2018-5710 on Ubuntu 20.04 (focal) - low. + An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-16 09:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889685 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5710.html + https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS) + + + + + + + + + + CVE-2018-5727 on Ubuntu 20.04 (focal) - negligible. + In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. It was discovered that OpenJPEG incorrectly handled certain BMP files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-01-16 22:29:00 UTC + 2018-01-16 22:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888532 + https://github.com/uclouvain/openjpeg/issues/1053 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5727.html + https://ubuntu.com/security/notices/USN-4686-1 + + + + + + + + + + CVE-2018-5739 on Ubuntu 20.04 (focal) - medium. + An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5739.html + https://kb.isc.org/article/AA-01626 + + + + + + + + + + CVE-2018-5747 on Ubuntu 20.04 (focal) - medium. + In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-17 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5747.html + https://github.com/ckolivas/lrzip/issues/90 + + + + + + + + + + CVE-2018-5776 on Ubuntu 20.04 (focal) - medium. + WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-18 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887596 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5776.html + https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/ + https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850 + https://codex.wordpress.org/Version_4.9.2 + + + + + + + + + + CVE-2018-5783 on Ubuntu 20.04 (focal) - medium. + In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-19 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5783.html + https://bugzilla.redhat.com/show_bug.cgi?id=1536179 + + + + + + + + + + CVE-2018-5786 on Ubuntu 20.04 (focal) - medium. + In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-19 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5786.html + https://github.com/ckolivas/lrzip/issues/91 + + + + + + + + + + CVE-2018-5800 on Ubuntu 20.04 (focal) - medium. + An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2018-03-12 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5800.html + https://packetstormsecurity.com/files/146172/secunia-libraw.txt + https://ubuntu.com/security/notices/USN-3615-1 + + + + + + + + + + + + + + + + + CVE-2018-5801 on Ubuntu 20.04 (focal) - medium. + An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2018-03-12 + Laurent Delosieres + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5801.html + https://packetstormsecurity.com/files/146172/secunia-libraw.txt + https://ubuntu.com/security/notices/USN-3615-1 + + + + + + + + + + + + + + + + + CVE-2018-5802 on Ubuntu 20.04 (focal) - medium. + An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2018-03-12 + Laurent Delosieres + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5802.html + https://packetstormsecurity.com/files/146172/secunia-libraw.txt + https://ubuntu.com/security/notices/USN-3615-1 + + + + + + + + + + + + + + + + + CVE-2018-5804 on Ubuntu 20.04 (focal) - low. + A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + alexmurray + Laurent Delosieres + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5804.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03 + + + + + + + + + + + + + + + + + CVE-2018-5805 on Ubuntu 20.04 (focal) - low. + A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + alexmurray + Laurent Delosieres + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5805.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03 + + + + amurray> Fixed in trusty / xenial via debian/patches/security_0.18.8_2.patch + + + + + + + + + + + + + + + + CVE-2018-5806 on Ubuntu 20.04 (focal) - low. + An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + alexmurray + Laurent Delosieres + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5806.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03 + + + + amurray> Fixed in trusty / xenial via debian/patches/security_0.18.8_2.patch + + + + + + + + + + + + + + + + CVE-2018-5807 on Ubuntu 20.04 (focal) - low. + An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2018-08-02 + alexmurray + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5807.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ + https://ubuntu.com/security/notices/USN-3838-1 + + + + + + + + + + + + + + + + CVE-2018-5808 on Ubuntu 20.04 (focal) - medium. + An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5808.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/ + https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt + https://secuniaresearch.flexerasoftware.com/advisories/81800/ + https://ubuntu.com/security/notices/USN-3838-1 + + + + + + + + + + + + + + + + + CVE-2018-5809 on Ubuntu 20.04 (focal) - medium. + An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5809.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/ + https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt + https://secuniaresearch.flexerasoftware.com/advisories/81800/ + https://ubuntu.com/security/notices/USN-3838-1 + + + + + + + + + + + + + + + + + CVE-2018-5810 on Ubuntu 20.04 (focal) - medium. + An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2018-08-02 + alexmurray + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5810.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ + https://ubuntu.com/security/notices/USN-3838-1 + + + + + + + + + + + + + + + + CVE-2018-5811 on Ubuntu 20.04 (focal) - low. + An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2018-08-02 + alexmurray + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5811.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ + https://ubuntu.com/security/notices/USN-3838-1 + + + + + + + + + + + + + + + + CVE-2018-5812 on Ubuntu 20.04 (focal) - medium. + An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2018-08-02 + alexmurray + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5812.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ + https://ubuntu.com/security/notices/USN-3838-1 + + + + + + + + + + + + + + + + CVE-2018-5813 on Ubuntu 20.04 (focal) - medium. + An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2018-07-31 + alexmurray + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5813.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/ + https://ubuntu.com/security/notices/USN-3838-1 + + + + + + + + + + + + + + + + CVE-2018-5815 on Ubuntu 20.04 (focal) - medium. + An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2018-07-31 + alexmurray + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5815.html + http://seclists.org/bugtraq/2018/Jul/58 + https://ubuntu.com/security/notices/USN-3838-1 + + + + + + + + + + + + + + + + CVE-2018-5816 on Ubuntu 20.04 (focal) - medium. + An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-07 22:29:00 UTC + 2018-07-31 + alexmurray + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5816.html + http://seclists.org/bugtraq/2018/Jul/58 + https://ubuntu.com/security/notices/USN-3838-1 + + + + amurray> Issue caused by an incomplete fix for CVE-2018-5804 + + + + + + + + + + + + + + + CVE-2018-5817 on Ubuntu 20.04 (focal) - low. + A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-20 18:29:00 UTC + 2019-02-20 + mdeslaur + Laurent Delosieres + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5817.html + https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html + https://ubuntu.com/security/notices/USN-3989-1 + + + + + + + + + + + + + + + + + CVE-2018-5818 on Ubuntu 20.04 (focal) - low. + An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-20 18:29:00 UTC + 2019-02-20 + mdeslaur + Laurent Delosieres + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5818.html + https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html + https://ubuntu.com/security/notices/USN-3989-1 + + + + mdeslaur> same commit as CVE-2018-5817 + + + + + + + + + + + + + + + + CVE-2018-5819 on Ubuntu 20.04 (focal) - low. + An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-20 18:29:00 UTC + 2019-02-20 + mdeslaur + Laurent Delosieres + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5819.html + https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html + https://ubuntu.com/security/notices/USN-3989-1 + + + + mdeslaur> same commit as CVE-2018-5817 + + + + + + + + + + + + + + + + CVE-2018-5968 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-22 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5968.html + https://github.com/FasterXML/jackson-databind/issues/1899 + + + + + + + + + + CVE-2018-5996 on Ubuntu 20.04 (focal) - untriaged. + Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-01-31 18:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888314 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5996.html + https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ + + + + + + + + + + CVE-2018-6187 on Ubuntu 20.04 (focal) - medium. + In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-24 10:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6187.html + https://bugs.ghostscript.com/show_bug.cgi?id=698908 + + + + + + + + + + CVE-2018-6192 on Ubuntu 20.04 (focal) - medium. + In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-24 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888487 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6192.html + https://bugs.ghostscript.com/show_bug.cgi?id=698916 + + + + + + + + + + CVE-2018-6323 on Ubuntu 20.04 (focal) - low. + The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-26 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22746 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6323.html + + + + + + + + + + CVE-2018-6352 on Ubuntu 20.04 (focal) - untriaged. + In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-01-27 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6352.html + https://bugzilla.redhat.com/show_bug.cgi?id=1539237 + + + + + + + + + + CVE-2018-6360 on Ubuntu 20.04 (focal) - medium. + mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-28 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888654 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6360.html + https://github.com/mpv-player/mpv/issues/5456 + https://github.com/mpv-player/mpv/commit/e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43 + + + + + + + + + + CVE-2018-6389 on Ubuntu 20.04 (focal) - low. + In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-06 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6389.html + https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html + https://thehackernews.com/2018/02/wordpress-dos-exploit.html + https://wpvulndb.com/vulnerabilities/9021 + + + + + + + + + + CVE-2018-6508 on Ubuntu 20.04 (focal) - untriaged. + Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-02-09 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6508.html + https://puppet.com/security/cve/CVE-2018-6508 + https://github.com/puppetlabs/puppetlabs-facter_task/commit/dd37c72e78c8a37e671e20becb05d6ceafdbd81c + https://github.com/puppetlabs/puppetlabs-puppet_conf/commit/ba434605717e16d935cba45ab38ca5866780a36b + https://github.com/puppetlabs/puppetlabs-apt/commit/81879be960d5723016e3d0b4ff155ee704261bbc + https://github.com/puppetlabs/puppetlabs-apache/commit/81bc5119ceced1faa4bf261efa4b7cd3731ef3ef + https://github.com/puppetlabs/puppetlabs-mysql/commit/da3684c79d5fe6ece826e087e8693c75ac40414c + + + + + + + + + + + + + + CVE-2018-6519 on Ubuntu 20.04 (focal) - medium. + The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-02 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6519.html + https://simplesamlphp.org/security/201801-01 + https://github.com/simplesamlphp/saml2/commit/726404bf7b4085a9eb9c9a869af1ecc146bd8f6d + + + + + + + + + + CVE-2018-6520 on Ubuntu 20.04 (focal) - untriaged. + SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-02-02 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6520.html + https://simplesamlphp.org/security/201801-02 + + + + + + + + + + CVE-2018-6521 on Ubuntu 20.04 (focal) - low. + The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-02 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6521.html + https://simplesamlphp.org/security/201801-03 + + + + msalvatore> According to the security advisory, "there is no known way to msalvatore> exploit the issue." There are 2 mitigating factors. See the msalvatore> SimpleSAMLphp advisory for more details. + + + + + + + + + CVE-2018-6536 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-02-02 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6536.html + https://github.com/Icinga/icinga2/issues/5991 + + + + + + + + + + CVE-2018-6543 on Ubuntu 20.04 (focal) - low. + In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-02 09:29:00 UTC + Ruikai Liu + https://sourceware.org/bugzilla/show_bug.cgi?id=22769 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6543.html + + + + + + + + + + CVE-2018-6544 on Ubuntu 20.04 (focal) - medium. + pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-02 09:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6544.html + http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d + http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89 + https://bugs.ghostscript.com/show_bug.cgi?id=698830 + https://bugs.ghostscript.com/show_bug.cgi?id=698965 + + + + + + + + + + CVE-2018-6561 on Ubuntu 20.04 (focal) - untriaged. + dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-02-02 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6561.html + https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md + + + + + + + + + + CVE-2018-6612 on Ubuntu 20.04 (focal) - untriaged. + An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-02-04 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6612.html + https://anonscm.debian.org/git/collab-maint/jhead.git/diff/debian/patches/0008-heap-buffer-overflow.patch?id=01f09ab772d0d341cdc1326490dd2aa5aa2a7784 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272 + https://launchpad.net/ubuntu/+source/jhead/1:3.00-6 + + + + + + + + + + CVE-2018-6644 on Ubuntu 20.04 (focal) - untriaged. + SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-02-08 23:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754493 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6644.html + + + + + + + + + + CVE-2018-6759 on Ubuntu 20.04 (focal) - low. + The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-06 21:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22794 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6759.html + + + + + + + + + + CVE-2018-6799 on Ubuntu 20.04 (focal) - medium. + The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-07 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6799.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3 + + + + + + + + + + CVE-2018-6872 on Ubuntu 20.04 (focal) - low. + The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-09 06:29:00 UTC + Jay Zhang + https://sourceware.org/bugzilla/show_bug.cgi?id=22788 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6872.html + + + + ratliff> without ASAN, does not segfault on trusty nor xenial mdeslaur> code is different in xenial, needs backport + + + + + + + + + CVE-2018-6952 on Ubuntu 20.04 (focal) - negligible. + A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-02-13 19:29:00 UTC + https://savannah.gnu.org/bugs/index.php?53133 + https://savannah.gnu.org/bugs/index.php?56683 (regression) + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6952.html + + + + mdeslaur> The patch for this introduced CVE-2019-20633, and no complete mdeslaur> fix is available from upstream as of 2020-09-16 + + + + + + + + + CVE-2018-7032 on Ubuntu 20.04 (focal) - untriaged. + webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-02-14 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840014 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7032.html + https://bugs.debian.org/840014 + + + + + + + + + + CVE-2018-7033 on Ubuntu 20.04 (focal) - medium. + SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. It was discovered that an SQL injection vulnerability exists in the Slurm. A local attacker could use this to gain elevated privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-15 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893044 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7033.html + https://bugs.schedmd.com/show_bug.cgi?id=4792 (not yet public) + https://github.com/SchedMD/slurm/commit/db468895240ad6817628d07054fe54e71273b2fe + https://github.com/SchedMD/slurm/commit/2f5e924bf6e018dbcef24bcda9683d6b3662f6d4 + + + + + + + + + + CVE-2018-7158 on Ubuntu 20.04 (focal) - low. + The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-17 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7158.html + + + + + + + + + + CVE-2018-7159 on Ubuntu 20.04 (focal) - low. + The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-17 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7159.html + + + + + + + + + + CVE-2018-7160 on Ubuntu 20.04 (focal) - medium. + The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-17 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7160.html + + + + + + + + + + CVE-2018-7167 on Ubuntu 20.04 (focal) - medium. + Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable. It was discovered that the Buffer.fill() and Buffer.alloc() methods improperly handled certain inputs. An attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7167.html + https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#calls-to-buffer-fill-and-or-buffer-alloc-may-hang-cve-2018-7167 + https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/ + + + + + + + + + + CVE-2018-7169 on Ubuntu 20.04 (focal) - low. + An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-15 20:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890557 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7169.html + https://github.com/shadow-maint/shadow/pull/97 + + + + + + + + + + CVE-2018-7170 on Ubuntu 20.04 (focal) - low. + ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-06 20:29:00 UTC + Matt Van Gundy + http://support.ntp.org/bin/view/Main/NtpBug3415 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7170.html + http://www.kb.cert.org/vuls/id/961909 + http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S + + + + + + + + + + CVE-2018-7173 on Ubuntu 20.04 (focal) - low. + A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-15 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7173.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=607 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> poppler has a symHeight > 0x40000000 test, looks unaffected + + + + + + + + + + + + + CVE-2018-7174 on Ubuntu 20.04 (focal) - low. + An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-15 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7174.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=605 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> poppler doesn't have a while in that section of code, doesn't mdeslaur> look affected + + + + + + + + + + + + + CVE-2018-7175 on Ubuntu 20.04 (focal) - low. + An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-15 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7175.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> poppler seems to have a check for nComps == 0, probably not mdeslaur> affected + + + + + + + + + + + + + CVE-2018-7186 on Ubuntu 20.04 (focal) - medium. + Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. It was discovered that Leptonica incorrectly handled input arguments. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-16 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890548 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7186.html + https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a + https://bugs.debian.org/890548 + https://lists.debian.org/debian-lts/2018/02/msg00054.html + + + + + + + + + + CVE-2018-7208 on Ubuntu 20.04 (focal) - low. + In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-18 04:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22741 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7208.html + + + + + + + + + + CVE-2018-7225 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-19 15:29:00 UTC + 2018-02-19 + mdeslaur + https://github.com/LibVNC/libvncserver/issues/218 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894045 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7225.html + http://www.openwall.com/lists/oss-security/2018/02/18/1 + https://ubuntu.com/security/notices/USN-3618-1 + https://ubuntu.com/security/notices/USN-4547-1 + https://ubuntu.com/security/notices/USN-4573-1 + https://ubuntu.com/security/notices/USN-4587-1 + + + + + + + + + + + + + + CVE-2018-7226 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-19 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7226.html + https://github.com/LibVNC/vncterm/issues/6 + http://openwall.com/lists/oss-security/2018/02/18/2 + + + + + + + + + + CVE-2018-7247 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact. It was discovered tha Leptonica incorrectly handled certain image files. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-19 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7247.html + https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f + + + + + + + + + + CVE-2018-7260 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. It was discovered that phpMyAdmin mishandled certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack via a crafted URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-21 15:29:00 UTC + 2018-02-21 15:29:00 UTC + mikesalvatore + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7260.html + https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3 + https://www.phpmyadmin.net/security/PMASA-2018-1/ + https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin/ + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2018-7263 on Ubuntu 20.04 (focal) - medium. + The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-20 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7263.html + https://bugs.debian.org/870608 + https://bugzilla.suse.com/show_bug.cgi?id=1081784 + https://bugzilla.suse.com/show_bug.cgi?id=1082025 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608 + + + + ebarretto> According to SUSE bz#1082025 this is an issue on mpg321 and ebarretto> a duplicate of CVE-2017-11552 + + + + + + + + + CVE-2018-7284 on Ubuntu 20.04 (focal) - medium. + A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-22 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7284.html + http://downloads.asterisk.org/pub/security/AST-2018-004.html + + + + + + + + + + CVE-2018-7286 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-22 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7286.html + http://downloads.asterisk.org/pub/security/AST-2018-005.html + https://issues.asterisk.org/jira/browse/ASTERISK-27618 + + + + + + + + + + CVE-2018-7409 on Ubuntu 20.04 (focal) - low. + In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-22 18:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891596 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7409.html + http://www.unixodbc.org/unixODBC-2.3.5.tar.gz + https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.5/ChangeLog/download + + + + + + + + + + CVE-2018-7440 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-23 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7440.html + https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212 + https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b + + + + + + + + + + CVE-2018-7441 on Ubuntu 20.04 (focal) - low. + Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-23 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7441.html + https://lists.debian.org/debian-lts/2018/02/msg00054.html + + + + ebarretto> Neutralised by kernel hardening ebarretto> https://lists.debian.org/debian-lts/2018/02/msg00054.html + + + + + + + + + CVE-2018-7442 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-23 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7442.html + https://lists.debian.org/debian-lts/2018/02/msg00086.html + + + + + + + + + + CVE-2018-7452 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-24 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7452.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> code in poppler seems to have check + + + + + + + + + + + + + CVE-2018-7453 on Ubuntu 20.04 (focal) - low. + Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-24 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7453.html + https://forum.xpdfreader.com/viewtopic.php?p=814#p814 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> code isn't in poppler + + + + + + + + + + + + + CVE-2018-7454 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-24 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7454.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> code isn't in poppler + + + + + + + + + + + + + CVE-2018-7455 on Ubuntu 20.04 (focal) - low. + An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-24 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7455.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> code is different in poppler, doesn't look vulnerable + + + + + + + + + + + + + CVE-2018-7489 on Ubuntu 20.04 (focal) - high. + FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2018 Canonical Ltd. + 2018-02-26 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7489.html + https://github.com/FasterXML/jackson-databind/issues/1931 + https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2 + + + + + + + + + + CVE-2018-7540 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-27 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7540.html + https://xenbits.xen.org/xsa/advisory-252.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-7541 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-27 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7541.html + https://xenbits.xen.org/xsa/advisory-255.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-7542 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-27 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7542.html + https://xenbits.xen.org/xsa/advisory-256.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2018-7568 on Ubuntu 20.04 (focal) - low. + The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-28 21:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22894 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7568.html + + + + + + + + + + CVE-2018-7569 on Ubuntu 20.04 (focal) - low. + dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-28 21:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22895 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7569.html + + + + + + + + + + CVE-2018-7570 on Ubuntu 20.04 (focal) - low. + The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-28 21:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22881 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7570.html + + + + + + + + + + CVE-2018-7587 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 22:29:00 UTC + 2018-03-01 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7587.html + https://github.com/xiaoqx/pocs/tree/master/cimg + https://ubuntu.com/security/notices/USN-4039-1 + + + + msalvatore> no patch available as of 2019-06-05 + + + + + + + + + CVE-2018-7588 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 22:29:00 UTC + 2018-03-01 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7588.html + https://github.com/dtschump/CImg/issues/183 + https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4 + https://github.com/xiaoqx/pocs/tree/master/cimg + https://ubuntu.com/security/notices/USN-4039-1 + + + + + + + + + + CVE-2018-7589 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 22:29:00 UTC + 2018-03-01 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7589.html + https://github.com/dtschump/CImg/issues/184 + https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4 + https://github.com/xiaoqx/pocs/tree/master/cimg + https://ubuntu.com/security/notices/USN-4039-1 + + + + + + + + + + CVE-2018-7637 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-02 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7637.html + https://github.com/dtschump/CImg/issues/185 + https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb + + + + + + + + + + CVE-2018-7638 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-02 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7638.html + https://github.com/dtschump/CImg/issues/185 + https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb + + + + + + + + + + CVE-2018-7639 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-02 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7639.html + https://github.com/dtschump/CImg/issues/185 + https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb + + + + + + + + + + CVE-2018-7640 on Ubuntu 20.04 (focal) - low. + An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-02 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7640.html + https://github.com/dtschump/CImg/issues/185 + https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb + + + + + + + + + + CVE-2018-7641 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-02 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7641.html + https://github.com/dtschump/CImg/issues/185 + https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb + + + + + + + + + + CVE-2018-7642 on Ubuntu 20.04 (focal) - low. + The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-02 15:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22887 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7642.html + + + + + + + + + + CVE-2018-7643 on Ubuntu 20.04 (focal) - low. + The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-02 15:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22905 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7643.html + + + + + + + + + + CVE-2018-7644 on Ubuntu 20.04 (focal) - medium. + The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-05 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7644.html + https://simplesamlphp.org/security/201802-01 + + + + + + + + + + CVE-2018-7651 on Ubuntu 20.04 (focal) - low. + index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-04 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891980 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7651.html + https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d + https://github.com/zkat/ssri/issues/10 + https://nodesecurity.io/advisories/565 + + + + + + + + + + CVE-2018-7667 on Ubuntu 20.04 (focal) - medium. + Adminer through 4.3.1 has SSRF via the server parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-05 07:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7667.html + http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt + + + + ratliff> fake-sync from Debian for Trusty included only one of the two patches ratliff> the rate limiting patch was not included, so I'm leaving this CVE open + + + + + + + + + CVE-2018-7685 on Ubuntu 20.04 (focal) - medium. + The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-31 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7685.html + https://bugzilla.suse.com/show_bug.cgi?id=1091624 + http://lists.suse.com/pipermail/sle-security-updates/2018-August/004510.html + https://www.suse.com/de-de/security/cve/CVE-2018-7685/ + + + + + + + + + + CVE-2018-7711 on Ubuntu 20.04 (focal) - medium. + HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-05 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7711.html + https://simplesamlphp.org/security/201803-01 + https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d + + + + + + + + + + CVE-2018-7727 on Ubuntu 20.04 (focal) - low. + An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-06 17:29:00 UTC + https://github.com/gdraheim/zziplib/issues/40 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7727.html + + + + + + + + + + CVE-2018-7749 on Ubuntu 20.04 (focal) - high. + The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step. Matthijs Kooijman discovered that AsyncSSH server did not properly handle authentication under certain conditions. An attacker with a specially crafted client could use this vulnerability to skip authentication of SSH sessions. + + Ubuntu 20.04 + + + + High + Copyright (C) 2018 Canonical Ltd. + 2018-03-12 19:29:00 UTC + Matthijs Kooijman + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892787 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7749.html + https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a + https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4 + + + + + + + + + + CVE-2018-7751 on Ubuntu 20.04 (focal) - medium. + The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7751.html + https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f + + + + + + + + + + + + + + + CVE-2018-7752 on Ubuntu 20.04 (focal) - medium. + GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-07 23:29:00 UTC + 2018-03-07 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892526 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7752.html + https://github.com/gpac/gpac/issues/997 + https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4 + https://ubuntu.com/security/notices/USN-3926-1 + + + + + + + + + + CVE-2018-7753 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-03-07 23:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892252 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7753.html + https://github.com/mozilla/bleach/pull/356 + https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef + https://bugs.debian.org/892252 + https://github.com/mozilla/bleach/releases/tag/v2.1.3 + + + + + + + + + + CVE-2018-7889 on Ubuntu 20.04 (focal) - medium. + gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-08 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7889.html + https://bugs.launchpad.net/calibre/+bug/1753870 + https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d + + + + + + + + + + CVE-2018-7998 on Ubuntu 20.04 (focal) - medium. + In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-09 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892589 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7998.html + https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5 + https://github.com/jcupitt/libvips/issues/893 + + + + + + + + + + CVE-2018-7999 on Ubuntu 20.04 (focal) - low. + In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-09 19:29:00 UTC + https://github.com/silnrsi/graphite/issues/22 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892590 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7999.html + + + + + + + + + + CVE-2018-8000 on Ubuntu 20.04 (focal) - untriaged. + In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Remote attackers could leverage this vulnerability to cause a denial-of-service or potentially execute arbitrary code via a crafted pdf file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-03-09 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892520 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8000.html + https://bugzilla.redhat.com/show_bug.cgi?id=1548918 + + + + + + + + + + CVE-2018-8001 on Ubuntu 20.04 (focal) - medium. + In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-09 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892556 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8001.html + https://bugzilla.redhat.com/show_bug.cgi?id=1549469 + + + + + + + + + + CVE-2018-8002 on Ubuntu 20.04 (focal) - medium. + In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-09 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892557 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8002.html + https://bugzilla.redhat.com/show_bug.cgi?id=1548930 + + + + + + + + + + CVE-2018-8004 on Ubuntu 20.04 (focal) - medium. + There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-29 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8004.html + http://www.openwall.com/lists/oss-security/2018/08/29/5 + https://github.com/apache/trafficserver/pull/3192 + https://github.com/apache/trafficserver/pull/3201 + https://github.com/apache/trafficserver/pull/3231 + https://github.com/apache/trafficserver/pull/3251 + https://github.com/apache/trafficserver/commit/05d734c773900dd589480ff07572c0d7db7c3d44 + https://github.com/apache/trafficserver/commit/9659d12a21cf1870c2790fdd5acab712ed87f16e + https://github.com/apache/trafficserver/commit/2616e580de7d66b9098c464d503a049c7814e35a + https://github.com/apache/trafficserver/commit/3d2fdab8b0606bc8b35006f7aeb73729d364b333 + + + + + + + + + + CVE-2018-8005 on Ubuntu 20.04 (focal) - medium. + When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-29 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8005.html + http://www.openwall.com/lists/oss-security/2018/08/29/4 + https://github.com/apache/trafficserver/pull/3106 + https://github.com/apache/trafficserver/pull/3124 + https://github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4 + + + + + + + + + + CVE-2018-8006 on Ubuntu 20.04 (focal) - negligible. + An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-10-10 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8006.html + https://issues.apache.org/jira/browse/AMQ-6954 + + + + sbeattie> admin console not enabled in packaging + + + + + + + + + CVE-2018-8013 on Ubuntu 20.04 (focal) - medium. + In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-24 16:29:00 UTC + 2018-05-23 + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899374 + https://issues.apache.org/jira/browse/BATIK-1222 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8013.html + https://ubuntu.com/security/notices/USN-3661-1 + + + + + + + + + + CVE-2018-8017 on Ubuntu 20.04 (focal) - low. + In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-09-19 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8017.html + https://www.openwall.com/lists/oss-security/2018/09/19/6 + https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E + + + + + + + + + + CVE-2018-8019 on Ubuntu 20.04 (focal) - medium. + When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-31 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8019.html + https://svn.apache.org/r1832832 + http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E + + + + + + + + + + CVE-2018-8020 on Ubuntu 20.04 (focal) - medium. + Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-31 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8020.html + https://svn.apache.org/r1832863 + http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721101944.GA45239@minotaur.apache.org%3E + + + + + + + + + + CVE-2018-8032 on Ubuntu 20.04 (focal) - medium. + Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-02 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905328 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8032.html + https://issues.apache.org/jira/browse/AXIS-2924 + https://svn.apache.org/r1831943 + http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E + + + + + + + + + + CVE-2018-8035 on Ubuntu 20.04 (focal) - medium. + This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-01 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8035.html + https://uima.apache.org/security_report + + + + + + + + + + CVE-2018-8036 on Ubuntu 20.04 (focal) - low. + In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-03 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902776 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8036.html + http://www.openwall.com/lists/oss-security/2018/06/29/2 + https://lists.apache.org/thread.html/9f62f742fd4fcd81654a9533b8a71349b064250840592bcd502dcfb6@%3Cusers.pdfbox.apache.org%3E + + + + + + + + + + + + + CVE-2018-8040 on Ubuntu 20.04 (focal) - medium. + Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-29 13:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8040.html + http://www.openwall.com/lists/oss-security/2018/08/29/2 + https://github.com/apache/trafficserver/pull/3926 + https://github.com/apache/trafficserver/commit/cea07c03274807c1588dbdf03baa1537d958c92f + + + + + + + + + + CVE-2018-8050 on Ubuntu 20.04 (focal) - untriaged. + The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-03-11 06:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892599 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8050.html + https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c + + + + + + + + + + CVE-2018-8098 on Ubuntu 20.04 (focal) - low. + Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892961 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8098.html + https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1 + https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0 + https://libgit2.github.com/security/ + + + + msalvatore> Downgrading to low: "As the index is never transferred via the network, exploitation requires an attacker to have access to the local repository." + + + + + + + + + CVE-2018-8099 on Ubuntu 20.04 (focal) - low. + Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892962 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8099.html + https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe + https://libgit2.github.com/security/ + + + + msalvatore> Downgrading to low: "As the index is never transferred via the network, exploitation requires an attacker to have access to the local repository." + + + + + + + + + CVE-2018-8100 on Ubuntu 20.04 (focal) - medium. + The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8100.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 + https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> code is different in poppler, doesn't look vulnerable + + + + + + + + + + + + + CVE-2018-8101 on Ubuntu 20.04 (focal) - medium. + The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8101.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 + https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler + + + + + + + + + + + + + CVE-2018-8102 on Ubuntu 20.04 (focal) - medium. + The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8102.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 + https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler + + + + + + + + + + + + + CVE-2018-8103 on Ubuntu 20.04 (focal) - medium. + The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8103.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 + https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler + + + + + + + + + + + + + CVE-2018-8104 on Ubuntu 20.04 (focal) - medium. + The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8104.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 + https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler + + + + + + + + + + + + + CVE-2018-8105 on Ubuntu 20.04 (focal) - medium. + The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8105.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 + https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler + + + + + + + + + + + + + CVE-2018-8106 on Ubuntu 20.04 (focal) - medium. + The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8106.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 + https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler + + + + + + + + + + + + + CVE-2018-8107 on Ubuntu 20.04 (focal) - medium. + The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-14 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8107.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819 + https://forum.xpdfreader.com/viewtopic.php?f=3&t=652 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler + + + + + + + + + + + + + CVE-2018-8416 on Ubuntu 20.04 (focal) - low. + A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-14 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8416.html + http://www.securitytracker.com/id/1042128 + https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416 + https://github.com/dotnet/corefx/pull/32127 + + + + mdeslaur> similar code exists in mono, need to see if affected + + + + + + + + + CVE-2018-8754 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-18 03:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893431 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8754.html + https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734 + + + + + + + + + + CVE-2018-8763 on Ubuntu 20.04 (focal) - medium. + Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-27 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8763.html + https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302 + https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c + https://github.com/LDAPAccountManager/lam/commit/d4f0d6db966af4dd7d83c978125635f03895b81a + https://www.ldap-account-manager.org/lamcms/node/354 + + + + + + + + + + CVE-2018-8764 on Ubuntu 20.04 (focal) - medium. + Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-27 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8764.html + https://www.ldap-account-manager.org/lamcms/node/354 + https://github.com/LDAPAccountManager/lam/commit/993751c7ff0faa07b7c028295152cf9c20349688 + + + + + + + + + + CVE-2018-8768 on Ubuntu 20.04 (focal) - medium. + In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-18 06:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893436 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8768.html + http://www.openwall.com/lists/oss-security/2018/03/15/2 + http://openwall.com/lists/oss-security/2018/03/15/2 + https://github.com/jupyter/notebook/commit/4e79ebb49acac722b37b03f1fe811e67590d3831 + + + + + + + + + + CVE-2018-8791 on Ubuntu 20.04 (focal) - low. + rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8791.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-8792 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8792.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-8793 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8793.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-8794 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8794.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-8795 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8795.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-8796 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8796.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-8797 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8797.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-8798 on Ubuntu 20.04 (focal) - low. + rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8798.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-8799 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8799.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-8800 on Ubuntu 20.04 (focal) - medium. + rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8800.html + https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) + + + + + + + + + + CVE-2018-8808 on Ubuntu 20.04 (focal) - untriaged. + In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-03-20 05:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8808.html + https://github.com/radare/radare2/issues/9725 + + + + + + + + + + CVE-2018-8809 on Ubuntu 20.04 (focal) - untriaged. + In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-03-20 05:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8809.html + https://github.com/radare/radare2/issues/9726 + + + + + + + + + + CVE-2018-8810 on Ubuntu 20.04 (focal) - untriaged. + In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-03-20 05:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8810.html + https://github.com/radare/radare2/issues/9727 + + + + + + + + + + CVE-2018-8831 on Ubuntu 20.04 (focal) - untriaged. + A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-18 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8831.html + http://seclists.org/fulldisclosure/2018/Apr/36 + https://trac.kodi.tv/ticket/17814 + + + + + + + + + + CVE-2018-8882 on Ubuntu 20.04 (focal) - negligible. + Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-03-20 23:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392445 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894846 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8882.html + + + + + + + + + + CVE-2018-8883 on Ubuntu 20.04 (focal) - low. + Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-20 23:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392447 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894847 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8883.html + + + + mdeslaur> same fix as CVE-2018-16382 + + + + + + + + + CVE-2018-8945 on Ubuntu 20.04 (focal) - low. + The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-22 21:29:00 UTC + 2018-03-22 21:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22809 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8945.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2018-8956 on Ubuntu 20.04 (focal) - low. + ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-06 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8956.html + http://www.ntp.org/ + https://arxiv.org/abs/2005.01783 + https://nikhiltripathi.in/NTP_attack.pdf + https://tools.ietf.org/html/rfc5905 + + + + + + + + + + CVE-2018-9018 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-25 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9018.html + https://sourceforge.net/p/graphicsmagick/bugs/554/ + + + + + + + + + + CVE-2018-9058 on Ubuntu 20.04 (focal) - medium. + In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-27 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9058.html + https://github.com/ckolivas/lrzip/issues/93 + + + + + + + + + + CVE-2018-9127 on Ubuntu 20.04 (focal) - untriaged. + Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-02 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894648 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9127.html + https://botan.randombit.net/security.html + + + + + + + + + + CVE-2018-9138 on Ubuntu 20.04 (focal) - low. + An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-30 08:29:00 UTC + 2018-03-30 08:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23008 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9138.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + mdeslaur> same libiberty commit as CVE-2018-12641 + + + + + + + + + CVE-2018-9240 on Ubuntu 20.04 (focal) - medium. + ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-03 22:29:00 UTC + 2018-04-03 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894724 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9240.html + https://bugs.debian.org/894724 + https://ubuntu.com/security/notices/USN-4507-1 + + + + + + + + + + CVE-2018-9246 on Ubuntu 20.04 (focal) - medium. + The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-08 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900942 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9246.html + + + + + + + + + + CVE-2018-9275 on Ubuntu 20.04 (focal) - untriaged. + In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-04 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9275.html + https://bugzilla.opensuse.org/show_bug.cgi?id=1088027 + https://github.com/Yubico/yubico-pam/issues/136 + https://github.com/Yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba + + + + + + + + + + CVE-2018-9536 on Ubuntu 20.04 (focal) - untriaged. + In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184 + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-11-14 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9536.html + https://source.android.com/security/bulletin/2018-11-01 + + + + + + + + + + CVE-2018-9543 on Ubuntu 20.04 (focal) - untriaged. + In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112868088. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-11-14 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9543.html + https://source.android.com/security/bulletin/2018-11-01 + + + + + + + + + + CVE-2018-9838 on Ubuntu 20.04 (focal) - low. + The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. It was discovered that OCaml mishandled crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-06 18:29:00 UTC + https://caml.inria.fr/mantis/view.php?id=7765 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895472 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9838.html + + + + msalvatore> binaries built with ocamlopt will need to be rebuilt after a system upgrade + + + + + + + + + CVE-2018-9846 on Ubuntu 20.04 (focal) - medium. + In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-07 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895184 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9846.html + https://github.com/roundcube/roundcubemail/issues/6238 + https://github.com/roundcube/roundcubemail/commit/e3dd5b66d236867572e68fcb80281e9268a0cfb0 (release-1.3) + https://github.com/roundcube/roundcubemail/issues/6229 + https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a + + + + + + + + + + CVE-2018-9860 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-12 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9860.html + https://github.com/randombit/botan/commit/ec222c99719c396a1f4756b2ca345dbbfbeb5ed5 + + + + + + + + + + CVE-2018-9861 on Ubuntu 20.04 (focal) - untriaged. + Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-04-19 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9861.html + https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md + https://www.drupal.org/sa-core-2018-003 + + + + + + + + + + CVE-2018-9988 on Ubuntu 20.04 (focal) - low. + ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-10 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9988.html + https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1 + https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215 + https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released + + + + + + + + + + CVE-2018-9989 on Ubuntu 20.04 (focal) - low. + ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-10 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-9989.html + https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e + https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e + https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released + + + + + + + + + + CVE-2019-0053 on Ubuntu 20.04 (focal) - medium. + Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-11 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945861 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0053.html + https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc + https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt + https://www.openwall.com/lists/oss-security/2018/12/14/8 + + + + + + + + + + CVE-2019-0146 on Ubuntu 20.04 (focal) - low. + Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0146.html + https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html + https://lore.kernel.org/stable/20200807205517.1740307-1-jesse.brandeburg@intel.com/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-0149 on Ubuntu 20.04 (focal) - medium. + Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0149.html + https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html + + + + sbeattie| *possibly* the same issue/fix as CVE-2019-0147; upstream claims it's all fixed by the same patch series. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-0160 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0160.html + + + + + + + + + + CVE-2019-0161 on Ubuntu 20.04 (focal) - medium. + Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 20:29:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=973 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0161.html + https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html + + + + + + + + + + CVE-2019-0187 on Ubuntu 20.04 (focal) - medium. + Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-06 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0187.html + https://bz.apache.org/bugzilla/show_bug.cgi?id=62743 + http://mail-archives.apache.org/mod_mbox/jmeter-user/201903.mbox/%3CCAH9fUpaUQaFbgY1Zh4OvKSL4wdvGAmVt%2Bn4fegibDoAxK5XARw%40mail.gmail.com%3E + + + + + + + + + + CVE-2019-0192 on Ubuntu 20.04 (focal) - medium. + In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-07 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0192.html + http://mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3E + + + + + + + + + + CVE-2019-0193 on Ubuntu 20.04 (focal) - low. + In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-01 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0193.html + https://issues.apache.org/jira/browse/SOLR-13669 + + + + + + + + + + CVE-2019-0201 on Ubuntu 20.04 (focal) - low. + An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-23 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929283 + https://issues.apache.org/jira/browse/ZOOKEEPER-1392 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0201.html + https://issues.apache.org/jira/browse/ZOOKEEPER-1392 + + + + + + + + + + CVE-2019-0203 on Ubuntu 20.04 (focal) - medium. + In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-26 16:15:00 UTC + 2019-07-31 12:00:00 UTC + Tomas Bortoli + 2019-07-31 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0203.html + https://subversion.apache.org/security/CVE-2019-0203-advisory.txt + https://ubuntu.com/security/notices/USN-4082-2 + https://ubuntu.com/security/notices/USN-4082-1 + + + + + + + + + + CVE-2019-0221 on Ubuntu 20.04 (focal) - low. + The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-28 22:29:00 UTC + 2019-05-28 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0221.html + https://mail-archives.apache.org/mod_mbox/www-announce/201905.mbox/%3Cb1905aa6-f340-8d0b-58c4-8ac3ebcbfa54@apache.org%3E + https://ubuntu.com/security/notices/USN-4128-1 + https://ubuntu.com/security/notices/USN-4128-2 + + + + mdeslaur> from upstream advisory: "The printenv command is intended for" mdeslaur> "debugging and is unlikely to be present in a production" mdeslaur> "website." + + + + + + + + + CVE-2019-0222 on Ubuntu 20.04 (focal) - medium. + In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-28 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925964 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0222.html + http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt + http://www.openwall.com/lists/oss-security/2019/03/27/2 + https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E + https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E + https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485@%3Cdev.activemq.apache.org%3E + https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488@%3Cusers.activemq.apache.org%3E + https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E + https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa@%3Ccommits.activemq.apache.org%3E + https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E + + + + sbeattie> precise and trusty may not have MQTT enabled, and thus not be affected + + + + + + + + + CVE-2019-0223 on Ubuntu 20.04 (focal) - medium. + While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0223.html + https://issues.apache.org/jira/browse/PROTON-2014 + https://qpid.apache.org/cves/CVE-2019-0223.html + https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=97c7733 + https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=159fac1 + https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=4aea0fd + https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=2d3ba8a + http://www.openwall.com/lists/oss-security/2019/04/23/4 + https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel + https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E + https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E + https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E + https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E + https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E + + + + + + + + + + CVE-2019-0227 on Ubuntu 20.04 (focal) - low. + A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-01 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0227.html + https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/ + + + + ebarretto> StockQuoteService.jws not present in Debian binary packages + + + + + + + + + CVE-2019-1000021 on Ubuntu 20.04 (focal) - medium. + slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1000021.html + https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416 + https://xmpp.org/extensions/xep-0223.html#howitworks + + + + + + + + + + CVE-2019-10013 on Ubuntu 20.04 (focal) - medium. + The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result of get_asn1_length() is not checked for a minimum or maximum size. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953326 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10013.html + + + + + + + + + + CVE-2019-10018 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 00:29:00 UTC + 2019-03-24 + mdeslaur + https://bugs.freedesktop.org/show_bug.cgi?id=101500 (poppler) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10018.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 + https://ubuntu.com/security/notices/USN-4042-1 + + + + jdstrand> xpdf in koffice is 2.0 pfsmorigo> since there is not public repository, just a tarball, I analised pfsmorigo> the file in question (Function.cc) with the affected version and pfsmorigo> they seems the same + + + + + + + + + CVE-2019-10019 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 00:29:00 UTC + 2019-03-24 + mdeslaur + https://bugs.freedesktop.org/show_bug.cgi?id=85276 (poppler) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10019.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275 + https://ubuntu.com/security/notices/USN-4042-1 + + + + jdstrand> xpdf in koffice is 2.0 pfsmorigo> since there is not public repository, just a tarball, I analised pfsmorigo> the file in question (PSOutputDev.cc) with the affected version pfsmorigo> and they seems the same + + + + + + + + + CVE-2019-10020 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 00:29:00 UTC + https://bugs.freedesktop.org/show_bug.cgi?id=102719 (poppler) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10020.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 + + + + jdstrand> xpdf in koffice is 2.0 pfsmorigo> since there is not public repository, just a tarball, I analised pfsmorigo> the file in question (Function.cc) with the affected version and pfsmorigo> they seems the same mdeslaur> mdeslaur> in poppler, this was known as CVE-2017-14520 + + + + + + + + + CVE-2019-10021 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 00:29:00 UTC + 2019-03-24 + mdeslaur + https://bugs.freedesktop.org/show_bug.cgi?id=101526 (poppler) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10021.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 + https://ubuntu.com/security/notices/USN-4042-1 + + + + jdstrand> xpdf in koffice is 2.0 pfsmorigo> since there is not public repository, just a tarball, I analised pfsmorigo> the file in question (Stream.cc) with the affected version and pfsmorigo> they seems the same + + + + + + + + + CVE-2019-1002100 on Ubuntu 20.04 (focal) - medium. + In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch consumes excessive resources while processing, causing a Denial of Service on the API Server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-01 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923686 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1002100.html + https://github.com/kubernetes/kubernetes/issues/74534 + https://github.com/kubernetes/kubernetes/pull/74000 + + + + + + + + + + CVE-2019-1002101 on Ubuntu 20.04 (focal) - medium. + The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-01 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1002101.html + https://github.com/kubernetes/kubernetes/pull/75037 + + + + + + + + + + CVE-2019-10022 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10022.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41273 + + + + jdstrand> xpdf in koffice is 2.0 pfsmorigo> since there is not public repository, just a tarball, I analised pfsmorigo> the file in question (Gfx.cc) with the affected version and pfsmorigo> they seems the same mdeslaur> couldn't reproduce in poppler + + + + + + + + + CVE-2019-10023 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 00:29:00 UTC + 2019-03-24 + mdeslaur + https://bugs.freedesktop.org/show_bug.cgi?id=101500 (poppler) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10023.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 + https://ubuntu.com/security/notices/USN-4042-1 + + + + jdstrand> xpdf in koffice is 2.0 pfsmorigo> since there is not public repository, just a tarball, I analised pfsmorigo> the file in question (Function.cc) with the affected version and pfsmorigo> they seems the same mdeslaur> same commit as CVE-2019-10018 + + + + + + + + + CVE-2019-10024 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 00:29:00 UTC + https://bugs.freedesktop.org/show_bug.cgi?id=102719 (poppler) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10024.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 + + + + jdstrand> xpdf in koffice is 2.0 pfsmorigo> since there is not public repository, just a tarball, I analised pfsmorigo> the file in question (Splash.cc) with the affected version and pfsmorigo> they seems the same mdeslaur> mdeslaur> in poppler, this was known as CVE-2017-14520 + + + + + + + + + CVE-2019-10025 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10025.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 + + + + jdstrand> xpdf in koffice is 2.0 pfsmorigo> since there is not public repository, just a tarball, I analised pfsmorigo> the file in question (Stream.cc) with the affected version and pfsmorigo> they seems the same + + + + + + + + + CVE-2019-10026 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10026.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> couldn't reproduce in poppler ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-10044 on Ubuntu 20.04 (focal) - medium. + Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927711 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10044.html + https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt + + + + + + + + + + CVE-2019-10064 on Ubuntu 20.04 (focal) - low. + hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-28 15:15:00 UTC + Nicolas Massaviol and Jonathan Brossard + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10064.html + https://www.openwall.com/lists/oss-security/2020/02/27/1 + https://www.openwall.com/lists/oss-security/2020/02/27/2 + + + + + + + + + + CVE-2019-10065 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10065.html + https://otrs.com/release-notes/otrs-security-advisory-2019-07/ + https://community.otrs.com/category/release-and-security-notes-en/ + + + + + + + + + + CVE-2019-10066 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-22 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10066.html + https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2019-10067 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-22 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10067.html + https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2019-10069 on Ubuntu 20.04 (focal) - medium. + In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-31 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10069.html + https://github.com/godotengine/godot/pull/27398 + https://godotengine.org/news + + + + + + + + + + CVE-2019-10079 on Ubuntu 20.04 (focal) - medium. + Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-22 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10079.html + https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E + + + + + + + + + + CVE-2019-10086 on Ubuntu 20.04 (focal) - medium. + In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could use this vulnerability to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-20 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10086.html + https://issues.apache.org/jira/browse/BEANUTILS-520 + https://github.com/apache/commons-beanutils/pull/7 + https://github.com/apache/commons-beanutils/commit/dd48f4e589462a8cdb1f29bbbccb35d6b0291d58 + + + + + + + + + + CVE-2019-10092 on Ubuntu 20.04 (focal) - low. + In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-26 16:15:00 UTC + 2019-08-14 + Matei "Mal" Badanoiu + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10092.html + https://www.openwall.com/lists/oss-security/2019/08/15/4 + https://ubuntu.com/security/notices/USN-4113-1 + + + + sbeattie> all 2.4.x up to 2.4.41 sbeattie> first two upstream patches are hardening + + + + + + + + + CVE-2019-10098 on Ubuntu 20.04 (focal) - low. + In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-25 17:15:00 UTC + 2019-08-14 + Yukitsugu Sasaki + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10098.html + https://www.openwall.com/lists/oss-security/2019/08/15/6 + https://ubuntu.com/security/notices/USN-4113-1 + + + + sbeattie> MITIGTION: Anchor captures used as back-references, prefix self-referential redirects with / or scheme, host, and port. sbeattie> all 2.4.x up to 2.4.41 + + + + + + + + + CVE-2019-1010006 on Ubuntu 20.04 (focal) - medium. + Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-15 02:15:00 UTC + 2019-07-14 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010006.html + https://bugzilla.gnome.org/show_bug.cgi?id=788980 + https://gitlab.gnome.org/GNOME/evince/commit/e6ed0d4cdb6326e329c8f61f9cc19ff9331cb0ce (3.27.91) + https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 (3.27.91) + http://bugzilla.maptools.org/show_bug.cgi?id=2745 + https://ubuntu.com/security/notices/USN-4067-1 + + + + + + + + + + CVE-2019-1010017 on Ubuntu 20.04 (focal) - medium. + libnmap < v0.6.3 is affected by: XML Injection. The impact is: Denial of service (DoS) by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-15 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010017.html + https://github.com/savon-noir/python-libnmap/issues/87 + + + + + + + + + + CVE-2019-1010043 on Ubuntu 20.04 (focal) - negligible. + Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-07-16 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010043.html + https://github.com/ec-/Quake3e/issues/9 + https://github.com/ec-/Quake3e/commit/fea3c4144c7b325634cdf638d1582c772a2db3bd + + + + ebarretto> According to Debian: No security impact + + + + + + + + + CVE-2019-1010057 on Ubuntu 20.04 (focal) - medium. + nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-16 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010057.html + https://github.com/phaag/nfdump/issues/104 + https://github.com/phaag/nfdump/commit/9f0fe9563366f62a71d34c92229da3432ec5cf0e + + + + + + + + + + CVE-2019-1010065 on Ubuntu 20.04 (focal) - medium. + The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-18 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010065.html + https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b + https://issuetracker.google.com/issues/77809383 + + + + + + + + + + CVE-2019-1010091 on Ubuntu 20.04 (focal) - medium. + tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-17 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010091.html + https://github.com/tinymce/tinymce/issues/4394 + + + + + + + + + + CVE-2019-1010127 on Ubuntu 20.04 (focal) - medium. + VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file. It was discovered that VCFtools improperly handled memory allocation/deallocation, resulting in a use-after-free vulnerability. If a victim were tricked into opening a specially crafted VCF File, an attacker could cause VCFtools to leak sensitive information or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-25 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010127.html + https://docs.google.com/document/d/e/2PACX-1vQJveVcGMp_NMdBY5Je2K2k63RoCYznvKjJk5u1wJRmLotvwQkG5qiqZjpABcOkjzj49wkwGweiFwrc/pub + + + + + + + + + + CVE-2019-1010174 on Ubuntu 20.04 (focal) - medium. + CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-25 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010174.html + https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146 (v.2.3.4) + https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146 + + + + + + + + + + CVE-2019-1010180 on Ubuntu 20.04 (focal) - low. + GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-24 13:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23657 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010180.html + + + + leosilva> the patch only prints a warning about the issue, it does not leosilva> fix it. + + + + + + + + + CVE-2019-1010189 on Ubuntu 20.04 (focal) - low. + mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-24 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010189.html + https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/ + + + + + + + + + + CVE-2019-1010190 on Ubuntu 20.04 (focal) - low. + mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-24 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010190.html + https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/ + + + + + + + + + + CVE-2019-1010204 on Ubuntu 20.04 (focal) - low. + GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=23765 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010204.html + + + + mdeslaur> as of 2021-02-26, proposed patch not committed + + + + + + + + + CVE-2019-1010263 on Ubuntu 20.04 (focal) - untriaged. + Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-17 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010263.html + https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c + https://www.openwall.com/lists/oss-security/2018/09/07/1 + + + + + + + + + + CVE-2019-1010275 on Ubuntu 20.04 (focal) - untriaged. + helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50). The attack vector is: A malicious client could connect to the server over the network. The fixed version is: 2.7.2. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-17 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010275.html + https://github.com/helm/helm/pull/3152 + https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50 + https://github.com/helm/helm/releases/tag/v2.7.2 + + + + + + + + + + CVE-2019-1010301 on Ubuntu 20.04 (focal) - low. + jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. It was discovered that jhead did not properly handle certain crafted input. If a user were tricked into opening a malicious JPEG file, a remote attacker could cause jhead to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010301.html + https://bugzilla.redhat.com/show_bug.cgi?id=1679952 + + + + + + + + + + CVE-2019-1010302 on Ubuntu 20.04 (focal) - low. + jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. It was discovered that jhead did not properly handle certain crafted input. If a user were tricked into opening a malicious JPEG file, a remote attacker could cause jhead to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010302.html + https://bugzilla.redhat.com/show_bug.cgi?id=1679978 + + + + + + + + + + CVE-2019-10141 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-30 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10141.html + https://review.opendev.org/#/c/660234/ + https://bugzilla.redhat.com/show_bug.cgi?id=1711722 + + + + + + + + + + CVE-2019-10143 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-24 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929466 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10143.html + https://github.com/FreeRADIUS/freeradius-server/pull/2666 + + + + leosilva> following the discussion from upstream..this issue leosilva> doesn't seems to be a security one. For now leosilva> moving it to low priority. + + + + + + + + + CVE-2019-10144 on Ubuntu 20.04 (focal) - medium. + rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are given all capabilities during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-03 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929781 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10144.html + https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/ + https://github.com/rkt/rkt/issues/3998 + + + + + + + + + + CVE-2019-10145 on Ubuntu 20.04 (focal) - medium. + rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` do not have seccomp filtering during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-03 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929781 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10145.html + https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/ + https://github.com/rkt/rkt/issues/3998 + + + + + + + + + + CVE-2019-10146 on Ubuntu 20.04 (focal) - low. + A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-18 15:15:00 UTC + Pritam Singh + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10146.html + https://bugzilla.redhat.com/show_bug.cgi?id=1710171 + + + + + + + + + + CVE-2019-10147 on Ubuntu 20.04 (focal) - medium. + rkt through version 1.30.0 does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-03 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929781 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10147.html + https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/ + https://github.com/rkt/rkt/issues/3998 + + + + + + + + + + CVE-2019-10155 on Ubuntu 20.04 (focal) - low. + The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-12 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930338 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10155.html + https://libreswan.org/security/CVE-2019-10155/ + + + + + + + + + + CVE-2019-10160 on Ubuntu 20.04 (focal) - medium. + A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-07 18:29:00 UTC + 2019-06-07 + mdeslaur + https://bugs.python.org/issue36742 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10160.html + https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html + https://ubuntu.com/security/notices/USN-4127-1 + https://ubuntu.com/security/notices/USN-4127-2 + + + + + + + + + + CVE-2019-10162 on Ubuntu 20.04 (focal) - medium. + A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-30 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10162.html + https://www.openwall.com/lists/oss-security/2019/06/21/5 + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html + + + + + + + + + + CVE-2019-10163 on Ubuntu 20.04 (focal) - medium. + A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-30 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10163.html + https://www.openwall.com/lists/oss-security/2019/06/21/5 + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html + + + + + + + + + + CVE-2019-10172 on Ubuntu 20.04 (focal) - medium. + A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 17:15:00 UTC + 2019-11-18 17:15:00 UTC + pfsmorigo + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10172.html + https://bugzilla.redhat.com/show_bug.cgi?id=1715075 + https://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja/38017721 + https://github.com/FasterXML/jackson-1/pull/1 + https://ubuntu.com/security/notices/USN-4741-1 + + + + + + + + + + CVE-2019-10178 on Ubuntu 20.04 (focal) - low. + It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-18 16:15:00 UTC + Pritam Singh + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10178.html + https://bugzilla.redhat.com/show_bug.cgi?id=1719042 + + + + + + + + + + CVE-2019-10179 on Ubuntu 20.04 (focal) - low. + A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10179.html + https://bugzilla.redhat.com/show_bug.cgi?id=1695901 + + + + + + + + + + CVE-2019-10180 on Ubuntu 20.04 (focal) - low. + A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-31 17:15:00 UTC + Pritam Singh + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10180.html + https://bugzilla.redhat.com/show_bug.cgi?id=1721137 + + + + + + + + + + CVE-2019-10181 on Ubuntu 20.04 (focal) - medium. + It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10181.html + https://www.openwall.com/lists/oss-security/2019/07/31/2 + https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181 + https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327 + + + + + + + + + + CVE-2019-10182 on Ubuntu 20.04 (focal) - medium. + It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10182.html + https://www.openwall.com/lists/oss-security/2019/07/31/2 + https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182 + https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327 + + + + + + + + + + CVE-2019-10183 on Ubuntu 20.04 (focal) - medium. + Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-03 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10183.html + https://www.redhat.com/archives/virt-tools-list/2019-July/msg00014.html + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10183 + + + + + + + + + + CVE-2019-10184 on Ubuntu 20.04 (focal) - low. + undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-25 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10184.html + https://issues.jboss.org/browse/UNDERTOW-1578 + https://github.com/undertow-io/undertow/pull/794 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184 + + + + + + + + + + CVE-2019-10185 on Ubuntu 20.04 (focal) - medium. + It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10185.html + https://www.openwall.com/lists/oss-security/2019/07/31/2 + https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10185 + https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327 + + + + + + + + + + CVE-2019-10190 on Ubuntu 20.04 (focal) - medium. + A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-16 18:15:00 UTC + Vladimír Čunát at CZ.NIC + 2019-07-10 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10190.html + + + + amurray> According to the advisory only affects version between (and amurray> including) 3.2.0 and 4.0.0 so only disco + eoan affected + + + + + + + + + CVE-2019-10191 on Ubuntu 20.04 (focal) - medium. + A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-16 18:15:00 UTC + Vladimír Čunát at CZ.NIC + 2019-07-10 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10191.html + + + + amurray> According to the upstream advisory all version <= 4.0.0 are amurray> affected + + + + + + + + + CVE-2019-10195 on Ubuntu 20.04 (focal) - medium. + A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-27 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10195.html + https://pagure.io/freeipa/c/02ce407f5e10e670d4788778037892b58f80adc0 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10195 + https://www.freeipa.org/page/Releases/4.6.7 + https://www.freeipa.org/page/Releases/4.7.4 + https://www.freeipa.org/page/Releases/4.8.3 + + + + + + + + + + CVE-2019-1020001 on Ubuntu 20.04 (focal) - medium. + yard before 0.9.20 allows path traversal. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-29 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1020001.html + https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr + + + + + + + + + + CVE-2019-1020014 on Ubuntu 20.04 (focal) - low. + docker-credential-helpers before 0.6.3 has a double free in the List functions. Jasiel Spelman discovered that a double free existed in docker-credential-helpers. A local attacker could use this to cause a denial of service (crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-29 13:15:00 UTC + 2019-07-29 + Jasiel Spelman + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1020014.html + https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3 + https://ubuntu.com/security/notices/USN-4103-1 + https://ubuntu.com/security/notices/USN-4103-2 + + + + + + + + + + CVE-2019-10203 on Ubuntu 20.04 (focal) - medium. + PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-22 13:15:00 UTC + 2019-07-30 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10203.html + + + + + + + + + + CVE-2019-10206 on Ubuntu 20.04 (focal) - medium. + ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-22 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933005 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10206.html + https://github.com/ansible/ansible/pull/59246 + + + + ebarretto> Be careful when applying the fix as it might lead to CVE-2019-14856 + + + + + + + + + CVE-2019-10212 on Ubuntu 20.04 (focal) - medium. + A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-02 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10212.html + https://bugzilla.redhat.com/show_bug.cgi?id=1731984 + + + + + + + + + + CVE-2019-10219 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-08 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10219.html + https://bugzilla.redhat.com/show_bug.cgi?id=1738673 + + + + + + + + + + CVE-2019-10221 on Ubuntu 20.04 (focal) - low. + A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10221.html + https://bugzilla.redhat.com/show_bug.cgi?id=1732565 + https://github.com/dogtagpki/pki/pull/452 + + + + + + + + + + CVE-2019-10224 on Ubuntu 20.04 (focal) - low. + A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-25 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10224.html + https://bugzilla.redhat.com/show_bug.cgi?id=1677147 + https://pagure.io/389-ds-base/issue/50251 + https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310 + + + + + + + + + + CVE-2019-10241 on Ubuntu 20.04 (focal) - low. + In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-22 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10241.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121 + + + + + + + + + + CVE-2019-10247 on Ubuntu 20.04 (focal) - medium. + In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-22 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10247.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577 + + + + + + + + + + CVE-2019-10255 on Ubuntu 20.04 (focal) - low. + An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-28 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925939 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10255.html + https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb + https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b + https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4 + https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99 + + + + + + + + + + CVE-2019-10269 on Ubuntu 20.04 (focal) - medium. + BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. It was discovered that Burrows-Wheeler Aligner (BWA) mishandled certain crafted .alt files. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-29 05:29:00 UTC + 2019-03-29 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926014 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10269.html + https://github.com/lh3/bwa/pull/232 + https://github.com/lh3/bwa/commit/20d0a13092aa4cb73230492b05f9697d5ef0b88e + https://coreymhudson.github.io/bwa_vulnerabilties/ + https://ubuntu.com/security/notices/USN-4087-1 + + + + + + + + + + CVE-2019-10648 on Ubuntu 20.04 (focal) - medium. + Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-30 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926088 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10648.html + https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd#diff-0296a8f9d4a509789f4dc4f052d9c36f + https://sourceforge.net/p/robocode/bugs/406/ + + + + + + + + + + CVE-2019-10654 on Ubuntu 20.04 (focal) - low. + The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-30 15:29:00 UTC + https://github.com/ckolivas/lrzip/issues/108 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10654.html + + + + + + + + + + CVE-2019-10723 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10723.html + https://sourceforge.net/p/podofo/tickets/46/ + + + + + + + + + + CVE-2019-10732 on Ubuntu 20.04 (focal) - medium. + In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-07 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10732.html + https://bugs.kde.org/show_bug.cgi?id=404698 + + + + + + + + + + CVE-2019-10734 on Ubuntu 20.04 (focal) - medium. + In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-07 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795701 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10734.html + https://bugs.kde.org/show_bug.cgi?id=404697 + + + + + + + + + + CVE-2019-10735 on Ubuntu 20.04 (focal) - medium. + In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-07 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10735.html + https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159 + + + + + + + + + + CVE-2019-10740 on Ubuntu 20.04 (focal) - medium. + In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-07 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10740.html + https://github.com/roundcube/roundcubemail/issues/6638 + + + + + + + + + + CVE-2019-10746 on Ubuntu 20.04 (focal) - medium. + mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-23 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932500 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10746.html + https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 + https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9 + https://github.com/jonschlinkert/mixin-deep/issues/6 + + + + + + + + + + CVE-2019-10747 on Ubuntu 20.04 (focal) - untriaged. + set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-08-23 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10747.html + https://snyk.io/vuln/SNYK-JS-SETVALUE-450213 + + + + + + + + + + CVE-2019-10751 on Ubuntu 20.04 (focal) - medium. + All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. It was discovered that HTTPie did not properly generate output filenames under certain circumstances. A remote attacker could use this to possibly write arbitrary files, resulting in open redirect attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-23 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10751.html + http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00003.html + https://github.com/jakubroztocil/httpie/releases/tag/1.0.3 + https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107 + + + + + + + + + + CVE-2019-10768 on Ubuntu 20.04 (focal) - low. + In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-19 21:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10768.html + https://snyk.io/vuln/SNYK-JS-ANGULAR-534884 + + + + + + + + + + CVE-2019-10773 on Ubuntu 20.04 (focal) - medium. + In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-16 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10773.html + https://github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023 + https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/ + https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7 + https://snyk.io/vuln/SNYK-JS-YARN-537806 + https://snyk.io/vuln/SNYK-JS-YARN-537806, + + + + + + + + + + CVE-2019-10782 on Ubuntu 20.04 (focal) - medium. + All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-30 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10782.html + https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266 + https://github.com/checkstyle/checkstyle/issues/7468 + https://github.com/checkstyle/checkstyle/security/advisories/GHSA-763g-fqq7-48wg + + + + + + + + + + CVE-2019-10784 on Ubuntu 20.04 (focal) - medium. + phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-04 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10784.html + https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885 + + + + + + + + + + CVE-2019-10785 on Ubuntu 20.04 (focal) - medium. + dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-13 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10785.html + https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr + https://snyk.io/vuln/SNYK-JS-DOJOX-548257, + + + + + + + + + + CVE-2019-10856 on Ubuntu 20.04 (focal) - medium. + In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-04 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10856.html + https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4 + https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99 + https://github.com/jupyter/notebook/compare/16cf97c...b8e30ea + + + + + + + + + + CVE-2019-10868 on Ubuntu 20.04 (focal) - medium. + In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-05 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10868.html + https://discuss.tryton.org/t/security-release-for-issue8189/1262 + https://bugs.tryton.org/issue8189 + https://hg.tryton.org/trytond/rev/f58bbfe0aefb + + + + + + + + + + CVE-2019-10871 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-05 04:29:00 UTC + 2019-04-05 04:29:00 UTC + https://gitlab.freedesktop.org/poppler/poppler/issues/751 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926529 + https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10871.html + https://ubuntu.com/security/notices/USN-4646-1 + https://ubuntu.com/security/notices/USN-4646-2 + + + + mdeslaur> this is an invalid read of size 1. Upstream fixed this issue by mdeslaur> enabling SPLASH_CMYK in poppler. mdeslaur> mdeslaur> Enabling SPLASH_CMYK introduced a regression in xpdf and gdal. mdeslaur> See bug 1905741. + + + + + + + + + CVE-2019-10877 on Ubuntu 20.04 (focal) - medium. + In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-05 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10877.html + https://github.com/teeworlds/teeworlds/issues/2071 + https://github.com/teeworlds/teeworlds/commit/d25869626a8cfbdd320929ba93ce73abed1402ce + https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988 + + + + + + + + + + CVE-2019-10878 on Ubuntu 20.04 (focal) - medium. + In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-05 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10878.html + https://github.com/teeworlds/teeworlds/issues/2073 + https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988 + + + + + + + + + + CVE-2019-10879 on Ubuntu 20.04 (focal) - medium. + In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-05 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10879.html + https://github.com/teeworlds/teeworlds/issues/2070 + https://github.com/teeworlds/teeworlds/commit/4d529dcd2d01022e979ebfa0b91167dee37cdb8e + + + + + + + + + + CVE-2019-10894 on Ubuntu 20.04 (focal) - medium. + In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-09 04:29:00 UTC + 2019-04-09 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10894.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa + https://www.wireshark.org/security/wnpa-sec-2019-14.html + https://ubuntu.com/security/notices/USN-3986-1 + + + + + + + + + + CVE-2019-10895 on Ubuntu 20.04 (focal) - medium. + In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-09 04:29:00 UTC + 2019-04-09 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10895.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2fbbde780e5d5d82e31dca656217daf278cf62bb + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=38680c4c69f9f4e0f39e29b66fe2b02d88eb629d + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cab0cff6abdd7a5b5b0bfa4ee204eea951e129e9 + https://www.wireshark.org/security/wnpa-sec-2019-09.html + https://ubuntu.com/security/notices/USN-3986-1 + + + + + + + + + + CVE-2019-10896 on Ubuntu 20.04 (focal) - medium. + In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-09 04:29:00 UTC + 2019-04-09 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10896.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=441b6d9071d6341e58dfe10719375489c5b8e3f0 + https://www.wireshark.org/security/wnpa-sec-2019-15.html + https://ubuntu.com/security/notices/USN-3986-1 + + + + + + + + + + CVE-2019-10899 on Ubuntu 20.04 (focal) - medium. + In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-09 04:29:00 UTC + 2019-04-09 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10899.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b16fea2f175a3297edac118c8844c7987d31c1cb + https://www.wireshark.org/security/wnpa-sec-2019-10.html + https://ubuntu.com/security/notices/USN-3986-1 + + + + + + + + + + CVE-2019-10901 on Ubuntu 20.04 (focal) - medium. + In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-09 04:29:00 UTC + 2019-04-09 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10901.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd + https://www.wireshark.org/security/wnpa-sec-2019-17.html + https://ubuntu.com/security/notices/USN-3986-1 + + + + + + + + + + CVE-2019-10903 on Ubuntu 20.04 (focal) - medium. + In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-09 04:29:00 UTC + 2019-04-09 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10903.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eafdcfa4b6d5187a5326442a82608ab03d9dddcb + https://www.wireshark.org/security/wnpa-sec-2019-18.html + https://ubuntu.com/security/notices/USN-3986-1 + + + + + + + + + + CVE-2019-10909 on Ubuntu 20.04 (focal) - medium. + In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-16 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10909.html + https://www.drupal.org/SA-CORE-2019-005 + https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine + + + + + + + + + + CVE-2019-10910 on Ubuntu 20.04 (focal) - medium. + In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-16 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10910.html + https://www.drupal.org/SA-CORE-2019-005 + https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid + + + + + + + + + + CVE-2019-10911 on Ubuntu 20.04 (focal) - medium. + In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-16 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10911.html + https://www.drupal.org/SA-CORE-2019-005 + https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash + + + + + + + + + + CVE-2019-10912 on Ubuntu 20.04 (focal) - medium. + In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-16 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10912.html + https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized + https://www.debian.org/security/2019/dsa-4441 + + + + + + + + + + CVE-2019-10913 on Ubuntu 20.04 (focal) - medium. + In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to symfony/http-foundation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-16 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10913.html + https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides + + + + + + + + + + CVE-2019-11006 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-08 19:29:00 UTC + 2019-04-08 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11006.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1 + https://sourceforge.net/p/graphicsmagick/bugs/598/ + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2019-11007 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-08 19:29:00 UTC + 2019-04-08 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11007.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98 + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83 + https://sourceforge.net/p/graphicsmagick/bugs/596/ + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2019-11008 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-08 19:29:00 UTC + 2019-04-08 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11008.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b + https://sourceforge.net/p/graphicsmagick/bugs/599/ + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2019-11009 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-08 19:29:00 UTC + 2019-04-08 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11009.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de + https://sourceforge.net/p/graphicsmagick/bugs/597/ + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2019-11010 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-08 19:29:00 UTC + 2019-04-08 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11010.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019 + https://sourceforge.net/p/graphicsmagick/bugs/601/ + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2019-11023 on Ubuntu 20.04 (focal) - low. + The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-08 23:29:00 UTC + https://gitlab.com/graphviz/graphviz/issues/1517 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11023.html + https://research.loginsoft.com/bugs/null-pointer-dereference-in-function-agroot/ + + + + + + + + + + CVE-2019-11024 on Ubuntu 20.04 (focal) - low. + The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-08 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11024.html + https://github.com/saitoha/libsixel/issues/85 + https://research.loginsoft.com/bugs/1501/ + + + + + + + + + + CVE-2019-11025 on Ubuntu 20.04 (focal) - medium. + In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. It was discovered that Cacti doesn't properly handles the value of some SNMP Options strings. An attacker could use it to do XSS and cause a Denial of Service or code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-08 23:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926700 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11025.html + https://github.com/Cacti/cacti/issues/2581 + https://github.com/Cacti/cacti/compare/6ea486a...99995bb + + + + + + + + + + CVE-2019-11027 on Ubuntu 20.04 (focal) - medium. + Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-10 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930388 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11027.html + https://github.com/openid/ruby-openid/issues/122 + https://marc.info/?l=openid-security&m=155154717027534&w=2 + + + + + + + + + + CVE-2019-11037 on Ubuntu 20.04 (focal) - medium. + In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-03 20:29:00 UTC + 2019-05-03 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928420 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11037.html + https://bugs.php.net/bug.php?id=77791 + https://github.com/mkoppanen/imagick/commits/bugfix_77791 + https://ubuntu.com/security/notices/USN-4586-1 + + + + + + + + + + CVE-2019-11059 on Ubuntu 20.04 (focal) - low. + Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-10 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928800 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11059.html + + + + + + + + + + CVE-2019-11065 on Ubuntu 20.04 (focal) - medium. + Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-10 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11065.html + https://github.com/gradle/gradle/pull/8927 + + + + + + + + + + CVE-2019-11070 on Ubuntu 20.04 (focal) - medium. + WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-10 21:29:00 UTC + 2019-04-10 + https://bugs.webkit.org/show_bug.cgi?id=193718 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11070.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://trac.webkit.org/changeset/243197/webkit + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-11091 on Ubuntu 20.04 (focal) - medium. + Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-30 16:29:00 UTC + 2019-05-14 17:00:00 UTC + Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida + 2019-05-14 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11091.html + https://ubuntu.com/security/notices/USN-3977-1 + https://ubuntu.com/security/notices/USN-3978-1 + https://ubuntu.com/security/notices/USN-3979-1 + https://ubuntu.com/security/notices/USN-3980-1 + https://ubuntu.com/security/notices/USN-3981-1 + https://ubuntu.com/security/notices/USN-3982-1 + https://ubuntu.com/security/notices/USN-3983-1 + https://ubuntu.com/security/notices/USN-3982-2 + https://ubuntu.com/security/notices/USN-3980-2 + https://ubuntu.com/security/notices/USN-3984-1 + https://ubuntu.com/security/notices/USN-3981-2 + https://ubuntu.com/security/notices/USN-3983-2 + https://ubuntu.com/security/notices/USN-3985-1 + https://ubuntu.com/security/notices/USN-3985-2 + https://ubuntu.com/security/notices/USN-3977-2 + https://ubuntu.com/security/notices/USN-3977-3 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-11098 on Ubuntu 20.04 (focal) - medium. + Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11098.html + https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability + + + + + + + + + + CVE-2019-11187 on Ubuntu 20.04 (focal) - low. + Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 17:15:00 UTC + 2019-08-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11187.html + https://ubuntu.com/security/notices/USN-4609-1 + + + + + + + + + + + + + CVE-2019-11221 on Ubuntu 20.04 (focal) - medium. + GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-15 12:31:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926963 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11221.html + https://github.com/gpac/gpac/issues/1203 + + + + + + + + + + CVE-2019-11222 on Ubuntu 20.04 (focal) - medium. + gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-15 12:31:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926961 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11222.html + https://github.com/gpac/gpac/issues/1204 + https://github.com/gpac/gpac/issues/1205 + + + + + + + + + + CVE-2019-11246 on Ubuntu 20.04 (focal) - medium. + The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11246.html + https://github.com/kubernetes/kubernetes/pull/76788 + + + + + + + + + + CVE-2019-11248 on Ubuntu 20.04 (focal) - medium. + The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11248.html + https://github.com/kubernetes/kubernetes/issues/81023 + https://groups.google.com/forum/#!topic/kubernetes-security-announce/pKELclHIov8 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2019-11249 on Ubuntu 20.04 (focal) - medium. + The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11249.html + https://github.com/kubernetes/kubernetes/issues/80984 + + + + + + + + + + CVE-2019-11251 on Ubuntu 20.04 (focal) - untriaged. + The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-02-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11251.html + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2019-11254 on Ubuntu 20.04 (focal) - medium. + The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11254.html + https://github.com/kubernetes/kubernetes/issues/89535 + https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2019-11281 on Ubuntu 20.04 (focal) - low. + Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 16:15:00 UTC + leosilva + Markus Alvila + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11281.html + https://pivotal.io/security/cve-2019-11281 + + + + sbeattie| federation management plugin issue requires a malicious admin to exploit avital| vhost issue does not exist pre-3.7.0 + + + + + + + + + CVE-2019-11287 on Ubuntu 20.04 (focal) - low. + Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-23 00:15:00 UTC + 2019-11-23 00:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945600 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11287.html + https://pivotal.io/security/cve-2019-11287 + https://ubuntu.com/security/notices/USN-5004-1 + + + + + + + + + + CVE-2019-11325 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11325.html + https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter + https://github.com/symfony/symfony/commit/0524868cbf3d3a36e0af804432016d5a6d98169a + + + + + + + + + + CVE-2019-11358 on Ubuntu 20.04 (focal) - low. + jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-20 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927385 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927330 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11358.html + https://www.drupal.org/sa-core-2019-006 + https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ + https://github.com/DanielRuf/snyk-js-jquery-174006?files=1 + https://snyk.io/vuln/SNYK-JS-JQUERY-174006 + https://backdropcms.org/security/backdrop-sa-core-2019-009 + https://github.com/jquery/jquery/pull/4333 + + + + + + + + + + + + + + + CVE-2019-11371 on Ubuntu 20.04 (focal) - medium. + BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-20 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11371.html + https://github.com/lh3/bwa/issues/239 + + + + + + + + + + CVE-2019-11372 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-20 15:29:00 UTC + 2019-04-20 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927672 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11372.html + https://github.com/MediaArea/MediaInfoLib/pull/1111 + https://sourceforge.net/p/mediainfo/bugs/1101/ + https://ubuntu.com/security/notices/USN-3988-1 + + + + + + + + + + CVE-2019-11373 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-20 15:29:00 UTC + 2019-04-20 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927672 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11373.html + https://github.com/MediaArea/MediaInfoLib/pull/1111 + https://sourceforge.net/p/mediainfo/bugs/1101/ + https://ubuntu.com/security/notices/USN-3988-1 + + + + + + + + + + CVE-2019-11387 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-21 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11387.html + https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359 + + + + + + + + + + CVE-2019-11388 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-21 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11388.html + https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354 + + + + + + + + + + CVE-2019-11389 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-21 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11389.html + https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356 + + + + + + + + + + CVE-2019-11390 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-21 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11390.html + https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358 + + + + + + + + + + CVE-2019-11391 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-21 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11391.html + https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357 + + + + + + + + + + CVE-2019-11454 on Ubuntu 20.04 (focal) - medium. + Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-22 16:29:00 UTC + 2019-04-22 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927775 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11454.html + https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3 + https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c + https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py + https://ubuntu.com/security/notices/USN-3971-1 + + + + + + + + + + CVE-2019-11455 on Ubuntu 20.04 (focal) - medium. + A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage). Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-22 16:29:00 UTC + 2019-04-22 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927775 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11455.html + https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a + https://github.com/dzflack/exploits/blob/master/macos/monit_dos.py + https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py + https://ubuntu.com/security/notices/USN-3971-1 + + + + + + + + + + CVE-2019-11459 on Ubuntu 20.04 (focal) - medium. + The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-22 22:29:00 UTC + 2019-04-22 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11459.html + https://gitlab.gnome.org/GNOME/evince/issues/1129 + https://ubuntu.com/security/notices/USN-3959-1 + + + + + + + + + + + + + CVE-2019-11471 on Ubuntu 20.04 (focal) - medium. + libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11471.html + https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014 + https://github.com/strukturag/libheif/issues/123 + + + + + + + + + + CVE-2019-11473 on Ubuntu 20.04 (focal) - low. + coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 14:29:00 UTC + 2019-04-23 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11473.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8 + http://www.graphicsmagick.org/Changelog.html + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2019-11474 on Ubuntu 20.04 (focal) - low. + coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 14:29:00 UTC + 2019-04-23 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11474.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8 + http://www.graphicsmagick.org/Changelog.html + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2019-11484 on Ubuntu 20.04 (focal) - medium. + Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-08 05:15:00 UTC + 2019-10-29 + Kevin Backhouse of Semmle Security Research Team + 2019-10-29 + https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1830865 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11484.html + https://ubuntu.com/security/notices/USN-4170-1 + + + + + + + + + + + + + CVE-2019-11505 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-24 21:29:00 UTC + 2019-04-24 21:29:00 UTC + https://sourceforge.net/p/graphicsmagick/bugs/605/ + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11505.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a + https://sourceforge.net/p/graphicsmagick/bugs/605/ + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2019-11506 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-24 21:29:00 UTC + 2019-04-24 21:29:00 UTC + https://sourceforge.net/p/graphicsmagick/bugs/604/ + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11506.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a + https://sourceforge.net/p/graphicsmagick/bugs/604/ + https://ubuntu.com/security/notices/USN-4207-1 + + + + + + + + + + CVE-2019-11578 on Ubuntu 20.04 (focal) - medium. + auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-28 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928056 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11578.html + https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233 + https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da + https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e + https://roy.marples.name/archives/dhcpcd-discuss/0002415.html + + + + + + + + + + CVE-2019-11579 on Ubuntu 20.04 (focal) - low. + dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED. It was discovered that dhcpcd did not properly bound certain operations. An attacker could potentially use this vulnerability to obtain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-28 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928104 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11579.html + https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8 + https://roy.marples.name/archives/dhcpcd-discuss/0002415.html + + + + + + + + + + CVE-2019-11627 on Ubuntu 20.04 (focal) - medium. + gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-30 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11627.html + https://bugs.debian.org/928256 + + + + + + + + + + CVE-2019-11637 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-01 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11637.html + https://github.com/TeamSeri0us/pocs/blob/master/recutils/bug-report-recutils + https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/rec2csv + + + + + + + + + + CVE-2019-11638 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-01 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11638.html + https://github.com/TeamSeri0us/pocs/blob/master/recutils/bug-report-recutils + https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/rec2csv + + + + + + + + + + CVE-2019-11639 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-01 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11639.html + https://github.com/TeamSeri0us/pocs/blob/master/recutils/bug-report-recutils + https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/recfix + + + + + + + + + + CVE-2019-11640 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-01 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11640.html + https://github.com/TeamSeri0us/pocs/blob/master/recutils/bug-report-recutils/ + https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/recfix + + + + + + + + + + CVE-2019-11675 on Ubuntu 20.04 (focal) - medium. + The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/httpd to /etc/bash_completion.d. NOTE: this is an issue in the Debian packaging of the Groonga HTTP server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-02 06:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928304 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11675.html + https://bugs.debian.org/928304 + + + + + + + + + + CVE-2019-11690 on Ubuntu 20.04 (focal) - low. + gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-03 13:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928557 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11690.html + https://patchwork.ozlabs.org/patch/1092945 + + + + + + + + + + CVE-2019-11691 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11691.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691 + https://ubuntu.com/security/notices/USN-3991-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11691 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11692 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11692.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692 + https://ubuntu.com/security/notices/USN-3991-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11693 on Ubuntu 20.04 (focal) - medium. + The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11693.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693 + https://ubuntu.com/security/notices/USN-3991-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11694 on Ubuntu 20.04 (focal) - medium. + A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11694.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11694 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> Windows only bug + + + + + + + + + CVE-2019-11695 on Ubuntu 20.04 (focal) - medium. + A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. This vulnerability affects Firefox < 67. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11695.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11695 + https://ubuntu.com/security/notices/USN-3991-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11696 on Ubuntu 20.04 (focal) - medium. + Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11696.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11696 + https://ubuntu.com/security/notices/USN-3991-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11697 on Ubuntu 20.04 (focal) - medium. + If the ALT and "a" keys are pressed when users receive an extension installation prompt, the extension will be installed without the install prompt delay that keeps the prompt visible in order for users to accept or decline the installation. A malicious web page could use this with spoofing on the page to trick users into installing a malicious extension. This vulnerability affects Firefox < 67. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11697.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11697 + https://ubuntu.com/security/notices/USN-3991-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11698 on Ubuntu 20.04 (focal) - medium. + If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11698.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698 + https://ubuntu.com/security/notices/USN-3991-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11699 on Ubuntu 20.04 (focal) - low. + A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11699.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699 + https://ubuntu.com/security/notices/USN-3991-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11700 on Ubuntu 20.04 (focal) - medium. + A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11700.html + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> Windows only bug + + + + + + + + + CVE-2019-11701 on Ubuntu 20.04 (focal) - low. + The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*. This vulnerability affects Firefox < 67. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11701.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11701 + https://ubuntu.com/security/notices/USN-3991-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11707 on Ubuntu 20.04 (focal) - high. + A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. + + Ubuntu 20.04 + + + + High + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-06-19 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11707.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707 + https://ubuntu.com/security/notices/USN-4020-1 + https://ubuntu.com/security/notices/USN-4045-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine msalvatore> PoC does not cause a crash in mozjs38. The code has also significantly msalvatore> diverged. + + + + + + + + + + + + + CVE-2019-11709 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11709.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11709 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11709 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4064-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11710 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + André Bargull, Christian Holler, Natalia Csoregi, Raul Gurzau, Daniel Varga, Jon Coppeard, Marcia Knous, Gary Kwong, Randell Jesup, David Bolter, Jeff Gilbert, and Deian Stefan + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11710.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11710 + https://ubuntu.com/security/notices/USN-4054-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11711 on Ubuntu 20.04 (focal) - medium. + When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Boris Zbarsky + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11711.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11711 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11711 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4064-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11712 on Ubuntu 20.04 (focal) - medium. + POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Gregory Smiley + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11712.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11712 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4064-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11713 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Hanno Böck + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11713.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11713 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4064-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11714 on Ubuntu 20.04 (focal) - medium. + Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Hanno Böck + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11714.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11714 + https://ubuntu.com/security/notices/USN-4054-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11715 on Ubuntu 20.04 (focal) - medium. + Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Linus Särud + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11715.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11715 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11715 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4064-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11716 on Ubuntu 20.04 (focal) - medium. + Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Chris Hacking + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11716.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11716 + https://ubuntu.com/security/notices/USN-4054-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11717 on Ubuntu 20.04 (focal) - medium. + A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Tyson Smith + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11717.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11717 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11717 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4064-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11718 on Ubuntu 20.04 (focal) - medium. + Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Mark Banner + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11718.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11718 + https://ubuntu.com/security/notices/USN-4054-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11719 on Ubuntu 20.04 (focal) - medium. + When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Henry Corrigan-Gibbs + https://bugzilla.mozilla.org/show_bug.cgi?id=1540541 (private) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11719.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4060-1 + https://ubuntu.com/security/notices/USN-4060-2 + https://ubuntu.com/security/notices/USN-4064-1 + + + + + + + + + + + + + + + CVE-2019-11720 on Ubuntu 20.04 (focal) - medium. + Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Rakesh Mane + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11720.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11720 + https://ubuntu.com/security/notices/USN-4054-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11721 on Ubuntu 20.04 (focal) - medium. + The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11721.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11721 + https://ubuntu.com/security/notices/USN-4054-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11723 on Ubuntu 20.04 (focal) - medium. + A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Andreas Wagner + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11723.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11723 + https://ubuntu.com/security/notices/USN-4054-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11724 on Ubuntu 20.04 (focal) - medium. + Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Frederik Braun + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11724.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11724 + https://ubuntu.com/security/notices/USN-4054-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11725 on Ubuntu 20.04 (focal) - medium. + When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11725.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11725 + https://ubuntu.com/security/notices/USN-4054-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11727 on Ubuntu 20.04 (focal) - medium. + A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Hubert Kario + https://bugzilla.mozilla.org/show_bug.cgi?id=1552208 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11727.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4060-1 + + + + mdeslaur> only an issue with TLSv1.3. Releases before Bionic have no mdeslaur> TLSv1.3 support. Bionic shipped with an incompatible TLSv1.3 mdeslaur> draft, so likely not used. + + + + + + + + + + + + + + CVE-2019-11728 on Ubuntu 20.04 (focal) - medium. + The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Trishita Tiwari, Ari Trachtenberg + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11728.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11728 + https://ubuntu.com/security/notices/USN-4054-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11729 on Ubuntu 20.04 (focal) - medium. + Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Jonas Allmann + https://bugzilla.mozilla.org/show_bug.cgi?id=1515342 (private) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11729.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4060-1 + https://ubuntu.com/security/notices/USN-4060-2 + https://ubuntu.com/security/notices/USN-4064-1 + + + + + + + + + + + + + + + CVE-2019-11730 on Ubuntu 20.04 (focal) - medium. + A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Luigi Gubello + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11730.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4064-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11734 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11734.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11734 + https://ubuntu.com/security/notices/USN-4122-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11735 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11735.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11735 + https://ubuntu.com/security/notices/USN-4122-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11736 on Ubuntu 20.04 (focal) - medium. + The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11736.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11736 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2019-11737 on Ubuntu 20.04 (focal) - low. + If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11737.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11737 + https://ubuntu.com/security/notices/USN-4122-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11738 on Ubuntu 20.04 (focal) - low. + If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11738.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11738 + https://ubuntu.com/security/notices/USN-4122-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11740 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11740.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11740 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11740 + https://ubuntu.com/security/notices/USN-4122-1 + https://ubuntu.com/security/notices/USN-4150-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11741 on Ubuntu 20.04 (focal) - medium. + A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11741.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741 + https://ubuntu.com/security/notices/USN-4122-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11742 on Ubuntu 20.04 (focal) - medium. + A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11742.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11742 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11742 + https://ubuntu.com/security/notices/USN-4122-1 + https://ubuntu.com/security/notices/USN-4150-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11743 on Ubuntu 20.04 (focal) - medium. + Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11743.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11743 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11743 + https://ubuntu.com/security/notices/USN-4122-1 + https://ubuntu.com/security/notices/USN-4150-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11744 on Ubuntu 20.04 (focal) - medium. + Some HTML elements, such as &lt;title&gt; and &lt;textarea&gt;, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11744.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11744 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11744 + https://ubuntu.com/security/notices/USN-4122-1 + https://ubuntu.com/security/notices/USN-4150-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11746 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11746.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11746 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746 + https://ubuntu.com/security/notices/USN-4122-1 + https://ubuntu.com/security/notices/USN-4150-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11747 on Ubuntu 20.04 (focal) - negligible. + The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11747.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11747 + https://ubuntu.com/security/notices/USN-4122-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11748 on Ubuntu 20.04 (focal) - medium. + WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11748.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11748 + https://ubuntu.com/security/notices/USN-4122-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11749 on Ubuntu 20.04 (focal) - medium. + A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11749.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11749 + https://ubuntu.com/security/notices/USN-4122-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11750 on Ubuntu 20.04 (focal) - medium. + A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11750.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11750 + https://ubuntu.com/security/notices/USN-4122-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11751 on Ubuntu 20.04 (focal) - medium. + Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11751.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11751 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2019-11752 on Ubuntu 20.04 (focal) - medium. + It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11752.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11752 + https://ubuntu.com/security/notices/USN-4122-1 + https://ubuntu.com/security/notices/USN-4150-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11753 on Ubuntu 20.04 (focal) - medium. + The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11753.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11753 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2019-11754 on Ubuntu 20.04 (focal) - medium. + When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 18:15:00 UTC + 2019-09-19 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11754.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-31/#CVE-2019-11754 + https://ubuntu.com/security/notices/USN-4140-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11756 on Ubuntu 20.04 (focal) - medium. + Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 20:15:00 UTC + 2019-12-04 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11756.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756 + https://ubuntu.com/security/notices/USN-4216-1 + https://ubuntu.com/security/notices/USN-4216-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11757 on Ubuntu 20.04 (focal) - medium. + When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 20:15:00 UTC + 2019-10-22 00:00:00 UTC + chrisccoulson + https://bugzilla.mozilla.org/show_bug.cgi?id=1577107 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11757.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757 + https://ubuntu.com/security/notices/USN-4165-1 + https://ubuntu.com/security/notices/USN-4202-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11759 on Ubuntu 20.04 (focal) - medium. + An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 20:15:00 UTC + 2019-10-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11759.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759 + https://ubuntu.com/security/notices/USN-4165-1 + https://ubuntu.com/security/notices/USN-4202-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11760 on Ubuntu 20.04 (focal) - medium. + A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 20:15:00 UTC + 2019-10-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11760.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760 + https://ubuntu.com/security/notices/USN-4165-1 + https://ubuntu.com/security/notices/USN-4202-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11761 on Ubuntu 20.04 (focal) - medium. + By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 20:15:00 UTC + 2019-10-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11761.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761 + https://ubuntu.com/security/notices/USN-4165-1 + https://ubuntu.com/security/notices/USN-4202-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11762 on Ubuntu 20.04 (focal) - medium. + If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 20:15:00 UTC + 2019-10-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11762.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762 + https://ubuntu.com/security/notices/USN-4165-1 + https://ubuntu.com/security/notices/USN-4202-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11763 on Ubuntu 20.04 (focal) - medium. + Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 20:15:00 UTC + 2019-10-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11763.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763 + https://ubuntu.com/security/notices/USN-4165-1 + https://ubuntu.com/security/notices/USN-4202-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11764 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 21:15:00 UTC + 2019-10-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11764.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764 + https://ubuntu.com/security/notices/USN-4165-1 + https://ubuntu.com/security/notices/USN-4202-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-11765 on Ubuntu 20.04 (focal) - medium. + A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission. This vulnerability affects Firefox < 70. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 21:15:00 UTC + 2019-10-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11765.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765 + https://ubuntu.com/security/notices/USN-4165-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-11766 on Ubuntu 20.04 (focal) - medium. + dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-05 06:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928440 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11766.html + https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 + https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b + https://bugs.debian.org/928440 + https://roy.marples.name/archives/dhcpcd-discuss/0002428.html + https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=896ef4a54b0578985e5e1360b141593f1d62837b + https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 + + + + + + + + + + CVE-2019-11768 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database name. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-05 05:29:00 UTC + 2019-06-05 05:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11768.html + https://www.phpmyadmin.net/security/PMASA-2019-3/ + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2019-11780 on Ubuntu 20.04 (focal) - medium. + Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-19 16:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11780.html + https://github.com/odoo/odoo/issues/42196 + + + + + + + + + + CVE-2019-11840 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-09 16:29:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1691529 + https://github.com/golang/go/issues/30965 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11840.html + https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d + https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ + + + + jdstrand> snapd contains an embedded copy of golang-go.crypto with the affected code jdstrand> snapd doesn't import/use the salsa code directly, but does vendor golang-gopkg-macaroon.v1, which imports golang.org/x/crypto/nacl/secretbox which does import salsa and contains the affected salsa2020XORKeyStream. snapd uses secretbox.Open() and secretbox.Seal(), both of which use salsa.XORKeyStream() (which wraps salsa2020XORKeyStream) via the internal decrypt() and encrypt() functions, respectively. In macaroon.v1, encrypt() is only used via AddThirdPartyCaveat() and decrypt() via Verify(). . overlord/auth/auth.go in snapd uses Verify() in CheckMacaroon(), daemon/api.go uses CheckMacaroon() in UserFromRequest(), which is called by ServeHTTP(), the service used to process snap commands from the local system to the local snapd. This CVE does not affect decrypt() operations. . AddThirdPartyCaveat() is only used in unit tests, but not in the binaries of snapd builds. . For snapd, ignoring since only encryption operations (ie, secretbox.Seal()) are affected with regard to loss of confidentiality/predictability and this function is only ever (ultimately) called via the snapd unit tests. jdstrand> lxd contains an embedded copy of golang-go.crypto, but does not import golang.org/x/crypto/nacl/secretbox or salsa. lxd in cosmic and later does not contain the affected code. + + + + + + + + + + + + CVE-2019-11841 on Ubuntu 20.04 (focal) - medium. + A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-22 17:29:00 UTC + Aida Mynzhasova + https://bugs.launchpad.net/ubuntu/+source/golang-pault-go-archive/+bug/1828905 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11841.html + https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841/ + https://groups.google.com/forum/#!msg/golang-openpgp/6vdgZoTgbIY/K6bBY9z3DAAJ + + + + jdstrand> snapd contains an embedded copy of golang-go.crypto jdstrand> the version of golang-go.crypto that is embedded does not contain the clearsign package. Nothing in the source uses the clearsign APIs + + + + + + + + + CVE-2019-11842 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-09 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11842.html + https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a/ + + + + + + + + + + CVE-2019-11873 on Ubuntu 20.04 (focal) - medium. + wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-23 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929468 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11873.html + https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842 + https://www.telekom.com/resource/blob/572524/1c89c1cbaccdf792153063b3a10af10e/dl-190515-remote-buffer-overflow-vulnerability-wolfssl-library-data.pdf + + + + + + + + + + CVE-2019-11922 on Ubuntu 20.04 (focal) - medium. + A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-25 21:15:00 UTC + 2019-07-25 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11922.html + https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0 + https://www.facebook.com/security/advisories/cve-2019-11922 + https://ubuntu.com/security/notices/USN-4108-1 + + + + + + + + + + CVE-2019-11939 on Ubuntu 20.04 (focal) - low. + Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-18 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11939.html + https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757 + + + + + + + + + + CVE-2019-12046 on Ubuntu 20.04 (focal) - medium. + LemonLDAP::NG -2.0.3 has Incorrect Access Control. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-22 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928944 + https://bugs.launchpad.net/ubuntu/+source/lemonldap-ng/+bug/1829016 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12046.html + https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742 + + + + + + + + + + CVE-2019-12067 on Ubuntu 20.04 (focal) - low. + The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12067.html + + + + mdeslaur> as of 2021-07-08, proposed fix not committed + + + + + + + + + CVE-2019-12086 on Ubuntu 20.04 (focal) - medium. + A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-17 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12086.html + http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ + https://github.com/FasterXML/jackson-databind/issues/2326 + https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2019-12098 on Ubuntu 20.04 (focal) - low. + In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-15 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12098.html + http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html + https://github.com/heimdal/heimdal/compare/3e58559...bbafe72 + https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0 + + + + leosilva> it fails with a FTBFS on certs tests. This issue is probably related: leosilva> https://github.com/heimdal/heimdal/issues/533. + + + + + + + + + CVE-2019-12105 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-10 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12105.html + https://github.com/Supervisor/supervisor/issues/1245 + + + + + + + + + + CVE-2019-12106 on Ubuntu 20.04 (focal) - medium. + The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-15 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12106.html + https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f + https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp + + + + + + + + + + CVE-2019-12107 on Ubuntu 20.04 (focal) - medium. + The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-15 23:29:00 UTC + 2019-05-15 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12107.html + https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94 + https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp + https://ubuntu.com/security/notices/USN-4542-1 + + + + + + + + + + CVE-2019-12108 on Ubuntu 20.04 (focal) - medium. + A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-15 23:29:00 UTC + 2019-05-15 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12108.html + https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c + https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692 + https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp + https://ubuntu.com/security/notices/USN-4542-1 + + + + + + + + + + CVE-2019-12109 on Ubuntu 20.04 (focal) - medium. + A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-15 23:29:00 UTC + 2019-05-15 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12109.html + https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c + https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692 + https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp + https://ubuntu.com/security/notices/USN-4542-1 + + + + + + + + + + CVE-2019-12110 on Ubuntu 20.04 (focal) - medium. + An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-15 23:29:00 UTC + 2019-05-15 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12110.html + https://github.com/miniupnp/miniupnp/commit/f321c2066b96d18afa5158dfa2d2873a2957ef38 + https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp + https://ubuntu.com/security/notices/USN-4542-1 + + + + + + + + + + CVE-2019-12111 on Ubuntu 20.04 (focal) - medium. + A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-15 23:29:00 UTC + 2019-05-15 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12111.html + https://github.com/miniupnp/miniupnp/commit/cb8a02af7a5677cf608e86d57ab04241cf34e24f + https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp + https://ubuntu.com/security/notices/USN-4542-1 + + + + + + + + + + CVE-2019-12209 on Ubuntu 20.04 (focal) - medium. + Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-04 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930021 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12209.html + https://github.com/Yubico/pam-u2f/commit/7db3386fcdb454e33a3ea30dcfb8e8960d4c3aa3 + https://www.openwall.com/lists/oss-security/2019/06/05/1 + https://developers.yubico.com/pam-u2f/Release_Notes.html + + + + + + + + + + CVE-2019-12210 on Ubuntu 20.04 (focal) - medium. + In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-04 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930023 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12210.html + https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62 + https://www.openwall.com/lists/oss-security/2019/06/05/1 + https://developers.yubico.com/pam-u2f/Release_Notes.html + + + + + + + + + + CVE-2019-12211 on Ubuntu 20.04 (focal) - medium. + When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow. It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 16:29:00 UTC + 2019-05-20 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12211.html + https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ + https://ubuntu.com/security/notices/USN-4529-1 + + + + + + + + + + CVE-2019-12212 on Ubuntu 20.04 (focal) - medium. + When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12212.html + https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ + + + + ebarretto> No fix available as of 2019-09-06. + + + + + + + + + CVE-2019-12213 on Ubuntu 20.04 (focal) - medium. + When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 16:29:00 UTC + 2019-05-20 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12213.html + https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ + https://ubuntu.com/security/notices/USN-4529-1 + + + + + + + + + + CVE-2019-12214 on Ubuntu 20.04 (focal) - medium. + In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12214.html + https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ + + + + ebarretto> No fix available as of 2019-09-06. + + + + + + + + + CVE-2019-12216 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 17:29:00 UTC + 2019-05-20 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12216.html + https://bugzilla.libsdl.org/show_bug.cgi?id=4619 + https://ubuntu.com/security/notices/USN-4238-1 + + + + + + + + + + + + + CVE-2019-12217 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 17:29:00 UTC + 2019-05-20 17:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4626 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12217.html + https://ubuntu.com/security/notices/USN-4238-1 + + + + mdeslaur> same fix as CVE-2019-12221 + + + + + + + + + + + + CVE-2019-12218 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 17:29:00 UTC + 2019-05-20 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12218.html + https://bugzilla.libsdl.org/show_bug.cgi?id=4620 + https://ubuntu.com/security/notices/USN-4238-1 + + + + + + + + + + + + + CVE-2019-12219 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 17:29:00 UTC + 2019-05-20 17:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4625 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12219.html + https://ubuntu.com/security/notices/USN-4238-1 + + + + mdeslaur> same fix as CVE-2019-12222 + + + + + + + + + + + + CVE-2019-12220 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 17:29:00 UTC + 2019-05-20 17:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4627 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12220.html + https://ubuntu.com/security/notices/USN-4238-1 + + + + mdeslaur> same fix as CVE-2019-12222 + + + + + + + + + + + + CVE-2019-12221 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 17:29:00 UTC + 2019-05-20 17:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4628 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12221.html + https://ubuntu.com/security/notices/USN-4238-1 + + + + + + + + + + + + + CVE-2019-12222 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-20 17:29:00 UTC + 2019-05-20 17:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4621 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12222.html + https://ubuntu.com/security/notices/USN-4238-1 + + + + + + + + + + + + + CVE-2019-12248 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-17 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12248.html + https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2019-12269 on Ubuntu 20.04 (focal) - low. + Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-21 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929363 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12269.html + https://sourceforge.net/p/enigmail/bugs/983/ + https://www.enigmail.net/index.php/en/download/changelog + + + + + + + + + + CVE-2019-12291 on Ubuntu 20.04 (focal) - untriaged. + HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-06-06 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12291.html + https://github.com/hashicorp/consul/issues/5888 + + + + + + + + + + CVE-2019-12295 on Ubuntu 20.04 (focal) - low. + In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-23 12:29:00 UTC + 2019-05-23 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929446 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12295.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820 + https://www.wireshark.org/security/wnpa-sec-2019-19.html + https://ubuntu.com/security/notices/USN-4133-1 + + + + + + + + + + CVE-2019-12300 on Ubuntu 20.04 (focal) - medium. + Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-23 15:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12300.html + https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication + + + + + + + + + + CVE-2019-12308 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-03 17:29:00 UTC + 2019-06-03 14:00:00 UTC + 2019-06-03 14:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12308.html + https://www.djangoproject.com/weblog/2019/jun/03/security-releases/ + https://ubuntu.com/security/notices/USN-4043-1 + + + + + + + + + + CVE-2019-12360 on Ubuntu 20.04 (focal) - low. + A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-27 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12360.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> as of 2019-07-23, xpdf commit not available. ebarretto> Marking emscripten ignored as poppler code is only for test/example. ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + + + + CVE-2019-12384 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-24 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930750 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12384.html + https://github.com/FasterXML/jackson-databind/issues/2334 + https://github.com/FasterXML/jackson-databind/commit/c9ef4a10d6f6633cf470d6a469514b68fa2be234 + + + + + + + + + + CVE-2019-12400 on Ubuntu 20.04 (focal) - medium. + In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-23 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935548 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12400.html + http://santuario.apache.org/secadv.data/CVE-2019-12400.asc + http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1&modificationDate=1566573083000&api=v2 + + + + + + + + + + CVE-2019-12402 on Ubuntu 20.04 (focal) - medium. + The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-30 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12402.html + https://www.openwall.com/lists/oss-security/2019/08/27/1 + https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b@%3Cdev.commons.apache.org%3E + + + + + + + + + + CVE-2019-12412 on Ubuntu 20.04 (focal) - medium. + A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use the vulnerability to cause libapreq2 to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-19 00:15:00 UTC + 2019-09-30 + pfsmorigo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939937 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12412.html + http://svn.apache.org/r1866760 + https://ubuntu.com/security/notices/USN-4558-1 + + + + + + + + + + CVE-2019-12415 on Ubuntu 20.04 (focal) - medium. + In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-23 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12415.html + https://www.openwall.com/lists/oss-security/2019/10/23/1 + https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E + + + + + + + + + + CVE-2019-12418 on Ubuntu 20.04 (focal) - medium. + When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-23 18:15:00 UTC + 2019-12-23 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12418.html + https://ubuntu.com/security/notices/USN-4251-1 + + + + + + + + + + CVE-2019-12422 on Ubuntu 20.04 (focal) - medium. + Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12422.html + https://www.openwall.com/lists/oss-security/2019/11/18/1 + https://lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c@%3Cdev.shiro.apache.org%3E + + + + + + + + + + CVE-2019-12466 on Ubuntu 20.04 (focal) - medium. + Wikimedia MediaWiki through 1.32.1 allows CSRF. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12466.html + https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html + https://phabricator.wikimedia.org/T25227 + + + + + + + + + + CVE-2019-12467 on Ubuntu 20.04 (focal) - low. + MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12467.html + https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html + https://phabricator.wikimedia.org/T209794 + + + + + + + + + + CVE-2019-12468 on Ubuntu 20.04 (focal) - medium. + An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12468.html + https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html + https://phabricator.wikimedia.org/T197279 + + + + + + + + + + CVE-2019-12469 on Ubuntu 20.04 (focal) - medium. + MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12469.html + https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html + https://phabricator.wikimedia.org/T222036 + + + + + + + + + + CVE-2019-12470 on Ubuntu 20.04 (focal) - medium. + Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12470.html + https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html + https://phabricator.wikimedia.org/T222038 + + + + + + + + + + CVE-2019-12471 on Ubuntu 20.04 (focal) - medium. + Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12471.html + https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html + https://phabricator.wikimedia.org/T207603 + + + + + + + + + + CVE-2019-12472 on Ubuntu 20.04 (focal) - medium. + An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12472.html + https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html + https://phabricator.wikimedia.org/T199540 + + + + + + + + + + CVE-2019-12473 on Ubuntu 20.04 (focal) - medium. + Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12473.html + https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html + https://phabricator.wikimedia.org/T204729 + + + + + + + + + + CVE-2019-12474 on Ubuntu 20.04 (focal) - medium. + Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12474.html + https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html + https://phabricator.wikimedia.org/T212118 + + + + + + + + + + CVE-2019-12481 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function GetESD at isomedia/track.c in libgpac.a, as demonstrated by MP4Box. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-30 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12481.html + https://github.com/gpac/gpac/issues/1249 + + + + + + + + + + CVE-2019-12482 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gf_isom_get_original_format_type at isomedia/drm_sample.c in libgpac.a, as demonstrated by MP4Box. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-30 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12482.html + https://github.com/gpac/gpac/issues/1249 + + + + + + + + + + CVE-2019-12483 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-30 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12483.html + https://github.com/gpac/gpac/issues/1249 + + + + + + + + + + CVE-2019-12493 on Ubuntu 20.04 (focal) - negligible. + A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-05-31 02:29:00 UTC + Mike Zhang + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12493.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41806 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> as of 2019-07-23, xpdf commit not available. ebarretto> Marking emscripten ignored as poppler code is only for test/example. ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + + + + CVE-2019-12495 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-31 11:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12495.html + https://lists.nongnu.org/archive/html/tinycc-devel/2019-05/msg00044.html + https://repo.or.cz/tinycc.git/commit/d04ce7772c2bc2781ab2502e0b1f1964488814b5 + + + + + + + + + + CVE-2019-12497 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-17 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12497.html + https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2019-12499 on Ubuntu 20.04 (focal) - medium. + Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-31 12:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929733 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12499.html + https://github.com/netblue30/firejail/issues/2401 + + + + + + + + + + CVE-2019-12515 on Ubuntu 20.04 (focal) - medium. + There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-02 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12515.html + https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler, no indication it is affected ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-12522 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12522.html + https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt + + + + mdeslaur> as of 2021-07-05, there is no fix from upstream for this issue + + + + + + + + + CVE-2019-12589 on Ubuntu 20.04 (focal) - medium. + In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-03 03:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929732 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12589.html + https://github.com/netblue30/firejail/issues/2718 + https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134 + https://github.com/netblue30/firejail/releases/tag/0.9.60 + + + + + + + + + + CVE-2019-12594 on Ubuntu 20.04 (focal) - medium. + DOSBox 0.74-2 has Incorrect Access Control. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-02 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931222 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12594.html + + + + + + + + + + CVE-2019-12616 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim. It was discovered that phpMyAdmin incorrectly handled some requests. An attacker could possibly use this to perform a CSRF attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-05 05:29:00 UTC + 2019-06-05 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12616.html + https://www.phpmyadmin.net/security/PMASA-2019-4/ + https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec + https://www.phpmyadmin.net/security/ + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2019-12618 on Ubuntu 20.04 (focal) - medium. + HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-12 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12618.html + https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2 + https://github.com/hashicorp/nomad/issues/5783 + https://www.hashicorp.com/blog/category/nomad + + + + + + + + + + CVE-2019-12735 on Ubuntu 20.04 (focal) - medium. + getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-05 14:29:00 UTC + 2019-06-05 + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930024 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930020 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12735.html + https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md + https://ubuntu.com/security/notices/USN-4016-1 + https://ubuntu.com/security/notices/USN-4016-2 + + + + leosilva> neither precise/esm or trusty/esm seems to be leosilva> affected. The POC was not reproducible in these leosilva> releases + + + + + + + + + + + + CVE-2019-12746 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-21 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12746.html + https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2019-12760 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-06 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12760.html + https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7 + + + + + + + + + + CVE-2019-12779 on Ubuntu 20.04 (focal) - low. + libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-07 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927159 + https://github.com/USBGuard/usbguard/issues/277 + https://github.com/ClusterLabs/libqb/issues/338 + https://bugzilla.redhat.com/show_bug.cgi?id=1695948 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12779.html + https://github.com/ClusterLabs/libqb/releases/tag/v1.0.4 + https://github.com/ClusterLabs/libqb/releases/tag/v1.0.5 + + + + mdeslaur> 1.0.4 is problematic, 1.0.5 was released to fix it. mdeslaur> mitigated by symlink restrictions, low priority + + + + + + + + + CVE-2019-12790 on Ubuntu 20.04 (focal) - medium. + In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-10 19:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930344 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12790.html + https://github.com/radare/radare2/issues/14211 + + + + + + + + + + CVE-2019-12802 on Ubuntu 20.04 (focal) - medium. + In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-13 21:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930510 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12802.html + https://github.com/radare/radare2/issues/14296 + + + + + + + + + + CVE-2019-12814 on Ubuntu 20.04 (focal) - medium. + A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-19 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930750 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12814.html + https://github.com/FasterXML/jackson-databind/issues/2341 + https://github.com/FasterXML/jackson-databind/commit/5f7c69bba07a7155adde130d9dee2e54a54f1fa5 + + + + + + + + + + CVE-2019-12815 on Ubuntu 20.04 (focal) - medium. + An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-19 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12815.html + http://bugs.proftpd.org/show_bug.cgi?id=4372 + https://github.com/proftpd/proftpd/pull/816 + + + + + + + + + + CVE-2019-12827 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-12 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12827.html + http://downloads.digium.com/pub/security/AST-2019-002.html + https://issues.asterisk.org/jira/browse/ASTERISK-28447 + + + + + + + + + + CVE-2019-12838 on Ubuntu 20.04 (focal) - medium. + SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-11 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931880 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12838.html + https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html + https://lists.schedmd.com/pipermail/slurm-announce/2019/ + https://www.schedmd.com/news.php + https://www.schedmd.com/news.php?id=218 + + + + + + + + + + CVE-2019-12865 on Ubuntu 20.04 (focal) - medium. + In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-17 23:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12865.html + https://github.com/radare/radare2/issues/14334 + + + + ebarretto> irreproducible on Xenial and Bionic + + + + + + + + + CVE-2019-12874 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-18 18:15:00 UTC + 2019-06-18 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12874.html + https://ubuntu.com/security/notices/USN-4074-1 + + + + + + + + + + CVE-2019-12921 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-18 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12921.html + http://www.graphicsmagick.org/ + https://github.com/d0ge/data-processing/blob/master/CVE-2019-12921.md + + + + + + + + + + CVE-2019-12922 on Ubuntu 20.04 (focal) - medium. + A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. It was discovered that phpmyadmin incorrectly handled some requests. An attacker could possibly use this to perform a CSRF attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-13 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12922.html + http://seclists.org/fulldisclosure/2019/Sep/23 + + + + + + + + + + CVE-2019-12953 on Ubuntu 20.04 (focal) - medium. + Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-30 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12953.html + https://hg.ucc.asn.au/dropbear/rev/228b086794b7 + https://matt.ucc.asn.au/dropbear/CHANGES + + + + + + + + + + CVE-2019-12957 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-25 00:15:00 UTC + Mike Zhang + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12957.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813 + + + + jdstrand> xpdf in koffice is 2.0 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-12958 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-25 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12958.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> looks like CVE-2017-14976 in poppler ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-12972 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-26 14:15:00 UTC + 2019-06-26 14:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24689 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12972.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2019-12973 on Ubuntu 20.04 (focal) - low. + In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. It was discovered that OpenJPEG incorrectly handled certain BMP files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-26 18:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931292 + https://github.com/uclouvain/openjpeg/issues/1059 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12973.html + https://github.com/uclouvain/openjpeg/pull/1185/commits/cbe7384016083eac16078b359acd7a842253d503 + + + + ebarretto> Marking emscripten ignored as openjpeg2 code is only for test/example. + + + + + + + + + + + + + + + CVE-2019-13031 on Ubuntu 20.04 (focal) - low. + LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-28 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931117 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13031.html + https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1820 + + + + + + + + + + CVE-2019-13033 on Ubuntu 20.04 (focal) - low. + In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13033.html + https://cisofy.com/security/cve/cve-2019-13033/ + https://github.com/CISOfy/lynis/commit/3b9eda53cc20e851c4456618f027bc9ea794ad30 + + + + + + + + + + CVE-2019-13038 on Ubuntu 20.04 (focal) - medium. + mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-29 14:15:00 UTC + 2019-06-29 14:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931265 + https://github.com/Uninett/mod_auth_mellon/issues/35 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13038.html + https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885 + https://github.com/Uninett/mod_auth_mellon/pull/220 + https://ubuntu.com/security/notices/USN-4291-1 + + + + mdeslaur> original bug has been closed as the original project has been mdeslaur> abandoned. mdeslaur> new code repo maintained by RedHat available here: mdeslaur> https://github.com/latchset/mod_auth_mellon/ + + + + + + + + + CVE-2019-13050 on Ubuntu 20.04 (focal) - low. + Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-29 17:15:00 UTC + https://bugs.launchpad.net/bugs/1844059 + https://dev.gnupg.org/T4591 + https://dev.gnupg.org/T4607 + https://dev.gnupg.org/T4628 + https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-13050 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13050.html + https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f + https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html + + + + mdeslaur> this is a weakness in the PGP keyserver design. amurray| gnupg upstream has 2 mitigations for this - firstly, don't import key signatures by default anymore, and to fallback to only import self-signatures on very large keyblocks mdeslaur> as of 2020-01-06, there is no ideal fix for this issue mdeslaur> marking this CVE as deferred until a complete fix is available sbeattie> gnupg mitigations landed in upstream in 2.2.17 with important fixes in 2.2.18 sbeattie> 2.2.19-3ubuntu1 introduced a debian/ubuntu specific change to use keys.openpgp.org as the default keyserver sbeattie> any backports to address this issue will be complex and introduce changes in behavior sbeattie> sks in debian introduced very basic filtering in 1.1.6+git20210302.c3ba6d5a-1 + + + + + + + + + + + + CVE-2019-13072 on Ubuntu 20.04 (focal) - medium. + Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. msalvatore> Based on the commit that resolves this, it's likely a duplicate of CVE-2019-7344. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-30 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13072.html + https://github.com/ZoneMinder/zoneminder/issues/2642 + https://github.com/ZoneMinder/zoneminder/issues/2455 + https://github.com/ZoneMinder/zoneminder/commit/70e59ed546474bf18b9af2040d0ed732dce835bc + + + + + + + + + + CVE-2019-13103 on Ubuntu 20.04 (focal) - negligible. + A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-07-29 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13103.html + https://gitlab.denx.de/u-boot/u-boot/commits/master + https://lists.denx.de/pipermail/u-boot/2019-July/375512.html + + + + + + + + + + CVE-2019-13104 on Ubuntu 20.04 (focal) - low. + In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-06 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13104.html + https://lists.denx.de/pipermail/u-boot/2019-July/375514.html + + + + + + + + + + CVE-2019-13106 on Ubuntu 20.04 (focal) - low. + Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-06 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13106.html + https://lists.denx.de/pipermail/u-boot/2019-July/375516.html + https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75 + https://gitlab.denx.de/u-boot/u-boot/commits/master + + + + + + + + + + CVE-2019-13107 on Ubuntu 20.04 (focal) - medium. + Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-30 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931323 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13107.html + https://github.com/tbeu/matio/compare/f8cd397...fabac6c + https://github.com/tbeu/matio/releases/tag/v1.5.16 + + + + ebarretto> xenial and bionic versions differ from 1.5.16 making the ebarretto> backport tricky + + + + + + + + + CVE-2019-13115 on Ubuntu 20.04 (focal) - medium. + In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. It was discovered that libssh2 incorrectly handled Diffie Hellman key exchange. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13115.html + + + + + + + + + + CVE-2019-13132 on Ubuntu 20.04 (focal) - high. + In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 19:15:00 UTC + 2019-07-08 16:00:00 UTC + 2019-07-08 16:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1835213 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13132.html + https://ubuntu.com/security/notices/USN-4050-1 + + + + + + + + + + CVE-2019-13147 on Ubuntu 20.04 (focal) - medium. + In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-02 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931343 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13147.html + https://github.com/mpruett/audiofile/issues/54 + + + + ebarretto> It looks like upstream is not active anymore, some of the open CVEs ebarretto> have a proposed fix on a fork. ebarretto> Marking as deferred for now. + + + + + + + + + CVE-2019-13161 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-12 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13161.html + http://downloads.digium.com/pub/security/AST-2019-003.html + https://issues.asterisk.org/jira/browse/ASTERISK-28465 + + + + + + + + + + CVE-2019-13173 on Ubuntu 20.04 (focal) - low. + fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable. It was discovered that npm/fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write aritrary files to the filesystem. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-02 20:15:00 UTC + 2019-07-02 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13173.html + https://www.npmjs.com/advisories/886 + https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22 + https://ubuntu.com/security/notices/USN-4123-1 + + + + ebarretto> According to a Github comment, the fix might not be enough. + + + + + + + + + CVE-2019-13178 on Ubuntu 20.04 (focal) - medium. + modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-02 23:15:00 UTC + https://github.com/calamares/calamares/issues/1190 + https://bugs.launchpad.net/ubuntu/+source/calamares/+bug/1835095 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13178.html + https://calamares.io/calamares-cve-2019/ + https://calamares.io/calamares-3.2.11-is-out/ + + + + + + + + + + CVE-2019-13179 on Ubuntu 20.04 (focal) - medium. + Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-02 23:15:00 UTC + https://github.com/calamares/calamares/issues/1191 + https://bugs.launchpad.net/ubuntu/+source/calamares/+bug/1835095 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13179.html + https://calamares.io/calamares-cve-2019/ + https://calamares.io/calamares-3.2.11-is-out/ + + + + + + + + + + CVE-2019-13207 on Ubuntu 20.04 (focal) - medium. + nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-03 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13207.html + https://github.com/NLnetLabs/nsd/issues/20 + https://github.com/NLnetLabs/nsd/commit/91102da24d5949ccfec8fdab5bae2d01c4cabab5 + + + + + + + + + + CVE-2019-13224 on Ubuntu 20.04 (focal) - medium. + A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to obtain sensitive information, cause a denial of service or execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-10 14:15:00 UTC + 2019-07-10 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13224.html + https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 + https://ubuntu.com/security/notices/USN-4088-1 + + + + ebarretto> libevhtp doesn't ship oniguruma regex library since 1.2.15-1 mdeslaur> doesn't look like php uses the vulnerable function + + + + + + + + + + + + + CVE-2019-13273 on Ubuntu 20.04 (focal) - medium. + In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13273.html + https://lists.xymon.com/archive/2019-July/046570.html + + + + + + + + + + CVE-2019-13274 on Ubuntu 20.04 (focal) - medium. + In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13274.html + https://lists.xymon.com/archive/2019-July/046570.html + + + + + + + + + + CVE-2019-13281 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-04 20:15:00 UTC + Mike Zhang + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13281.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> poppler has additional checks and improved logic in the memory mdeslaur> allocation function, reproducer doesn't work. ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-13282 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-04 20:15:00 UTC + Mike Zhang + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13282.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842 + + + + jdstrand> xpdf in koffice is 2.0 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-13283 on Ubuntu 20.04 (focal) - low. + In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-04 20:15:00 UTC + 2019-07-04 20:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13283.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843 + https://ubuntu.com/security/notices/USN-4646-1 + + + + jdstrand> xpdf in koffice is 2.0 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-13286 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-04 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13286.html + https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> poppler has extra checks, reproducer didn't work ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-13287 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-04 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13287.html + https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> doesn't seem to reproduce in poppler ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-13288 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-04 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13288.html + https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> doesn't seem to reproduce in poppler ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-13289 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-04 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13289.html + https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> doesn't seem to reproduce in poppler ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-13290 on Ubuntu 20.04 (focal) - medium. + Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-04 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13290.html + http://git.ghostscript.com/?p=mupdf.git;h=aaf794439e40a2ef544f15b50c20e657414dec7a + http://git.ghostscript.com/?p=mupdf.git;h=ed19bc806809ad10c4ddce515d375581b86ede85 + https://bugs.ghostscript.com/show_bug.cgi?id=701118 + + + + + + + + + + CVE-2019-13291 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-04 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13291.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41818 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> doesn't seem to reproduce in poppler ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-13313 on Ubuntu 20.04 (focal) - medium. + libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-05 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13313.html + https://gitlab.com/libosinfo/libosinfo/-/tags + https://gitlab.com/libosinfo/libosinfo/blob/master/NEWS + https://libosinfo.org/download/ + https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html + + + + + + + + + + CVE-2019-13351 on Ubuntu 20.04 (focal) - low. + posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-05 20:15:00 UTC + https://github.com/xbmc/xbmc/issues/16258 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931488 + https://bugs.launchpad.net/ubuntu/+source/jackd2/+bug/1833479 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13351.html + https://github.com/jackaudio/jack2/pull/480 + + + + + + + + + + CVE-2019-13389 on Ubuntu 20.04 (focal) - medium. + RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-20 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13389.html + https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693 + + + + + + + + + + CVE-2019-13445 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-30 18:15:00 UTC + Danial Wang + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13445.html + https://github.com/ros/ros_comm/issues/1738 + https://github.com/ros/ros_comm/pull/1741 + https://github.com/ros/ros_comm/blob/melodic-devel/tools/rosbag/src/record.cpp#L129 + + + + + + + + + + CVE-2019-13451 on Ubuntu 20.04 (focal) - medium. + In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13451.html + https://lists.xymon.com/archive/2019-July/046570.html + + + + + + + + + + CVE-2019-13452 on Ubuntu 20.04 (focal) - medium. + In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13452.html + https://lists.xymon.com/archive/2019-July/046570.html + + + + + + + + + + CVE-2019-13455 on Ubuntu 20.04 (focal) - medium. + In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of &nbsp; expansion in acknowledge.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13455.html + https://lists.xymon.com/archive/2019-July/046570.html + + + + + + + + + + CVE-2019-13457 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13457.html + https://otrs.com/release-notes/otrs-security-advisory-2019-11/ + https://www.otrs.com/category/release-and-security-notes-en/ + + + + + + + + + + CVE-2019-13458 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-21 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13458.html + https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2019-13464 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid. msalvatore> For modsecurity, vulnerability is in the test suite. No security impact. msalvatore> There is securty impact for modsecurity-crs + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-09 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13464.html + https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386 + https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1391 + + + + + + + + + + + + + CVE-2019-13465 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package). NOTE: The reporter of this issue now believes it was a false alarm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-30 18:15:00 UTC + Danial Wang + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13465.html + https://github.com/ros/ros_comm/issues/1752 + https://github.com/ros/ros_comm/pull/1763 + + + + + + + + + + CVE-2019-13484 on Ubuntu 20.04 (focal) - medium. + In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of &nbsp; expansion in appfeed.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13484.html + https://lists.xymon.com/archive/2019-July/046570.html + + + + + + + + + + CVE-2019-13485 on Ubuntu 20.04 (focal) - medium. + In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13485.html + https://lists.xymon.com/archive/2019-July/046570.html + + + + + + + + + + CVE-2019-13486 on Ubuntu 20.04 (focal) - medium. + In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of &nbsp; expansion in svcstatus.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13486.html + https://lists.xymon.com/archive/2019-July/046570.html + + + + + + + + + + CVE-2019-13566 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer overflow allows attackers to cause a denial of service and possibly execute arbitrary code via an IP address with a long hostname. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-22 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945361 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13566.html + https://github.com/ros/ros_comm/issues/1735 + https://github.com/ros/ros_comm/pull/1771 + https://github.com/ros/ros_comm/releases + + + + + + + + + + CVE-2019-13568 on Ubuntu 20.04 (focal) - medium. + CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13568.html + + + + + + + + + + CVE-2019-13574 on Ubuntu 20.04 (focal) - medium. + In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-12 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931932 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13574.html + https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-mini_magick-version-4-9-4/ + https://github.com/minimagick/minimagick/commit/4cd5081e58810d3394d27a67219e8e4e0445d851 + https://github.com/minimagick/minimagick/compare/d484786...293f9bb + https://github.com/minimagick/minimagick/releases/tag/v4.9.4 + + + + + + + + + + CVE-2019-13590 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-14 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932082 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13590.html + https://sourceforge.net/p/sox/bugs/325/ + + + + + + + + + + CVE-2019-13602 on Ubuntu 20.04 (focal) - medium. + An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-14 21:15:00 UTC + 2019-07-14 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932131 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13602.html + https://ubuntu.com/security/notices/USN-4074-1 + + + + + + + + + + CVE-2019-13611 on Ubuntu 20.04 (focal) - low. + An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-16 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13611.html + https://github.com/miguelgrinberg/python-engineio/issues/128 + + + + + + + + + + CVE-2019-13616 on Ubuntu 20.04 (focal) - low. + SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-16 17:15:00 UTC + 2019-10-15 + https://bugzilla.libsdl.org/show_bug.cgi?id=4538 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940934 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13616.html + https://ubuntu.com/security/notices/USN-4156-1 + https://ubuntu.com/security/notices/USN-4156-2 + https://ubuntu.com/security/notices/USN-4238-1 + + + + + + + + + + + + + + + CVE-2019-13618 on Ubuntu 20.04 (focal) - medium. + In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-16 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13618.html + https://github.com/gpac/gpac/compare/440d475...6b4ab40 + https://github.com/gpac/gpac/issues/1250 + + + + + + + + + + CVE-2019-13619 on Ubuntu 20.04 (focal) - medium. + In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-17 20:15:00 UTC + 2019-07-17 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13619.html + https://www.wireshark.org/security/wnpa-sec-2019-20.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7e90aed666e809c0db5de9d1816802a7dcea28d9 + https://ubuntu.com/security/notices/USN-4133-1 + + + + + + + + + + CVE-2019-13626 on Ubuntu 20.04 (focal) - medium. + SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-17 16:15:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4522 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13626.html + https://bugzilla.libsdl.org/show_bug.cgi?id=4522 + https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3610 + + + + avital> The patch in SDL 2.0 is enormous and should be applied with care. The avital> upstream patch to backport is spread across three upstream commits: avital> https://hg.libsdl.org/SDL/rev/b06fa7da012b avital> https://hg.libsdl.org/SDL/rev/a39d8cdf50f4 avital> https://hg.libsdl.org/SDL/rev/572f29f98da0 + + + + + + + + + CVE-2019-13628 on Ubuntu 20.04 (focal) - low. + wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-03 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13628.html + https://github.com/wolfSSL/wolfssl/pull/2353 + + + + + + + + + + CVE-2019-13640 on Ubuntu 20.04 (focal) - medium. + In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-17 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13640.html + https://github.com/qbittorrent/qBittorrent/issues/10925 + + + + + + + + + + CVE-2019-13722 on Ubuntu 20.04 (focal) - medium. + Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-14 19:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13722.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-13722 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-13722 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2019-13734 on Ubuntu 20.04 (focal) - medium. + Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-10 22:15:00 UTC + 2019-12-10 22:15:00 UTC + Wenxiang Qian + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13734.html + https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html + https://crbug.com/1025466 + https://ubuntu.com/security/notices/USN-4298-1 + https://ubuntu.com/security/notices/USN-4298-2 + + + + + + + + + + + + + + CVE-2019-13750 on Ubuntu 20.04 (focal) - medium. + Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-10 22:15:00 UTC + 2019-12-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13750.html + https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html + https://crbug.com/1025464 + https://ubuntu.com/security/notices/USN-4298-1 + https://ubuntu.com/security/notices/USN-4298-2 + + + + mdeslaur> same commits as CVE-2019-13734 + + + + + + + + + + + + + CVE-2019-13751 on Ubuntu 20.04 (focal) - medium. + Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-10 22:15:00 UTC + 2019-12-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13751.html + https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html + https://crbug.com/1025465 + https://ubuntu.com/security/notices/USN-4298-1 + https://ubuntu.com/security/notices/USN-4298-2 + + + + + + + + + + + + + + CVE-2019-13752 on Ubuntu 20.04 (focal) - medium. + Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-10 22:15:00 UTC + 2019-12-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13752.html + https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html + https://crbug.com/1025470 + https://ubuntu.com/security/notices/USN-4298-1 + https://ubuntu.com/security/notices/USN-4298-2 + + + + + + + + + + + + + + CVE-2019-13753 on Ubuntu 20.04 (focal) - medium. + Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-10 22:15:00 UTC + 2019-12-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13753.html + https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html + https://crbug.com/1025471 + https://ubuntu.com/security/notices/USN-4298-1 + https://ubuntu.com/security/notices/USN-4298-2 + + + + + + + + + + + + + + CVE-2019-13952 on Ubuntu 20.04 (focal) - low. + The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-18 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932407 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13952.html + https://github.com/gdnsd/gdnsd/issues/185 + + + + + + + + + + CVE-2019-13962 on Ubuntu 20.04 (focal) - low. + lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-18 20:15:00 UTC + 2019-07-18 + https://trac.videolan.org/vlc/ticket/22240 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13962.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-13989 on Ubuntu 20.04 (focal) - medium. + dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-19 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597334 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13989.html + https://gitlab.com/aplevich/dpic/issues/4 + + + + + + + + + + CVE-2019-13990 on Ubuntu 20.04 (focal) - medium. + initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-26 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933169 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933170 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13990.html + https://github.com/quartz-scheduler/quartz/issues/467 + + + + + + + + + + + + + CVE-2019-14192 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14192.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + https://lists.denx.de/pipermail/u-boot/2019-July/378190.html + + + + + + + + + + CVE-2019-14193 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14193.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14194 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14194.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14195 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14195.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14196 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14196.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14197 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14197.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14198 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14198.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14199 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14199.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14200 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14200.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14201 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14201.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14202 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14202.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14203 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14203.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14204 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14204.html + https://blog.semmle.com/uboot-rce-nfs-vulnerability/ + https://gitlab.denx.de/u-boot/u-boot + + + + + + + + + + CVE-2019-14247 on Ubuntu 20.04 (focal) - medium. + The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-24 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14247.html + https://sourceforge.net/p/mpg321/bugs/51/ + + + + + + + + + + CVE-2019-14248 on Ubuntu 20.04 (focal) - low. + In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-24 04:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932907 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14248.html + https://bugzilla.nasm.us/show_bug.cgi?id=3392576 + + + + + + + + + + CVE-2019-14249 on Ubuntu 20.04 (focal) - medium. + dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-24 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14249.html + https://sourceforge.net/p/libdwarf/code/merge-requests/4/ + https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599 + + + + + + + + + + CVE-2019-14250 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-24 04:15:00 UTC + 2019-07-24 04:15:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14250.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2019-14267 on Ubuntu 20.04 (focal) - medium. + PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-29 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14267.html + https://github.com/enferex/pdfresurrect/commit/4ea7a6f4f51d0440da651d099247e2273f811dbc + http://packetstormsecurity.com/files/153767/pdfresurrect-0.15-Buffer-Overflow.html + https://github.com/enferex/pdfresurrect/commits/master + + + + + + + + + + CVE-2019-14274 on Ubuntu 20.04 (focal) - medium. + MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-26 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14274.html + https://sourceforge.net/p/mcpp/bugs/13/ + + + + + + + + + + CVE-2019-14275 on Ubuntu 20.04 (focal) - negligible. + Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-07-26 04:15:00 UTC + https://sourceforge.net/p/mcj/tickets/52/ + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933075 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14275.html + + + + + + + + + + CVE-2019-14288 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14288.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 + + + + jdstrand> xpdf in koffice is 2.0 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. mdeslaur> in poppler, this is CVE-2017-9776 + + + + + + + + + + + + CVE-2019-14289 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14289.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 + + + + jdstrand> xpdf in koffice is 2.0 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. mdeslaur> in poppler, this is CVE-2017-9776 + + + + + + + + + + + + CVE-2019-14290 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14290.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 + + + + jdstrand> xpdf in koffice is 2.0 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + + + + CVE-2019-14291 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14291.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 + + + + jdstrand> xpdf in koffice is 2.0 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + + + + CVE-2019-14292 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14292.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 + + + + jdstrand> xpdf in koffice is 2.0 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + + + + CVE-2019-14293 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14293.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 + + + + jdstrand> xpdf in koffice is 2.0 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + + + + CVE-2019-14294 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14294.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 + https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 + + + + jdstrand> xpdf in koffice is 2.0 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + + + + CVE-2019-14295 on Ubuntu 20.04 (focal) - medium. + An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-27 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933232 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14295.html + https://github.com/upx/upx/issues/286 + https://github.com/upx/upx/commit/58b122d97da1e02dfec24b10b6b8f56218b5622c + https://github.com/upx/upx/commit/6a53c0b3d499d62346a5c51034db543a4ef78ea3 + + + + + + + + + + CVE-2019-14296 on Ubuntu 20.04 (focal) - medium. + canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-27 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933232 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14296.html + https://github.com/upx/upx/issues/287 + https://github.com/upx/upx/commit/276b748aa6021c38a2dc699153f61b10e76bc3d2 + + + + + + + + + + CVE-2019-14317 on Ubuntu 20.04 (focal) - untriaged. + wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 18:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14317.html + https://www.wolfssl.com/docs/security-vulnerabilities/ + + + + + + + + + + CVE-2019-14318 on Ubuntu 20.04 (focal) - medium. + Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-30 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934326 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14318.html + https://github.com/weidai11/cryptopp/issues/869 + https://eprint.iacr.org/2011/232.pdf + https://tches.iacr.org/index.php/TCHES/article/view/7337 + + + + + + + + + + CVE-2019-14378 on Ubuntu 20.04 (focal) - low. + ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. It was discovered that a heap-based buffer overflow existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-29 11:15:00 UTC + 2019-07-29 11:15:00 UTC + sbeattie + https://gitlab.freedesktop.org/slirp/libslirp/issues/10 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14378.html + https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 + https://vishnudevtj.github.io/notes/qemu-vm-escape-cve-2019-14378 + https://ubuntu.com/security/notices/USN-4191-1 + https://ubuntu.com/security/notices/USN-4191-2 + + + + mdeslaur> located in slirp/src/ip_input.c in qemu + + + + + + + + + + + + + + + + + + + CVE-2019-14379 on Ubuntu 20.04 (focal) - medium. + SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-29 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933393 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14379.html + https://github.com/FasterXML/jackson-databind/issues/2387 + https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b + https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2 + + + + + + + + + + CVE-2019-14437 on Ubuntu 20.04 (focal) - medium. + The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 18:15:00 UTC + 2019-08-29 + Antonio Morales from the Semmle Security Team + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14437.html + https://www.videolan.org/security/sb-vlc308.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-14438 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 18:15:00 UTC + 2019-08-29 + Antonio Morales from the Semmle Security Team + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14438.html + https://www.videolan.org/security/sb-vlc308.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-14439 on Ubuntu 20.04 (focal) - medium. + A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-30 11:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933393 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14439.html + https://github.com/FasterXML/jackson-databind/issues/2389 + https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b + https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2 + + + + + + + + + + CVE-2019-14444 on Ubuntu 20.04 (focal) - medium. + apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-30 13:15:00 UTC + 2019-07-30 13:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24829 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14444.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2019-14459 on Ubuntu 20.04 (focal) - medium. + nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14459.html + https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b + https://github.com/phaag/nfdump/issues/171 + + + + + + + + + + CVE-2019-14462 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14462.html + https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc + https://libmodbus.org/2019/stable-and-development-releases/ + + + + ebarretto> Note that this fixes also CVE-2019-14463 and introduces a regression, ebarretto> please check CVE-2019-14463 for complete information. + + + + + + + + + CVE-2019-14463 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14463.html + https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc + https://libmodbus.org/2019/stable-and-development-releases/ + + + + ebarretto> Commit introduces regression, check if both commits are being applied. + + + + + + + + + CVE-2019-14464 on Ubuntu 20.04 (focal) - medium. + XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 23:15:00 UTC + 2019-07-31 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14464.html + https://github.com/milkytracker/MilkyTracker/issues/184 + https://ubuntu.com/security/notices/USN-4499-1 + + + + + + + + + + CVE-2019-14465 on Ubuntu 20.04 (focal) - medium. + fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14465.html + https://github.com/schismtracker/schismtracker/issues/198 + https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42 + + + + + + + + + + CVE-2019-14466 on Ubuntu 20.04 (focal) - medium. + The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 18:15:00 UTC + 2019-12-31 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14466.html + https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b (fix) + https://github.com/gosa-project/gosa-core/commit/90b674960335d888c76ca5e99027df8e7fa66f3a (fixing the prev commit) + https://github.com/gosa-project/gosa-core/pull/30#issuecomment-521975100 + https://ubuntu.com/security/notices/USN-4609-1 + + + + + + + + + + CVE-2019-14468 on Ubuntu 20.04 (focal) - medium. + GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-01 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14468.html + https://sourceforge.net/p/open-cobol/bugs/581/ + + + + + + + + + + CVE-2019-14486 on Ubuntu 20.04 (focal) - medium. + GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-01 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14486.html + https://sourceforge.net/p/open-cobol/bugs/582/ + + + + + + + + + + CVE-2019-14491 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. It was discovered that OpenCV incorrectly handled certain files. An attaacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-01 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14491.html + https://github.com/opencv/opencv/compare/33b765d...4a7ca5a + https://github.com/opencv/opencv/compare/371bba8...ddbd10c + https://github.com/opencv/opencv/issues/15125 + + + + + + + + + + CVE-2019-14492 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. It was discovered that OpenCV incorrectly handled certain files. An attaacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-01 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14492.html + https://github.com/opencv/opencv/compare/33b765d...4a7ca5a + https://github.com/opencv/opencv/compare/371bba8...ddbd10c + https://github.com/opencv/opencv/issues/15124 + + + + + + + + + + CVE-2019-14496 on Ubuntu 20.04 (focal) - medium. + LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-01 18:15:00 UTC + 2019-08-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14496.html + https://github.com/milkytracker/MilkyTracker/issues/183 + https://ubuntu.com/security/notices/USN-4499-1 + + + + + + + + + + CVE-2019-14497 on Ubuntu 20.04 (focal) - medium. + ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-01 18:15:00 UTC + 2019-08-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14497.html + https://github.com/milkytracker/MilkyTracker/issues/182 + https://ubuntu.com/security/notices/USN-4499-1 + + + + + + + + + + CVE-2019-14498 on Ubuntu 20.04 (focal) - medium. + A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 18:15:00 UTC + 2019-08-29 + Antonio Morales from the Semmle Security Team + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14498.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-14511 on Ubuntu 20.04 (focal) - medium. + Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-22 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939762 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14511.html + https://github.com/manticoresoftware/manticoresearch/issues/261 + https://github.com/manticoresoftware/manticoresearch/commit/023c9b2acb24db5e9c6d8052afa68660aeee8d3e + + + + + + + + + + CVE-2019-14523 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-02 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933809 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14523.html + https://github.com/schismtracker/schismtracker/issues/202 + + + + + + + + + + CVE-2019-14524 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-02 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933808 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14524.html + https://github.com/schismtracker/schismtracker/issues/201 + + + + + + + + + + CVE-2019-14528 on Ubuntu 20.04 (focal) - medium. + GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-02 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933884 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14528.html + https://sourceforge.net/p/open-cobol/bugs/583/ + + + + + + + + + + CVE-2019-14531 on Ubuntu 20.04 (focal) - low. + An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-02 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14531.html + https://github.com/sleuthkit/sleuthkit/issues/1576 + + + + + + + + + + CVE-2019-14532 on Ubuntu 20.04 (focal) - low. + An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-02 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14532.html + https://github.com/sleuthkit/sleuthkit/issues/1575 + + + + + + + + + + CVE-2019-14533 on Ubuntu 20.04 (focal) - medium. + The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 19:15:00 UTC + 2019-08-29 + Antonio Morales from the Semmle Security Team + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14533.html + https://www.videolan.org/security/sb-vlc308.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-14534 on Ubuntu 20.04 (focal) - medium. + In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 19:15:00 UTC + 2019-08-29 + Antonio Morales from the Semmle Security Team + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14534.html + https://www.videolan.org/security/sb-vlc308.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-14535 on Ubuntu 20.04 (focal) - medium. + A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 18:15:00 UTC + 2019-08-29 + Antonio Morales from the Semmle Security Team + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14535.html + https://www.videolan.org/security/sb-vlc308.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-14540 on Ubuntu 20.04 (focal) - medium. + A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-15 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14540.html + https://github.com/FasterXML/jackson-databind/issues/2410 + https://github.com/FasterXML/jackson-databind/issues/2449 + https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de + https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x + + + + + + + + + + CVE-2019-14541 on Ubuntu 20.04 (focal) - medium. + GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-02 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933884 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14541.html + https://sourceforge.net/p/open-cobol/bugs/584/ + + + + + + + + + + CVE-2019-14553 on Ubuntu 20.04 (focal) - negligible. + Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941775 + https://bugzilla.redhat.com/show_bug.cgi?id=1758518 + https://bugzilla.tianocore.org/show_bug.cgi?id=960 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14553.html + + + + mdeslaur> Ubuntu packages aren't built with TLS_ENABLE, so HTTPS isn't mdeslaur> enabled. + + + + + + + + + CVE-2019-14560 on Ubuntu 20.04 (focal) - low. + GetEfiGlobalVariable2() return value not checked + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:00:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=2167 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14560.html + + + + mdeslaur> as of 2021-06-15, proposed patch not commited upstream + + + + + + + + + CVE-2019-14662 on Ubuntu 20.04 (focal) - low. + Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-05 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933996 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14662.html + https://sourceforge.net/p/brandy/bugs/7/ + + + + + + + + + + CVE-2019-14663 on Ubuntu 20.04 (focal) - low. + Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-05 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933996 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14663.html + https://sourceforge.net/p/brandy/bugs/6/ + + + + + + + + + + CVE-2019-14664 on Ubuntu 20.04 (focal) - medium. + In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-05 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14664.html + https://sourceforge.net/p/enigmail/bugs/984/ + https://www.enigmail.net/index.php/en/download/changelog + + + + + + + + + + CVE-2019-14665 on Ubuntu 20.04 (focal) - low. + Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-05 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933996 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14665.html + https://sourceforge.net/p/brandy/bugs/8/ + + + + + + + + + + CVE-2019-14690 on Ubuntu 20.04 (focal) - low. + AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-06 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14690.html + https://github.com/adplug/adplug/issues/85 + + + + + + + + + + CVE-2019-14691 on Ubuntu 20.04 (focal) - low. + AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-06 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14691.html + https://github.com/adplug/adplug/issues/86 + + + + + + + + + + CVE-2019-14692 on Ubuntu 20.04 (focal) - low. + AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-06 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14692.html + https://github.com/adplug/adplug/issues/87 + + + + + + + + + + CVE-2019-14697 on Ubuntu 20.04 (focal) - medium. + musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-06 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14697.html + https://git.musl-libc.org/cgit/musl/patch/?id=f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441 + https://git.musl-libc.org/cgit/musl/patch/?id=6818c31c9bc4bbad5357f1de14bedf781e5b349e + https://www.openwall.com/lists/oss-security/2019/08/06/1 + http://www.openwall.com/lists/oss-security/2019/08/06/4 + https://www.openwall.com/lists/musl/2019/08/06/1 + + + + + + + + + + CVE-2019-14732 on Ubuntu 20.04 (focal) - medium. + AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-07 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14732.html + https://github.com/adplug/adplug/issues/88 + + + + + + + + + + CVE-2019-14733 on Ubuntu 20.04 (focal) - medium. + AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-07 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14733.html + https://github.com/adplug/adplug/issues/89 + + + + + + + + + + CVE-2019-14734 on Ubuntu 20.04 (focal) - medium. + AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-07 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14734.html + https://github.com/adplug/adplug/issues/90 + + + + + + + + + + CVE-2019-14744 on Ubuntu 20.04 (focal) - medium. + In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-07 15:15:00 UTC + 2019-08-07 + https://bugs.launchpad.net/ubuntu/+source/kconfig/+bug/1839432 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14744.html + https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt + https://kde.org/info/security/advisory-20190807-1.txt + https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/ + https://phabricator.kde.org/D22979 + https://ubuntu.com/security/notices/USN-4100-1 + + + + + + + + + + CVE-2019-14745 on Ubuntu 20.04 (focal) - medium. + In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-07 15:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934204 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14745.html + https://github.com/radare/radare2/pull/14690 + https://bananamafia.dev/post/r2-pwndebian/ + https://github.com/radare/radare2/releases/tag/3.7.0 + + + + msalvatore> The fix for this CVE introduces a new vulnerability (CVE-2019-16718). + + + + + + + + + CVE-2019-14776 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 19:15:00 UTC + 2019-08-29 + Antonio Morales from the Semmle Security Team + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14776.html + https://www.videolan.org/security/sb-vlc308.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-14777 on Ubuntu 20.04 (focal) - medium. + The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 19:15:00 UTC + 2019-08-29 + Antonio Morales from the Semmle Security Team + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14777.html + https://www.videolan.org/security/sb-vlc308.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-14778 on Ubuntu 20.04 (focal) - medium. + The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 19:15:00 UTC + 2019-08-29 + Antonio Morales from the Semmle Security Team + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14778.html + https://www.videolan.org/security/sb-vlc308.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-14818 on Ubuntu 20.04 (focal) - low. + A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 17:15:00 UTC + 2019-11-12 15:00:00 UTC + Jason Wang + 2019-11-12 15:00:00 UTC + https://bugs.dpdk.org/show_bug.cgi?id=363 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14818.html + http://mails.dpdk.org/archives/announce/2019-November/000293.html + https://ubuntu.com/security/notices/USN-4189-1 + + + + + + + + + + CVE-2019-14824 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-08 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944150 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14824.html + https://bugzilla.redhat.com/show_bug.cgi?id=1747448 + https://pagure.io/freeipa/issue/8050 + + + + + + + + + + CVE-2019-14826 on Ubuntu 20.04 (focal) - medium. + A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14826.html + https://bugzilla.redhat.com/show_bug.cgi?id=1746944 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14826 + + + + msalvatore> Introduced in commit https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c + + + + + + + + + CVE-2019-14834 on Ubuntu 20.04 (focal) - low. + A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-07 17:15:00 UTC + 2020-01-07 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948373 + https://bugzilla.redhat.com/show_bug.cgi?id=1764425 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14834.html + https://ubuntu.com/security/notices/USN-4698-1 + + + + + + + + + + CVE-2019-14846 on Ubuntu 20.04 (focal) - low. + In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14846.html + https://bugzilla.redhat.com/show_bug.cgi?id=1755373 + https://github.com/ansible/ansible/pull/63366 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846 + + + + + + + + + + CVE-2019-14850 on Ubuntu 20.04 (focal) - medium. + A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-18 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14850.html + https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html + https://github.com/libguestfs/nbdkit/commit/c05686f9577fa91b6a3a4d8c065954ca6fc3fd62 + https://github.com/libguestfs/nbdkit/commit/a6b88b195a959b17524d1c8353fd425d4891dc5f + https://github.com/libguestfs/nbdkit/commit/e06cde00659ff97182173d0e33fff784041bcb4a + https://github.com/libguestfs/nbdkit/commit/bf0d61883a2f02f4388ec10dc92d4c61c093679e + https://github.com/libguestfs/nbdkit/commit/22b30adb796bb6dca264a38598f80b8a234ff978 + https://github.com/libguestfs/nbdkit/commit/b2bc6683ea3cd1f6be694e8a681dfa411b7d15f3 + + + + + + + + + + CVE-2019-14851 on Ubuntu 20.04 (focal) - medium. + A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-18 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14851.html + https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html + https://github.com/libguestfs/nbdkit/commit/a6b88b195a959b17524d1c8353fd425d4891dc5f + https://github.com/libguestfs/nbdkit/commit/bf0d61883a2f02f4388ec10dc92d4c61c093679e + https://github.com/libguestfs/nbdkit/commit/b2bc6683ea3cd1f6be694e8a681dfa411b7d15f3 + + + + + + + + + + CVE-2019-14855 on Ubuntu 20.04 (focal) - low. + A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-20 16:15:00 UTC + 2020-03-20 16:15:00 UTC + https://dev.gnupg.org/T4755 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14855.html + https://eprint.iacr.org/2020/014.pdf + https://ubuntu.com/security/notices/USN-4516-1 + + + + mdeslaur> in master, gnupg disables SHA-1 signatures completely. In the mdeslaur> 2.2 branch, it disables SHA-1 signatures after a certain date mdeslaur> only. + + + + + + + + + + + + CVE-2019-14857 on Ubuntu 20.04 (focal) - medium. + A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14857.html + https://github.com/zmartzone/mod_auth_openidc/commit/5c15dfb08106c2451c2c44ce7ace6813c216ba75 + https://github.com/zmartzone/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e + https://github.com/zmartzone/mod_auth_openidc/pull/451 + https://groups.google.com/forum/#!topic/mod_auth_openidc/boy1Ba3Gdk4 + + + + + + + + + + CVE-2019-14858 on Ubuntu 20.04 (focal) - low. + A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-14 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14858.html + https://bugzilla.redhat.com/show_bug.cgi?id=1760593 + + + + + + + + + + CVE-2019-14863 on Ubuntu 20.04 (focal) - low. + There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-02 15:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14863.html + https://snyk.io/vuln/npm:angular:20150807 + + + + + + + + + + CVE-2019-14867 on Ubuntu 20.04 (focal) - medium. + A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-27 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14867.html + https://pagure.io/freeipa/c/4abd2f76d76c4c1a1ec5087ec447f4515b63c2c6 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14867 + https://www.freeipa.org/page/Releases/4.6.7 + https://www.freeipa.org/page/Releases/4.7.4 + https://www.freeipa.org/page/Releases/4.8.3 + + + + + + + + + + CVE-2019-14868 on Ubuntu 20.04 (focal) - low. + In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. It was discovered that Korn Shell incorrectly handled environment variables. A remote attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-02 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14868.html + https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2 + + + + + + + + + + CVE-2019-14871 on Ubuntu 20.04 (focal) - medium. + The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-18 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14871.html + https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ + + + + + + + + + + CVE-2019-14872 on Ubuntu 20.04 (focal) - medium. + The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14872.html + https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ + + + + + + + + + + CVE-2019-14873 on Ubuntu 20.04 (focal) - medium. + In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14873.html + https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ + + + + + + + + + + CVE-2019-14874 on Ubuntu 20.04 (focal) - medium. + In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14874.html + https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ + + + + + + + + + + CVE-2019-14875 on Ubuntu 20.04 (focal) - medium. + In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14875.html + https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ + + + + + + + + + + CVE-2019-14876 on Ubuntu 20.04 (focal) - medium. + In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14876.html + https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ + + + + + + + + + + CVE-2019-14877 on Ubuntu 20.04 (focal) - medium. + In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14877.html + https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ + + + + + + + + + + CVE-2019-14878 on Ubuntu 20.04 (focal) - medium. + In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14878.html + https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ + + + + + + + + + + CVE-2019-14888 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-23 17:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1772464 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14888.html + + + + + + + + + + CVE-2019-14892 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14892.html + https://github.com/FasterXML/jackson-databind/issues/2462 + https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af + https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b + + + + + + + + + + CVE-2019-14893 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14893.html + https://github.com/FasterXML/jackson-databind/issues/2469 + https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317 + + + + + + + + + + CVE-2019-14899 on Ubuntu 20.04 (focal) - low. + A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 15:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14899.html + https://www.openwall.com/lists/oss-security/2019/12/05/1 + https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/ + + + + amurray| No current fix from upstream as of 2019-12-13 sbeattie| it is asserted that the Linux XFRM IPsec implementation does not allow bypassing by routing. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-14902 on Ubuntu 20.04 (focal) - low. + There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 18:15:00 UTC + 2020-01-21 + 2020-01-21 + https://bugzilla.samba.org/show_bug.cgi?id=12497 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14902.html + https://www.samba.org/samba/security/CVE-2019-14902.html + https://ubuntu.com/security/notices/USN-4244-1 + + + + mdeslaur> difficult and risky backport to 4.3 in xenial. Workaround: mdeslaur> Use of 'samba-tool drs replicate $DC1 $DC2 $NC --full-sync' will mdeslaur> cause all ACLs to be syncronised from DC2 to DC1, for the given mdeslaur> NC (naming context) + + + + + + + + + CVE-2019-14904 on Ubuntu 20.04 (focal) - low. + A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-26 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14904.html + https://bugzilla.redhat.com/show_bug.cgi?id=1776944 + + + + + + + + + + CVE-2019-14905 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-31 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14905.html + https://bugzilla.redhat.com/show_bug.cgi?id=1776943 + + + + + + + + + + CVE-2019-14907 on Ubuntu 20.04 (focal) - low. + All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 18:15:00 UTC + 2020-01-21 + mdeslaur + Robert Święcki + 2020-01-21 + https://bugzilla.samba.org/show_bug.cgi?id=14208 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14907.html + https://ubuntu.com/security/notices/USN-4244-1 + + + + + + + + + + CVE-2019-14934 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-11 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14934.html + https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6 + https://github.com/enferex/pdfresurrect/compare/v0.17...v0.18 + + + + + + + + + + CVE-2019-14939 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-12 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934712 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14939.html + https://github.com/mysqljs/mysql/issues/2257 + + + + + + + + + + CVE-2019-14970 on Ubuntu 20.04 (focal) - medium. + A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 19:15:00 UTC + 2019-08-29 + Antonio Morales from the Semmle Security Team + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14970.html + https://www.videolan.org/security/sb-vlc308.html + https://ubuntu.com/security/notices/USN-4131-1 + + + + + + + + + + CVE-2019-14973 on Ubuntu 20.04 (focal) - low. + _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-14 06:15:00 UTC + 2019-08-14 06:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934780 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14973.html + https://gitlab.com/libtiff/libtiff/merge_requests/90 + https://ubuntu.com/security/notices/USN-4158-1 + + + + + + + + + + CVE-2019-15052 on Ubuntu 20.04 (focal) - medium. + The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-14 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15052.html + https://github.com/gradle/gradle/issues/10278 + https://github.com/gradle/gradle/pull/10176 + https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95 + + + + ebarretto> According to upstream advisory a backport of the fix (still unknown) ebarretto> might be unfeasible. + + + + + + + + + CVE-2019-15058 on Ubuntu 20.04 (focal) - medium. + stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-14 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934973 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15058.html + https://github.com/nothings/stb/issues/790 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934973 + https://security-tracker.debian.org/tracker/CVE-2019-15058 + https://www.cvedetails.com/cve/CVE-2019-15058/ + https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1695025.html + https://www.suse.com/security/cve/CVE-2019-15058/ + + + + + + + + + + CVE-2019-15132 on Ubuntu 20.04 (focal) - low. + Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php. It was discovered that Zabbix incorrectly handled failed login attempts. A remote attacker could possibly use this issue to enumerate users. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-17 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935027 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15132.html + https://support.zabbix.com/browse/ZBX-16532 + + + + + + + + + + CVE-2019-15151 on Ubuntu 20.04 (focal) - medium. + AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-18 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15151.html + https://github.com/adplug/adplug/issues/91 + + + + + + + + + + CVE-2019-15213 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-19 22:15:00 UTC + https://bugzilla.kernel.org/show_bug.cgi?id=204597 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15213.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7 + https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced + https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/ + + + + tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system tyhicks> Ben Hutchings noticed that commit 6cf97230cd5f ("media: dvb: usb: fix use after free in dvb_usb_device_exit"), which is mentioned in the CVE references for this issue, likely doesn't fix the problem. See the lore reference above for details. I think Ben is correct and have adjusted our break-fix metadata to use the break commit that he pointed out. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15232 on Ubuntu 20.04 (focal) - medium. + Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-20 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15232.html + http://www.live555.com/liveMedia/public/changelog.txt + + + + + + + + + + CVE-2019-15237 on Ubuntu 20.04 (focal) - low. + Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-20 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15237.html + https://github.com/roundcube/roundcubemail/issues/6891 + + + + + + + + + + CVE-2019-15296 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left). It was discovered that Freeware Advanced Audio Decoder 2 incorrectly handled certain mp4 files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-21 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15296.html + https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174 + + + + + + + + + + CVE-2019-15297 on Ubuntu 20.04 (focal) - medium. + res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-09 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15297.html + http://downloads.asterisk.org/pub/security/AST-2019-004.html + http://packetstormsecurity.com/files/154371/Asterisk-Project-Security-Advisory-AST-2019-004.html + http://downloads.asterisk.org/pub/security/AST-2019-004-15.diff + http://downloads.asterisk.org/pub/security/AST-2019-004-16.diff + + + + + + + + + + CVE-2019-15486 on Ubuntu 20.04 (focal) - untriaged. + django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-08-23 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15486.html + + + + + + + + + + CVE-2019-15522 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-20 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15522.html + https://github.com/LINBIT/csync2/pull/13/commits/0ecfc333da51575f188dd7cf6ac4974d13a800b1 + + + + + + + + + + CVE-2019-15523 on Ubuntu 20.04 (focal) - low. + An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-30 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15523.html + https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2 + + + + + + + + + + CVE-2019-15531 on Ubuntu 20.04 (focal) - medium. + GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. It was discovered that Libextractor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-23 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935553 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15531.html + https://bugs.gnunet.org/view.php?id=5846 + https://git.gnunet.org/libextractor.git/commit/?id=d2b032452241708bee68d02aa02092cfbfba951a + https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html + + + + + + + + + + CVE-2019-15587 on Ubuntu 20.04 (focal) - medium. + In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-22 21:15:00 UTC + 2019-10-22 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942894 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15587.html + https://hackerone.com/reports/709009 + https://ubuntu.com/security/notices/USN-4498-1 + + + + + + + + + + CVE-2019-15604 on Ubuntu 20.04 (focal) - medium. + Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-07 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15604.html + https://hackerone.com/reports/746733 + https://nodejs.org/en/blog/release/v13.8.0/ + + + + + + + + + + CVE-2019-15605 on Ubuntu 20.04 (focal) - medium. + HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-07 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15605.html + https://hackerone.com/reports/735748 + https://nodejs.org/en/blog/release/v13.8.0/ + + + + + + + + + + CVE-2019-15606 on Ubuntu 20.04 (focal) - medium. + Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-07 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15606.html + https://hackerone.com/reports/730779 + https://nodejs.org/en/blog/release/v13.8.0/ + + + + + + + + + + CVE-2019-1563 on Ubuntu 20.04 (focal) - low. + In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-10 17:15:00 UTC + 2019-09-10 17:15:00 UTC + Bernd Edlinger + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1563.html + https://www.openssl.org/news/secadv/20190910.txt + https://ubuntu.com/security/notices/USN-4376-1 + https://ubuntu.com/security/notices/USN-4376-2 + https://ubuntu.com/security/notices/USN-4504-1 + + + + + + + + + + + + + CVE-2019-15651 on Ubuntu 20.04 (focal) - medium. + wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15651.html + https://github.com/wolfSSL/wolfssl/issues/2421 + + + + + + + + + + CVE-2019-15678 on Ubuntu 20.04 (focal) - medium. + TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. Pavel Cheremushkin discovered that TightVNC contains a heap buffer overflow vulnerability. An attacker could use it to cause a Denial of Service or possible a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + Pavel Cheremushkin + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15678.html + https://www.openwall.com/lists/oss-security/2018/12/10/5 + + + + mdeslaur> this CVE is for tightvnc, the equivalent flaw was CVE-2018-20019 mdeslaur> in libvncserver + + + + + + + + + + + + + + + + + + + CVE-2019-15679 on Ubuntu 20.04 (focal) - medium. + TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. Pavel Cheremushkin discovered that TightVNC contains a heap buffer overflow vulnerability. An attacker could use it to cause a Denial of Service or possible a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + Pavel Cheremushkin + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15679.html + https://www.openwall.com/lists/oss-security/2018/12/10/5 + + + + mdeslaur> this CVE is for tightvnc, the equivalent flaw was CVE-2018-20748 mdeslaur> in libvncserver + + + + + + + + + + + + + + + + CVE-2019-15680 on Ubuntu 20.04 (focal) - low. + TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. Pavel Cheremushkin discovered that TightVNC has a null pointer dereference vulnerability. An attacker could use it to cause a Denial of Service or possible a remote code execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + 2019-10-29 19:15:00 UTC + avital + Pavel Cheremushkin + https://github.com/LibVNC/libvncserver/issues/359 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15680.html + https://www.openwall.com/lists/oss-security/2018/12/10/5 + https://ubuntu.com/security/notices/USN-4407-1 + + + + mdeslaur> per upstream, this is a non-issue in libvncserver as checks are mdeslaur> already done in zlib, see: mdeslaur> https://github.com/LibVNC/libvncserver/issues/359#issuecomment-599133529 mdeslaur> for completeness, the fix was added to focal and earlier mdeslaur> releases, but will not be added to groovy+ + + + + + + + + + + + + + + + + CVE-2019-15681 on Ubuntu 20.04 (focal) - low. + LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. Pavel Cheremushkin discovered that TightVNC has a memory leak vulnerability. An attacker could use it to disclosure sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + 2019-10-29 19:15:00 UTC + mdeslaur + Pavel Cheremushkin + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943793 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15681.html + https://ubuntu.com/security/notices/USN-4407-1 + https://ubuntu.com/security/notices/USN-4547-1 + https://ubuntu.com/security/notices/USN-4573-1 + https://ubuntu.com/security/notices/USN-4587-1 + + + + + + + + + + + + + + + + + CVE-2019-15682 on Ubuntu 20.04 (focal) - medium. + RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-30 16:15:00 UTC + Pavel Cheremushkin + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15682.html + https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4/ + + + + + + + + + + CVE-2019-15690 on Ubuntu 20.04 (focal) - medium. + heap buffer overflow in libvncclient/cursor.c related to large cursor sizes when connected to a malicious server + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:00:00 UTC + 2019-12-31 00:00:00 UTC + avital + Pavel Cheremushkin + https://github.com/LibVNC/libvncserver/issues/381 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15690.html + https://www.openwall.com/lists/oss-security/2019/12/20/2 + https://ubuntu.com/security/notices/USN-4407-1 + + + + + + + + + + + + + CVE-2019-15691 on Ubuntu 20.04 (focal) - medium. + TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-26 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947428 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15691.html + https://www.openwall.com/lists/oss-security/2019/12/20/2 + https://github.com/TigerVNC/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40 (master) + https://github.com/TigerVNC/tigervnc/commit/042de4642293df9b72a08189c249e2da79cbca91 (v1.10.1) + https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40 + https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 + + + + + + + + + + CVE-2019-15692 on Ubuntu 20.04 (focal) - medium. + TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-26 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947428 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15692.html + https://www.openwall.com/lists/oss-security/2019/12/20/2 + https://github.com/TigerVNC/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821 (master) + https://github.com/TigerVNC/tigervnc/commit/ff08ca78b24b5a4ed5263245c7ce8744059ff4ad (v1.10.1) + https://github.com/CendioOssman/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821 + https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 + + + + + + + + + + CVE-2019-15693 on Ubuntu 20.04 (focal) - medium. + TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-26 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947428 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15693.html + https://www.openwall.com/lists/oss-security/2019/12/20/2 + https://github.com/TigerVNC/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95 (master) + https://github.com/TigerVNC/tigervnc/commit/46c081926efd83c90a45c0a96b1b5bc1927e1346 (v1.10.1) + https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95 + https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 + + + + + + + + + + CVE-2019-15694 on Ubuntu 20.04 (focal) - medium. + TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-26 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947428 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15694.html + https://www.openwall.com/lists/oss-security/2019/12/20/2 + https://github.com/TigerVNC/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438 (master) + https://github.com/TigerVNC/tigervnc/commit/f287032d3643a6437f7de0ed35f4c45bb735522d (v1.10.1) + https://github.com/CendioOssman/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438 + https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 + + + + + + + + + + CVE-2019-15695 on Ubuntu 20.04 (focal) - medium. + TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-26 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947428 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15695.html + https://www.openwall.com/lists/oss-security/2019/12/20/2 + https://github.com/TigerVNC/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89 (master) + https://github.com/TigerVNC/tigervnc/commit/6c47340e095258a959c95db9aa2a6c715d62bf7c (v1.10.1) + https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89 + https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1 + + + + + + + + + + CVE-2019-15753 on Ubuntu 20.04 (focal) - low. + In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-28 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939288 + https://launchpad.net/bugs/1837252 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15753.html + https://security.openstack.org/ossa/OSSA-2019-004.html + http://www.openwall.com/lists/oss-security/2019/08/29/2 + https://review.opendev.org/672834 + https://review.opendev.org/678098 + + + + mdeslaur> code introduced in 1.15.0 + + + + + + + + + CVE-2019-15767 on Ubuntu 20.04 (focal) - medium. + In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=936023 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15767.html + https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html + https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00005.html + + + + + + + + + + CVE-2019-15847 on Ubuntu 20.04 (focal) - negligible. + The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-09-02 23:15:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15847.html + + + + mdeslaur> this is part of the power9 ISA, and Ubuntu binaries are built mdeslaur> with the power8 ISA, so no binaries in the archive are affected mdeslaur> mdeslaur> setting priority to negligible + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15860 on Ubuntu 20.04 (focal) - medium. + Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-03 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15860.html + https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication that poppler is vulnerable to this issue + + + + + + + + + CVE-2019-15890 on Ubuntu 20.04 (focal) - low. + libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. It was discovered that a use-after-free vulnerability existed in the SLiRP networking implementation of QEMU. A local attacker in a guest could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 17:15:00 UTC + 2019-09-06 17:15:00 UTC + sbeattie + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15890.html + https://www.openwall.com/lists/oss-security/2019/09/06/3 + http://www.openwall.com/lists/oss-security/2019/09/06/3 + https://ubuntu.com/security/notices/USN-4191-1 + https://ubuntu.com/security/notices/USN-4191-2 + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15903 on Ubuntu 20.04 (focal) - medium. + In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-04 06:15:00 UTC + 2019-09-04 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15903.html + https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 + https://github.com/libexpat/libexpat/issues/317 + https://github.com/libexpat/libexpat/pull/318 + https://ubuntu.com/security/notices/USN-4132-1 + https://ubuntu.com/security/notices/USN-4132-2 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903 + https://ubuntu.com/security/notices/USN-4165-1 + https://ubuntu.com/security/notices/USN-4202-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15939 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-05 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15939.html + https://github.com/OpenCV/opencv/issues/15287 + https://github.com/opencv/opencv/pull/15382 + + + + + + + + + + CVE-2019-15941 on Ubuntu 20.04 (focal) - medium. + OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-25 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15941.html + + + + + + + + + + CVE-2019-15945 on Ubuntu 20.04 (focal) - medium. + OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-05 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15945.html + https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68 + https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4 + + + + + + + + + + CVE-2019-15946 on Ubuntu 20.04 (focal) - medium. + OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-05 17:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939669 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15946.html + https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740 + https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4 + + + + + + + + + + CVE-2019-16056 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 18:15:00 UTC + 2019-09-06 18:15:00 UTC + mdeslaur + https://bugs.python.org/issue34155 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16056.html + https://ubuntu.com/security/notices/USN-4151-1 + https://ubuntu.com/security/notices/USN-4151-2 + + + + seth-arnold> This has a very high risk of regression. Email addresses should not be validated beyond making sure there's at least one byte on both sides of an '@' sign. Legal email addresses are significantly more complicated than what is easy to express in regex. seth-arnold> Whatever validation this module provides is in my opinion suspect. + + + + + + + + + CVE-2019-16058 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16058.html + + + + + + + + + + CVE-2019-16088 on Ubuntu 20.04 (focal) - medium. + Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16088.html + https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> doesn't look like the affected code is in poppler + + + + + + + + + CVE-2019-16089 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 23:15:00 UTC + 2019-09-06 23:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1150004 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16089.html + https://lore.kernel.org/patchwork/patch/1106884/ + https://lore.kernel.org/patchwork/patch/1126650/ + https://lore.kernel.org/lkml/20190911164013.27364-1-navid.emamdoost@gmail.com/ + https://ubuntu.com/security/notices/USN-4414-1 + https://ubuntu.com/security/notices/USN-4425-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + + + + sbeattie> fix has not landed upstream as of 2020-04-22 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-16115 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-08 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16115.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41872 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication that this affects poppler + + + + + + + + + CVE-2019-16163 on Ubuntu 20.04 (focal) - medium. + Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-09 17:15:00 UTC + 2019-09-09 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939988 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16163.html + https://github.com/kkos/oniguruma/issues/147 + https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180 + https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3 + https://ubuntu.com/security/notices/USN-4460-1 + + + + + + + + + + CVE-2019-16165 on Ubuntu 20.04 (focal) - medium. + GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-09 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939915 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16165.html + https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html + + + + + + + + + + CVE-2019-16166 on Ubuntu 20.04 (focal) - medium. + GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-09 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939916 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16166.html + https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00000.html + + + + + + + + + + CVE-2019-16167 on Ubuntu 20.04 (focal) - low. + sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-09 17:15:00 UTC + 2019-09-09 17:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939914 + https://github.com/sysstat/sysstat/issues/230 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16167.html + https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6 + https://ubuntu.com/security/notices/USN-4242-1 + + + + + + + + + + CVE-2019-16201 on Ubuntu 20.04 (focal) - medium. + WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. It was discovered that WEBrick as provided by JRuby was vulnerable to a denial of service attack due to catastrophic backtracking in certain regular expressions. An attacker could use this vulnerability to cause JRuby to consume system resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 18:15:00 UTC + 2019-11-20 00:00:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16201.html + https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/ + https://ubuntu.com/security/notices/USN-4201-1 + + + + + + + + + + CVE-2019-16217 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16217.html + https://core.trac.wordpress.org/changeset/45936 + https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/ + + + + + + + + + + CVE-2019-16218 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.3 allows XSS in stored comments. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16218.html + https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/ + + + + + + + + + + CVE-2019-16219 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.3 allows XSS in shortcode previews. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16219.html + https://fortiguard.com/zeroday/FG-VD-18-165 + https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/ + + + + + + + + + + CVE-2019-16220 on Ubuntu 20.04 (focal) - medium. + In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16220.html + https://core.trac.wordpress.org/changeset/45971 + https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28 + https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/ + + + + + + + + + + CVE-2019-16221 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.3 allows reflected XSS in the dashboard. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16221.html + https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/ + + + + + + + + + + CVE-2019-16222 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16222.html + https://core.trac.wordpress.org/changeset/45997 + https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68 + https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/ + + + + + + + + + + CVE-2019-16223 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.3 allows XSS in post previews by authenticated users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16223.html + https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/ + + + + + + + + + + CVE-2019-16224 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16224.html + https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20initialization%20vuln + + + + + + + + + + CVE-2019-16225 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16225.html + https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20write%20to%20illegal%20address + + + + + + + + + + CVE-2019-16226 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16226.html + https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20memory%20corruption%20vuln + + + + + + + + + + CVE-2019-16227 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16227.html + https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20memcpy%20illegal%20dst + + + + + + + + + + CVE-2019-16228 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16228.html + https://github.com/TeamSeri0us/pocs/tree/master/lmdb/FPE + + + + + + + + + + CVE-2019-16230 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely. It was discovered that the Radeon Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16230.html + https://lkml.org/lkml/2019/9/9/487 + + + + sbeattie> as of 2020.05.24, still unfixed upstream, mistakenly believed to be addressed by the fix for CVE-2019-16229 sbeattie> it's possible this was introduced in a37cfa8be20c5571ca82fac38441592040a2d071 sbeattie> issue can only occur on device initialization, which is usually during boot and not attacker controllable sbeattie| the linux-kernel-tracker lists 81de29d842ccb776c0f77aa3e2b11b07fff0c0e2 as the fix, but that is actually the fix for CVE-2019-16229 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-16235 on Ubuntu 20.04 (focal) - medium. + Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 19:15:00 UTC + 2019-09-11 19:15:00 UTC + https://bugs.launchpad.net/bugs/1866113 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16235.html + https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930 + https://ubuntu.com/security/notices/USN-4306-1 + + + + + + + + + + CVE-2019-16236 on Ubuntu 20.04 (focal) - medium. + Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 19:15:00 UTC + 2019-09-11 19:15:00 UTC + https://bugs.launchpad.net/bugs/1866113 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16236.html + https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9 + https://ubuntu.com/security/notices/USN-4306-1 + + + + + + + + + + CVE-2019-16237 on Ubuntu 20.04 (focal) - medium. + Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 19:15:00 UTC + 2019-09-11 19:15:00 UTC + https://bugs.launchpad.net/bugs/1866113 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16237.html + https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363 + https://ubuntu.com/security/notices/USN-4306-1 + + + + + + + + + + CVE-2019-16239 on Ubuntu 20.04 (focal) - medium. + process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-17 12:15:00 UTC + 2019-09-17 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940871 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16239.html + http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html + https://github.com/openconnect/openconnect/commit/875f0a65ab73f4fb581ca870fd3a901bd278f8e8 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX56KYWC7X4ETV4P6HGJC7GZUEBITBBS/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HDMZGNBLZZKAGBI2PNXYWWKLD2LXKFH6/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WI7ZENFAWCHF2RU4NHPL2CU4WGZ4BNDJ/ + https://t2.fi/schedule/2019/ + https://ubuntu.com/security/notices/USN-4565-1 + https://ubuntu.com/security/notices/USN-4565-1 + + + + + + + + + + CVE-2019-16249 on Ubuntu 20.04 (focal) - medium. + OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16249.html + https://github.com/opencv/opencv/issues/15481 + + + + + + + + + + CVE-2019-16255 on Ubuntu 20.04 (focal) - medium. + Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. It was discovered that JRuby did not properly sanitize input to Shell#[] and its alias Shell#test. An attacker could use this vulnerability to execute arbitrary commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 18:15:00 UTC + 2019-11-20 00:00:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16255.html + https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/ + https://ubuntu.com/security/notices/USN-4201-1 + + + + + + + + + + CVE-2019-16276 on Ubuntu 20.04 (focal) - medium. + Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-30 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941173 + https://golang.org/issue/34540 + https://github.com/golang/go/issues/34541 + https://github.com/golang/go/issues/34542 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16276.html + https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q + https://github.com/golang/go/commit/5a6ab1ec3e678640befebeb3318b746a64ad986c (golang-1.13) + https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8 (golang-1.12) + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + CVE-2019-16319 on Ubuntu 20.04 (focal) - medium. + In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-15 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16319.html + https://www.wireshark.org/security/wnpa-sec-2019-21.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16020 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a + + + + + + + + + + CVE-2019-16335 on Ubuntu 20.04 (focal) - medium. + A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-15 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16335.html + https://github.com/FasterXML/jackson-databind/issues/2449 + https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db + + + + + + + + + + CVE-2019-16370 on Ubuntu 20.04 (focal) - medium. + The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16370.html + https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f + https://github.com/gradle/gradle/pull/10543 + + + + + + + + + + CVE-2019-16375 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16375.html + https://community.otrs.com/security-advisory-2019-13-security-update-for-otrs-framework/ + https://github.com/OTRS/otrs/commit/aeb33d800716e2a6653597aa86314c4cbdadb678 (6.x) + https://github.com/OTRS/otrs/commit/03ca8f396b1aa9933c212a63f52a9ea26c06e7da (5.x) + + + + + + + + + + CVE-2019-16391 on Ubuntu 20.04 (focal) - medium. + SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-17 21:15:00 UTC + 2019-09-17 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16391.html + https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79 + https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66 + https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html + https://ubuntu.com/security/notices/USN-4536-1 + + + + + + + + + + CVE-2019-16392 on Ubuntu 20.04 (focal) - medium. + SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-17 21:15:00 UTC + 2019-09-17 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16392.html + https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028 + https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html + https://ubuntu.com/security/notices/USN-4536-1 + + + + + + + + + + CVE-2019-16393 on Ubuntu 20.04 (focal) - medium. + SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-17 21:15:00 UTC + 2019-09-17 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16393.html + https://core.spip.net/issues/4362 + https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1 + https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html + https://ubuntu.com/security/notices/USN-4536-1 + + + + + + + + + + CVE-2019-16394 on Ubuntu 20.04 (focal) - medium. + SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-17 21:15:00 UTC + 2019-09-17 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16394.html + https://core.spip.net/issues/4171 + https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone + https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone + https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html + https://ubuntu.com/security/notices/USN-4536-1 + + + + + + + + + + CVE-2019-16395 on Ubuntu 20.04 (focal) - low. + GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-17 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16395.html + https://sourceforge.net/p/open-cobol/bugs/586/ + + + + + + + + + + CVE-2019-16396 on Ubuntu 20.04 (focal) - low. + GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-17 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16396.html + https://sourceforge.net/p/open-cobol/bugs/587/ + + + + + + + + + + CVE-2019-16707 on Ubuntu 20.04 (focal) - low. + Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-23 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16707.html + https://github.com/butterflyhack/hunspell-crash + + + + mdeslaur> doesn't look like suggestmgr.cxx is built in firefox package + + + + + + + + + + + + + + + + CVE-2019-16723 on Ubuntu 20.04 (focal) - medium. + In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-23 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16723.html + https://github.com/Cacti/cacti/issues/2964 + + + + + + + + + + CVE-2019-16738 on Ubuntu 20.04 (focal) - medium. + In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-26 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16738.html + https://phabricator.wikimedia.org/T230402 + + + + + + + + + + CVE-2019-16748 on Ubuntu 20.04 (focal) - medium. + In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-24 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16748.html + https://github.com/wolfSSL/wolfssl/issues/2459 + + + + + + + + + + CVE-2019-16775 on Ubuntu 20.04 (focal) - medium. + Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-13 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16775.html + https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx + https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli + + + + + + + + + + CVE-2019-16776 on Ubuntu 20.04 (focal) - medium. + Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-13 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16776.html + https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46 + https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli + + + + + + + + + + CVE-2019-16777 on Ubuntu 20.04 (focal) - medium. + Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-13 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16777.html + https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr + https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli + + + + + + + + + + CVE-2019-16779 on Ubuntu 20.04 (focal) - medium. + In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-16 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946904 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16779.html + https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9 + https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29 + + + + + + + + + + CVE-2019-16780 on Ubuntu 20.04 (focal) - medium. + WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-26 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16780.html + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94 + https://github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e + https://hackerone.com/reports/738644 + https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ + https://wpvulndb.com/vulnerabilities/9976 + + + + + + + + + + CVE-2019-16781 on Ubuntu 20.04 (focal) - medium. + In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-26 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16781.html + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v + https://hackerone.com/reports/731301 + https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ + https://wpvulndb.com/vulnerabilities/9976 + + + + + + + + + + CVE-2019-16782 on Ubuntu 20.04 (focal) - medium. + There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946983 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16782.html + https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38 + https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3 + http://www.openwall.com/lists/oss-security/2019/12/18/2 + http://www.openwall.com/lists/oss-security/2019/12/18/3 + http://www.openwall.com/lists/oss-security/2019/12/19/3 + + + + + + + + + + CVE-2019-16785 on Ubuntu 20.04 (focal) - low. + Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-20 23:15:00 UTC + leosilva + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947306 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16785.html + https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes + https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p + + + + + + + + + + CVE-2019-16786 on Ubuntu 20.04 (focal) - low. + Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: "Transfer-Encoding: gzip, chunked" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-20 23:15:00 UTC + leosilva + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947306 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16786.html + https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes + https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p + + + + + + + + + + CVE-2019-16789 on Ubuntu 20.04 (focal) - low. + In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-26 17:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947433 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16789.html + https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 + https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes + https://github.com/github/advisory-review/pull/14604 + + + + + + + + + + CVE-2019-16791 on Ubuntu 20.04 (focal) - untriaged. + In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-22 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16791.html + https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6 + https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b + + + + + + + + + + CVE-2019-16792 on Ubuntu 20.04 (focal) - low. + Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-22 19:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16792.html + https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6 + https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes + + + + + + + + + + CVE-2019-16869 on Ubuntu 20.04 (focal) - medium. + Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. It was discovered that Netty has HTTP request smuggling vulnerability. A remote attacker could use it to extract sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-26 16:15:00 UTC + 2019-09-26 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16869.html + https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final + https://github.com/netty/netty/issues/9571 + https://github.com/netty/netty/commit/39cafcb05c99f2aa9fce7e6597664c9ed6a63a95 + https://ubuntu.com/security/notices/USN-4532-1 + https://ubuntu.com/security/notices/USN-4600-1 + + + + + + + + + + CVE-2019-16884 on Ubuntu 20.04 (focal) - medium. + runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. It was discovered that runC incorrectly implemented AppArmor restrictions. An attacker could possibly use this issue to mount malicious images. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-25 18:15:00 UTC + 2019-09-25 18:15:00 UTC + https://github.com/opencontainers/runc/issues/2128 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16884.html + https://ubuntu.com/security/notices/USN-4297-1 + + + + + + + + + + CVE-2019-16892 on Ubuntu 20.04 (focal) - medium. + In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-25 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941222 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16892.html + https://github.com/rubyzip/rubyzip/pull/403 + https://github.com/rubyzip/rubyzip/commit/4167f0ce67e42b082605bca75c7bdfd01eb23804 + https://github.com/rubyzip/rubyzip/commit/7849f7362ab0cd23d5730ef8b6f2c39252da2285 + https://github.com/rubyzip/rubyzip/commit/97cb6aefe6d12bd2429d7a2e119ccb26f259d71d + + + + + + + + + + CVE-2019-16910 on Ubuntu 20.04 (focal) - low. + Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-26 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941265 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16910.html + https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10 + https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd (2.7.12) + https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b (2.16.3) + + + + + + + + + + CVE-2019-16927 on Ubuntu 20.04 (focal) - medium. + Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16927.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> poppler doesn't have TextPage::findGaps, no indication it is mdeslaur> vulnerable to this issue + + + + + + + + + CVE-2019-16935 on Ubuntu 20.04 (focal) - low. + The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-28 02:15:00 UTC + 2019-09-28 02:15:00 UTC + mdeslaur + https://bugs.python.org/issue38243 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16935.html + https://github.com/python/cpython/pull/16373 + https://ubuntu.com/security/notices/USN-4151-1 + https://ubuntu.com/security/notices/USN-4151-2 + + + + leosilva> this bug address to the docxmlrpc test hang issue: leosilva> https://bugs.python.org/issue27614. + + + + + + + + + + + + CVE-2019-16942 on Ubuntu 20.04 (focal) - medium. + A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16942.html + https://github.com/FasterXML/jackson-databind/issues/2478 + https://issues.apache.org/jira/browse/GEODE-7255 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2019-16943 on Ubuntu 20.04 (focal) - medium. + A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16943.html + https://github.com/FasterXML/jackson-databind/issues/2478 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2019-17000 on Ubuntu 20.04 (focal) - medium. + An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox < 70. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 21:15:00 UTC + 2019-10-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17000.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17000 + https://ubuntu.com/security/notices/USN-4165-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-17001 on Ubuntu 20.04 (focal) - medium. + A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2019-10-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17001.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17001 + https://ubuntu.com/security/notices/USN-4165-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-17002 on Ubuntu 20.04 (focal) - low. + If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2019-10-23 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17002.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002 + https://ubuntu.com/security/notices/USN-4165-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-17005 on Ubuntu 20.04 (focal) - medium. + The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2019-12-04 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17005.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17005 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17005 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17005 + https://ubuntu.com/security/notices/USN-4216-1 + https://ubuntu.com/security/notices/USN-4216-2 + https://ubuntu.com/security/notices/USN-4241-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-17008 on Ubuntu 20.04 (focal) - medium. + When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2019-12-04 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17008.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008 + https://ubuntu.com/security/notices/USN-4216-1 + https://ubuntu.com/security/notices/USN-4216-2 + https://ubuntu.com/security/notices/USN-4241-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-17009 on Ubuntu 20.04 (focal) - medium. + When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17009.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2019-17010 on Ubuntu 20.04 (focal) - medium. + Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2019-12-04 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17010.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17010 + https://ubuntu.com/security/notices/USN-4216-1 + https://ubuntu.com/security/notices/USN-4216-2 + https://ubuntu.com/security/notices/USN-4241-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-17011 on Ubuntu 20.04 (focal) - medium. + Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2019-12-04 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17011.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17011 + https://ubuntu.com/security/notices/USN-4216-1 + https://ubuntu.com/security/notices/USN-4216-2 + https://ubuntu.com/security/notices/USN-4241-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-17012 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2019-12-04 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17012.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17012 + https://ubuntu.com/security/notices/USN-4216-1 + https://ubuntu.com/security/notices/USN-4216-2 + https://ubuntu.com/security/notices/USN-4241-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-17013 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 71. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2019-12-04 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17013.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013 + https://ubuntu.com/security/notices/USN-4216-1 + https://ubuntu.com/security/notices/USN-4216-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-17014 on Ubuntu 20.04 (focal) - medium. + If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. This vulnerability affects Firefox < 71. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2019-12-04 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17014.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014 + https://ubuntu.com/security/notices/USN-4216-1 + https://ubuntu.com/security/notices/USN-4216-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-17015 on Ubuntu 20.04 (focal) - medium. + During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17015.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17015 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17015 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17015 + https://bugzilla.mozilla.org/show_bug.cgi?id=1599005 + https://www.mozilla.org/security/advisories/mfsa2020-01/ + https://www.mozilla.org/security/advisories/mfsa2020-02/ + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2019-17016 on Ubuntu 20.04 (focal) - medium. + When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2020-01-08 22:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17016.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17016 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17016 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17016 + https://bugzilla.mozilla.org/show_bug.cgi?id=1599181 + https://www.mozilla.org/security/advisories/mfsa2020-01/ + https://www.mozilla.org/security/advisories/mfsa2020-02/ + https://ubuntu.com/security/notices/USN-4234-1 + https://ubuntu.com/security/notices/USN-4241-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-17017 on Ubuntu 20.04 (focal) - medium. + Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2020-01-09 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17017.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17017 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17017 + https://ubuntu.com/security/notices/USN-4234-1 + https://ubuntu.com/security/notices/USN-4241-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-17018 on Ubuntu 20.04 (focal) - medium. + When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17018.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17018 + https://bugzilla.mozilla.org/show_bug.cgi?id=1549394 + https://www.mozilla.org/security/advisories/mfsa2020-01/ + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine mdeslaur> windows-specific + + + + + + + + + CVE-2019-17019 on Ubuntu 20.04 (focal) - medium. + When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17019.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17019 + https://bugzilla.mozilla.org/show_bug.cgi?id=1568003 + https://www.mozilla.org/security/advisories/mfsa2020-01/ + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2019-17020 on Ubuntu 20.04 (focal) - medium. + If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2020-01-08 22:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17020.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17020 + https://bugzilla.mozilla.org/show_bug.cgi?id=1597645 + https://www.mozilla.org/security/advisories/mfsa2020-01/ + https://ubuntu.com/security/notices/USN-4234-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-17021 on Ubuntu 20.04 (focal) - medium. + During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17021.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17021 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17021 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17021 + https://bugzilla.mozilla.org/show_bug.cgi?id=1599008 + https://www.mozilla.org/security/advisories/mfsa2020-01/ + https://www.mozilla.org/security/advisories/mfsa2020-02/ + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2019-17022 on Ubuntu 20.04 (focal) - medium. + When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer does not escape &lt; and &gt; characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2020-01-08 22:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17022.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17022 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17022 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17022 + https://bugzilla.mozilla.org/show_bug.cgi?id=1602843 + https://www.mozilla.org/security/advisories/mfsa2020-01/ + https://www.mozilla.org/security/advisories/mfsa2020-02/ + https://ubuntu.com/security/notices/USN-4234-1 + https://ubuntu.com/security/notices/USN-4241-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-17024 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2020-01-08 22:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17024.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17024 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17024 + https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826 + https://www.mozilla.org/security/advisories/mfsa2020-01/ + https://www.mozilla.org/security/advisories/mfsa2020-02/ + https://ubuntu.com/security/notices/USN-4234-1 + https://ubuntu.com/security/notices/USN-4241-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-17025 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2020-01-08 22:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17025.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17025 + https://bugzilla.mozilla.org/buglist.cgi?bug_id=1328295%2C1328300%2C1590447%2C1590965%2C1595692%2C1597321%2C1597481 + https://www.mozilla.org/security/advisories/mfsa2020-01/ + https://ubuntu.com/security/notices/USN-4234-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-17026 on Ubuntu 20.04 (focal) - medium. + Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 05:15:00 UTC + 2020-01-09 00:00:00 UTC + chrisccoulson + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948452 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17026.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17026 + https://ubuntu.com/security/notices/USN-4234-1 + https://ubuntu.com/security/notices/USN-4241-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-17041 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-07 16:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942067 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17041.html + https://github.com/rsyslog/rsyslog/pull/3884 + + + + mdeslaur> requires pmaixforwardedfrom module to be loaded, which is not mdeslaur> enabled in the default configuration + + + + + + + + + CVE-2019-17042 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-07 16:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942065 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17042.html + https://github.com/rsyslog/rsyslog/pull/3883 + + + + mdeslaur> requires pmcisconames module to be loaded, which is not mdeslaur> enabled in the default configuration + + + + + + + + + CVE-2019-17064 on Ubuntu 20.04 (focal) - medium. + Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17064.html + http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> poppler doesn't appear vulnerable to this issue + + + + + + + + + CVE-2019-17067 on Ubuntu 20.04 (focal) - medium. + PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17067.html + https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html + + + + + + + + + + CVE-2019-17068 on Ubuntu 20.04 (focal) - medium. + PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17068.html + https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html + + + + + + + + + + CVE-2019-17069 on Ubuntu 20.04 (focal) - medium. + PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17069.html + https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html + + + + + + + + + + CVE-2019-17113 on Ubuntu 20.04 (focal) - medium. + In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-04 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17113.html + https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe + https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127 + https://github.com/OpenMPT/openmpt/compare/libopenmpt-0.3.18...libopenmpt-0.3.19 + https://github.com/OpenMPT/openmpt/compare/libopenmpt-0.4.8...libopenmpt-0.4.9 + + + + + + + + + + CVE-2019-17185 on Ubuntu 20.04 (focal) - low. + In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-21 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17185.html + https://github.com/FreeRADIUS/freeradius-server/commit/6b522f8780813726799e6b8cf0f1f8e0ce2c8ebf + https://freeradius.org/security/ + https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 + + + + + + + + + + CVE-2019-17221 on Ubuntu 20.04 (focal) - medium. + PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-05 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17221.html + https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/ + + + + + + + + + + CVE-2019-17263 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17263.html + https://github.com/libyal/libfwsi/issues/13 + https://github.com/libyal/libfwsi/commit/54afa5c71d6c795a555dbcb1e160fea393b98fb3 + https://github.com/libyal/libfwsi/compare/20181227...20191006 + + + + + + + + + + + + + CVE-2019-17264 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17264.html + https://github.com/libyal/liblnk/issues/38 + https://github.com/libyal/liblnk/commit/c4d04de2c76f62129677c90a616d049be9c52482 + https://github.com/libyal/liblnk/compare/20181227...20191006 + + + + + + + + + + CVE-2019-17267 on Ubuntu 20.04 (focal) - medium. + A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-07 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17267.html + https://github.com/FasterXML/jackson-databind/issues/2460 + https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb + https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10 + + + + + + + + + + CVE-2019-17340 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929991 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17340.html + https://xenbits.xen.org/xsa/advisory-284.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17341 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929998 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17341.html + https://xenbits.xen.org/xsa/advisory-285.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17342 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930001 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17342.html + https://xenbits.xen.org/xsa/advisory-287.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17343 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929994 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17343.html + https://xenbits.xen.org/xsa/advisory-288.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17344 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929996 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17344.html + https://xenbits.xen.org/xsa/advisory-290.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17345 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929995 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17345.html + https://xenbits.xen.org/xsa/advisory-291.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17346 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929993 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17346.html + https://xenbits.xen.org/xsa/advisory-292.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17347 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929999 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17347.html + https://xenbits.xen.org/xsa/advisory-293.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17348 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929992 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17348.html + https://xenbits.xen.org/xsa/advisory-294.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17349 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17349.html + https://xenbits.xen.org/xsa/advisory-295.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17350 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17350.html + https://xenbits.xen.org/xsa/advisory-295.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-17357 on Ubuntu 20.04 (focal) - medium. + Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. It was discovered that Cacti has an SQL injection vulnerability affecting how template identifiers are handled. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17357.html + https://github.com/Cacti/cacti/issues/3025 + https://github.com/Cacti/cacti/commit/d6dc48503bbcde0717e7a93df7638fd4796200f4 + + + + + + + + + + CVE-2019-17358 on Ubuntu 20.04 (focal) - medium. + Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-12 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html + https://github.com/Cacti/cacti/issues/3026 + https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8 + + + + + + + + + + CVE-2019-17362 on Ubuntu 20.04 (focal) - medium. + In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data. It was discovered that LibTomCrypt incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or read sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-09 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17362.html + https://github.com/libtom/libtomcrypt/issues/507 + https://github.com/libtom/libtomcrypt/pull/508 + https://lists.debian.org/debian-lts-announce/2019/10/msg00010.html + https://vuldb.com/?id.142995 + + + + + + + + + + CVE-2019-17371 on Ubuntu 20.04 (focal) - low. + gif2png 2.5.13 has a memory leak in the writefile function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-09 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17371.html + https://github.com/glennrp/libpng/issues/307 + + + + mdeslaur> bug is in gif2png, not libpng + + + + + + + + + CVE-2019-17382 on Ubuntu 20.04 (focal) - low. + An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-09 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17382.html + https://www.exploit-db.com/exploits/47467 + + + + ebarretto> Disputed by upstream and closed as not a security bug. ebarretto> This issue can be avoided by disabling guest account. + + + + + + + + + CVE-2019-17383 on Ubuntu 20.04 (focal) - medium. + The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-09 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17383.html + https://github.com/dspinhirne/netaddr-rb/commit/3aac46c00a36e71905eaa619cb94d45bff6e3b51 + https://rubygems.org/gems/netaddr/versions + + + + + + + + + + CVE-2019-17400 on Ubuntu 20.04 (focal) - medium. + The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-21 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17400.html + https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/ + https://github.com/unoconv/unoconv/pull/510 + + + + + + + + + + CVE-2019-17401 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-09 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17401.html + https://github.com/libyal/liblnk/issues/40 + + + + + + + + + + CVE-2019-17420 on Ubuntu 20.04 (focal) - medium. + In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-10 01:06:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17420.html + https://github.com/OISF/libhtp/pull/213 + https://github.com/OISF/libhtp/compare/0.5.30...0.5.31 + https://redmine.openinfosecfoundation.org/issues/2969 + + + + + + + + + + CVE-2019-17450 on Ubuntu 20.04 (focal) - low. + find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-10 17:15:00 UTC + 2019-10-10 17:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25078 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17450.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2019-17451 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-10 17:15:00 UTC + 2019-10-10 17:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25070 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17451.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2019-17455 on Ubuntu 20.04 (focal) - medium. + Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. It was discovered that Libntlm incorrectly handled specially crafted NTML requests. An attacker could possibly use this issue to cause a denial of service or another unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-10 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145 + https://bugs.launchpad.net/ubuntu/+source/libntlm/+bug/1847701 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17455.html + https://gitlab.com/jas/libntlm/issues/2 + + + + ebarretto> No fix available as of 2019-12-04 + + + + + + + + + CVE-2019-17498 on Ubuntu 20.04 (focal) - medium. + In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. It was discovered that libssh2 incorrectly handled bound checks in SSH_MSG_DISCONNECT. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-21 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17498.html + https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ + https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498 + https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480 + https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94 + + + + + + + + + + CVE-2019-17514 on Ubuntu 20.04 (focal) - negligible. + library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-10-12 13:15:00 UTC + 2019-10-12 13:15:00 UTC + https://bugs.python.org/issue33275 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17514.html + https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L380 + https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L405 + https://pubs.acs.org/doi/full/10.1021/acs.orglett.9b03216 + https://pubs.acs.org/doi/suppl/10.1021/acs.orglett.9b03216/suppl_file/ol9b03216_si_002.zip + https://twitter.com/chris_bloke/status/1181997278136958976 + https://twitter.com/LucasCMoore/status/1181615421922824192 + https://web.archive.org/web/20150822013622/https://docs.python.org/3/library/glob.html + https://web.archive.org/web/20150906020027/https://docs.python.org/2.7/library/glob.html + https://web.archive.org/web/20160309211341/https://docs.python.org/3/library/glob.html + https://web.archive.org/web/20160526201356/https://docs.python.org/2.7/library/glob.html + https://www.vice.com/en_us/article/zmjwda/a-code-glitch-may-have-caused-errors-in-more-than-100-published-studies + https://ubuntu.com/security/notices/USN-4428-1 + https://ubuntu.com/security/notices/USN-4754-3 + + + + mdeslaur> this is a documentation change only, we will not be fixing this mdeslaur> issue in Ubuntu 20.10. + + + + + + + + + + + + CVE-2019-17531 on Ubuntu 20.04 (focal) - medium. + A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-12 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17531.html + https://github.com/FasterXML/jackson-databind/issues/2498 + https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2019-17533 on Ubuntu 20.04 (focal) - medium. + Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. It was discovered that MATIO incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-13 02:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942255 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17533.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856 + https://github.com/tbeu/matio/commit/651a8e28099edb5fbb9e4e1d4d3238848f446c9a + + + + + + + + + + + + + + CVE-2019-17534 on Ubuntu 20.04 (focal) - medium. + vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-13 02:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942254 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17534.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796 + https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d + https://github.com/libvips/libvips/compare/v8.8.1...v8.8.2 + + + + + + + + + + CVE-2019-17543 on Ubuntu 20.04 (focal) - low. + LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-14 02:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943680 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17543.html + https://github.com/lz4/lz4/pull/756 + https://github.com/lz4/lz4/pull/760 + https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2 + + + + mdeslaur> code is different in bionic and earlier, no indication that it mdeslaur> is vulnerable to this issue. + + + + + + + + + CVE-2019-17545 on Ubuntu 20.04 (focal) - medium. + GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. It was discovered that GDAL incorrectly handled memory allocation. An attacker could possibly use this issue to cause denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-14 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17545.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178 + https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb + + + + + + + + + + CVE-2019-17546 on Ubuntu 20.04 (focal) - medium. + tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. It was discovered that GDAL incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-14 02:15:00 UTC + 2019-10-14 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17546.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 + https://ubuntu.com/security/notices/USN-4158-1 + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-17558 on Ubuntu 20.04 (focal) - medium. + Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-30 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17558.html + https://www.openwall.com/lists/oss-security/2019/12/30/1 + https://issues.apache.org/jira/browse/SOLR-13971 + https://issues.apache.org/jira/browse/SOLR-14025 + + + + + + + + + + CVE-2019-17559 on Ubuntu 20.04 (focal) - medium. + There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17559.html + https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E + + + + + + + + + + CVE-2019-17560 on Ubuntu 20.04 (focal) - low. + The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-30 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17560.html + https://lists.apache.org/thread.html/r354d7654efa1050539fe56a3257696d1faeea4f3f9b633c29ec89609%40%3Cdev.netbeans.apache.org%3E + + + + seth-arnold> Ubuntu users probably do not have privileges for this to work. Typically applications are updated via apt update or snap refresh. This sounds more like a Windows or OS X issue. + + + + + + + + + CVE-2019-17561 on Ubuntu 20.04 (focal) - low. + The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-30 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17561.html + https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E + + + + seth-arnold> Likely this only affects Windows and OS X versions + + + + + + + + + CVE-2019-17563 on Ubuntu 20.04 (focal) - low. + When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-23 17:15:00 UTC + 2019-12-23 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17563.html + https://ubuntu.com/security/notices/USN-4251-1 + + + + + + + + + + CVE-2019-17565 on Ubuntu 20.04 (focal) - medium. + There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17565.html + https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E + + + + + + + + + + CVE-2019-17566 on Ubuntu 20.04 (focal) - untriaged. + Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-12 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17566.html + https://www.openwall.com/lists/oss-security/2020/06/15/2 + + + + + + + + + + CVE-2019-17567 on Ubuntu 20.04 (focal) - medium. + Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 07:15:00 UTC + Mikhail Egorov + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17567.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-17567 + https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c@%3Cannounce.httpd.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/06/10/2 + + + + mdeslaur> The patches required to fix this in stable releases are quite mdeslaur> intrusive and change behaviour. It may not make sense to mdeslaur> backport them to stable releases. + + + + + + + + + CVE-2019-17571 on Ubuntu 20.04 (focal) - medium. + Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-20 17:15:00 UTC + 2019-12-20 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17571.html + https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E + https://ubuntu.com/security/notices/USN-4495-1 + + + + + + + + + + CVE-2019-17582 on Ubuntu 20.04 (focal) - medium. + A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-09 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17582.html + https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 + https://github.com/nih-at/libzip/issues/5 + https://libzip.org/libzip-discuss/ + + + + + + + + + + CVE-2019-17594 on Ubuntu 20.04 (focal) - negligible. + There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-10-14 21:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942401 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17594.html + https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html + https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html + + + + + + + + + + CVE-2019-17595 on Ubuntu 20.04 (focal) - negligible. + There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-10-14 21:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942401 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17595.html + https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html + https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html + + + + + + + + + + CVE-2019-17596 on Ubuntu 20.04 (focal) - medium. + Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-24 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942629 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942628 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17596.html + https://golang.org/issue/34960 + https://github.com/golang/go/issues/34962 (1.13 backport) + https://github.com/golang/go/issues/34961 (1.12 backport) + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + CVE-2019-17632 on Ubuntu 20.04 (focal) - low. + In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-25 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17632.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443 + + + + + + + + + + CVE-2019-17638 on Ubuntu 20.04 (focal) - medium. + In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17638.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984 + + + + + + + + + + CVE-2019-17669 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-17 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17669.html + https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html + https://core.trac.wordpress.org/changeset/46475 + https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea + https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ + https://wpvulndb.com/vulnerabilities/9912 + + + + + + + + + + CVE-2019-17670 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-17 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17670.html + https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html + https://core.trac.wordpress.org/changeset/46472 + https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2 + https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ + https://wpvulndb.com/vulnerabilities/9912 + + + + + + + + + + CVE-2019-17671 on Ubuntu 20.04 (focal) - medium. + In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-17 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17671.html + https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html + https://core.trac.wordpress.org/changeset/46474 + https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308 + https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ + + + + + + + + + + CVE-2019-17672 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-17 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17672.html + https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html + https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ + + + + + + + + + + CVE-2019-17673 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-17 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17673.html + https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html + https://core.trac.wordpress.org/changeset/46478 + https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de + https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ + + + + + + + + + + CVE-2019-17674 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-17 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17674.html + https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html + https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ + + + + + + + + + + CVE-2019-17675 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-17 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942459 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17675.html + https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html + https://core.trac.wordpress.org/changeset/46477 + https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0 + https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ + + + + + + + + + + CVE-2019-18179 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-06 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18179.html + https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2019-18180 on Ubuntu 20.04 (focal) - medium. + Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-05 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18180.html + https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2019-18217 on Ubuntu 20.04 (focal) - medium. + ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-21 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18217.html + https://github.com/proftpd/proftpd/commit/13fe9462787b9a551152162f46f1641d65fe4df4 + https://github.com/proftpd/proftpd/issues/846 + https://github.com/proftpd/proftpd/blob/1.3.6/NEWS + https://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTES + https://github.com/proftpd/proftpd/blob/master/NEWS + https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES + + + + + + + + + + CVE-2019-18222 on Ubuntu 20.04 (focal) - medium. + The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-23 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18222.html + https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 + https://tls.mbed.org/tech-updates/security-advisories + + + + + + + + + + CVE-2019-18276 on Ubuntu 20.04 (focal) - low. + An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-28 01:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1158028 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18276.html + https://www.youtube.com/watch?v=-wGtxJ8opa8 + + + + sbeattie> This issue appears to only affect bash when bash is setuid. Ubuntu does not ship with bash setuid, so this has minimal impact for Ubuntu users. This is why we have rated the priority for this issue 'low'. sbeattie> reproducer steps in the suse bugzilla + + + + + + + + + CVE-2019-18345 on Ubuntu 20.04 (focal) - medium. + A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-12 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18345.html + https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/ + + + + + + + + + + CVE-2019-18346 on Ubuntu 20.04 (focal) - medium. + A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-04 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18346.html + https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/ + https://gitlab.com/davical-project/davical/blob/master/ChangeLog + https://www.davical.org/ + + + + + + + + + + CVE-2019-18347 on Ubuntu 20.04 (focal) - medium. + A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected database fields include Username, Display Name, and Email. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-04 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18347.html + https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/ + https://gitlab.com/davical-project/davical/blob/master/ChangeLog + https://www.davical.org/ + + + + + + + + + + CVE-2019-18348 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-23 17:15:00 UTC + 2019-10-23 17:15:00 UTC + leosilva + https://bugs.python.org/issue30458#msg347282 + https://bugs.python.org/issue38576 + https://bugzilla.redhat.com/show_bug.cgi?id=1727276 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18348.html + https://ubuntu.com/security/notices/USN-4333-1 + https://ubuntu.com/security/notices/USN-4333-2 + + + + leosilva> This issue can be reproducible only in systems with leosilva> the glibc issue mentioned in CVE-2016-10739 not fixed. + + + + + + + + + + + + CVE-2019-18351 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-05 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18351.html + http://downloads.asterisk.org/pub/security/AST-2019-006.html + https://www.asterisk.org/downloads/security-advisories + + + + + + + + + + CVE-2019-18420 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-10-31 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18420.html + https://xenbits.xen.org/xsa/advisory-296.html + http://www.openwall.com/lists/oss-security/2019/10/31/1 + http://xenbits.xen.org/xsa/advisory-296.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-18421 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be "promoted" before being used as a pagetable, and "demoted" before being used for any other type. Xen also allows for "recursive" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-10-31 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18421.html + https://xenbits.xen.org/xsa/advisory-299.html + http://www.openwall.com/lists/oss-security/2019/10/31/3 + http://xenbits.xen.org/xsa/advisory-299.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-18422 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-31 14:15:00 UTC + 2019-10-31 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18422.html + + + + mdeslaur| hypervisor packages are in universe amurray| This issue is specific only to ARM platforms - x86 systems are not affected + + + + + + + + + CVE-2019-18423 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m->max_mapped_gfn will be updated using the original frame. It would be possible to set p2m->max_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m->max_mapped_gfn is off-by-one allowing "highest mapped + 1" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-10-31 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18423.html + https://xenbits.xen.org/xsa/advisory-301.html + http://www.openwall.com/lists/oss-security/2019/10/31/4 + http://xenbits.xen.org/xsa/advisory-301.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-18424 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-10-31 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18424.html + https://xenbits.xen.org/xsa/advisory-302.html + http://www.openwall.com/lists/oss-security/2019/10/31/6 + http://xenbits.xen.org/xsa/advisory-302.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-18425 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-10-31 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18425.html + https://xenbits.xen.org/xsa/advisory-298.html + http://www.openwall.com/lists/oss-security/2019/10/31/2 + http://xenbits.xen.org/xsa/advisory-298.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-18601 on Ubuntu 20.04 (focal) - medium. + OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + Andrew Deason + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943587 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18601.html + http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt + https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt + + + + + + + + + + CVE-2019-18602 on Ubuntu 20.04 (focal) - medium. + OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + Andrew Deason + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943587 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18602.html + http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt + https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt + + + + + + + + + + CVE-2019-18603 on Ubuntu 20.04 (focal) - medium. + OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + Andrew Deason + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943587 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18603.html + http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt + https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt + + + + + + + + + + CVE-2019-18604 on Ubuntu 20.04 (focal) - low. + In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18604.html + https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a + + + + + + + + + + CVE-2019-18610 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-22 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18610.html + https://downloads.asterisk.org/pub/security/AST-2019-007.html + https://issues.asterisk.org/jira/browse/ASTERISK-28580 + http://downloads.asterisk.org/pub/security/AST-2019-007.html + https://www.asterisk.org/downloads/security-advisories + + + + + + + + + + CVE-2019-18790 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and Certified Asterisk 13.21, because of an incomplete fix for CVE-2019-18351. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-22 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18790.html + https://downloads.asterisk.org/pub/security/AST-2019-006.html + https://issues.asterisk.org/jira/browse/ASTERISK-28589 + http://downloads.asterisk.org/pub/security/AST-2019-006.html + https://www.asterisk.org/downloads/security-advisories + + + + + + + + + + CVE-2019-18797 on Ubuntu 20.04 (focal) - medium. + LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-06 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18797.html + https://github.com/sass/libsass/issues/3000 + + + + + + + + + + CVE-2019-18798 on Ubuntu 20.04 (focal) - medium. + LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-06 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18798.html + https://github.com/sass/libsass/issues/2999 + https://github.com/mgreter/libsass/commit/0b721e0f37fc69ab197ec956a923e036e3b05ca6 + + + + + + + + + + CVE-2019-18808 on Ubuntu 20.04 (focal) - low. + A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-07 16:15:00 UTC + 2019-11-07 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18808.html + https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2 + https://ubuntu.com/security/notices/USN-4525-1 + https://ubuntu.com/security/notices/USN-4526-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18823 on Ubuntu 20.04 (focal) - low. + HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963777 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18823.html + https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0001.html + https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0002.html + https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html + https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html + https://github.com/htcondor/htcondor/commit/95eaee86e7ad3852c17df46a1b8b193dabd1fd14 + https://github.com/htcondor/htcondor/commit/07e33c8b14aa00e04d045d4d79c963db082a3129 + https://github.com/htcondor/htcondor/commit/cbcb93695a932d511c1c7bd40aed1eabeff01d8d + https://github.com/htcondor/htcondor/commit/3916209123a8ef762b7a9cd84ca0cf8b2cd99716 + https://github.com/htcondor/htcondor/commit/5c84c6f0b3db4eda1eec42c2c708069bb9393f0b + + + + + + + + + + CVE-2019-18835 on Ubuntu 20.04 (focal) - medium. + Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-08 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944355 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18835.html + https://github.com/matrix-org/synapse/pull/6262 + https://github.com/matrix-org/synapse/releases/tag/v1.5.0 + + + + + + + + + + CVE-2019-18848 on Ubuntu 20.04 (focal) - medium. + The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-12 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18848.html + https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a + https://github.com/nov/json-jwt/compare/v1.10.2...v1.11.0 + + + + + + + + + + CVE-2019-18849 on Ubuntu 20.04 (focal) - medium. + In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-11 04:15:00 UTC + 2019-11-11 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18849.html + https://github.com/verdammelt/tnef/pull/40 + https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18 + https://ubuntu.com/security/notices/USN-4524-1 + + + + + + + + + + CVE-2019-18862 on Ubuntu 20.04 (focal) - low. + maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18862.html + https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS + + + + ebarretto> According to Debian: ebarretto> /usr/sbin/maidag not installed suid root on Debian + + + + + + + + + CVE-2019-18886 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18886.html + https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality + https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332 + + + + + + + + + + CVE-2019-18887 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18887.html + https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner + https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb + + + + + + + + + + CVE-2019-18888 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18888.html + https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser + https://github.com/symfony/symfony/commit/691486e43ce0e4893cd703e221bafc10a871f365 + https://github.com/symfony/symfony/commit/77ddabf2e785ea85860d2720cc86f7c5d8967ed5 + + + + + + + + + + CVE-2019-18889 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18889.html + https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances + https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a + + + + + + + + + + CVE-2019-18900 on Ubuntu 20.04 (focal) - low. + : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-24 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18900.html + https://bugzilla.suse.com/show_bug.cgi?id=1158763 + + + + + + + + + + CVE-2019-18928 on Ubuntu 20.04 (focal) - medium. + Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-15 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18928.html + https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html + https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html + + + + + + + + + + CVE-2019-18932 on Ubuntu 20.04 (focal) - medium. + log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 18:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1150554 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18932.html + https://www.openwall.com/lists/oss-security/2020/01/20/6 + + + + + + + + + + CVE-2019-18936 on Ubuntu 20.04 (focal) - low. + UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-21 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18936.html + https://github.com/jgarzik/univalue/compare/v1.0.4...v1.0.5 + https://github.com/jgarzik/univalue/pull/58 + + + + + + + + + + CVE-2019-18978 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 21:15:00 UTC + 2019-11-14 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944849 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18978.html + https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4 + https://ubuntu.com/security/notices/USN-4571-1 + + + + + + + + + + CVE-2019-19010 on Ubuntu 20.04 (focal) - medium. + Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-16 01:15:00 UTC + https://bugs.launchpad.net/bugs/1852859 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19010.html + https://github.com/ProgVal/Limnoria/wiki/math-eval-vulnerability + + + + + + + + + + CVE-2019-19012 on Ubuntu 20.04 (focal) - medium. + An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-17 18:15:00 UTC + 2019-11-17 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944959 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19012.html + https://github.com/kkos/oniguruma/issues/164 + https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 + https://ubuntu.com/security/notices/USN-4460-1 + + + + + + + + + + CVE-2019-19035 on Ubuntu 20.04 (focal) - medium. + jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-17 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944961 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19035.html + https://bugzilla.redhat.com/show_bug.cgi?id=1765647 + + + + + + + + + + CVE-2019-19054 on Ubuntu 20.04 (focal) - low. + A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19054.html + https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177 + https://ubuntu.com/security/notices/USN-4525-1 + https://ubuntu.com/security/notices/USN-4526-1 + https://ubuntu.com/security/notices/USN-4527-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19073 on Ubuntu 20.04 (focal) - low. + Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19073.html + https://github.com/torvalds/linux/commit/853acf7caf10b828102d92d05b5c101666a6142b + https://ubuntu.com/security/notices/USN-4526-1 + https://ubuntu.com/security/notices/USN-4527-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19074 on Ubuntu 20.04 (focal) - low. + A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19074.html + https://github.com/torvalds/linux/commit/728c1e2a05e4b5fc52fab3421dce772a806612a2 + https://ubuntu.com/security/notices/USN-4526-1 + https://ubuntu.com/security/notices/USN-4527-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19203 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19203.html + https://github.com/kkos/oniguruma/issues/163 + https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 + + + + + + + + + + CVE-2019-19204 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 21:15:00 UTC + 2019-11-21 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19204.html + https://github.com/kkos/oniguruma/issues/162 + https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 + https://ubuntu.com/security/notices/USN-4460-1 + + + + + + + + + + CVE-2019-19221 on Ubuntu 20.04 (focal) - low. + In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 23:15:00 UTC + 2019-11-21 23:15:00 UTC + https://github.com/libarchive/libarchive/issues/1276 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945287 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19221.html + https://ubuntu.com/security/notices/USN-4293-1 + + + + + + + + + + CVE-2019-19246 on Ubuntu 20.04 (focal) - medium. + Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-25 17:15:00 UTC + 2019-11-25 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19246.html + https://bugs.php.net/bug.php?id=78559 + https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b + https://ubuntu.com/security/notices/USN-4460-1 + + + + + + + + + + CVE-2019-19269 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-30 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19269.html + https://github.com/proftpd/proftpd/issues/861 + + + + + + + + + + CVE-2019-19270 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19270.html + https://github.com/proftpd/proftpd/issues/859 + + + + + + + + + + CVE-2019-19271 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19271.html + https://github.com/proftpd/proftpd/issues/860 + + + + + + + + + + CVE-2019-19272 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19272.html + https://github.com/proftpd/proftpd/issues/858 + + + + + + + + + + CVE-2019-19308 on Ubuntu 20.04 (focal) - low. + In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-27 15:15:00 UTC + https://gitlab.gnome.org/GNOME/gnome-font-viewer/issues/17 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19308.html + https://github.com/GNOME/gnome-font-viewer/blob/919dfbe684b75904563b8c6723c9778a4e00aad7/src/sushi-font-widget.c#L115-L117 + + + + + + + + + + + + + CVE-2019-19331 on Ubuntu 20.04 (focal) - medium. + knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-16 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946181 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19331.html + https://www.openwall.com/lists/oss-security/2019/12/04/4 + + + + + + + + + + CVE-2019-19343 on Ubuntu 20.04 (focal) - low. + A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 21:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1780445 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19343.html + + + + + + + + + + CVE-2019-19378 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-29 17:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1158270 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19378.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378 + + + + tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19391 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-29 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946053 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19391.html + https://github.com/LuaJIT/LuaJIT/pull/526 + + + + + + + + + + CVE-2019-19448 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. It was discovered that the btrfs file system in the Linux kernel contained a use-after-free vulnerability when merging free space. An attacker could use this to construct a malicious btrfs image that, when mounted and operated on, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-08 02:15:00 UTC + 2019-12-08 02:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1158820 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19448.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448 + https://ubuntu.com/security/notices/USN-4578-1 + + + + tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted sbeattie> it's asserted that the btrfs enhanced tree-checker should address this issue; this was backported to at least the 4.15 kernels. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19449 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-08 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19449.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449 + + + + tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19451 on Ubuntu 20.04 (focal) - medium. + When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-29 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945876 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19451.html + https://gitlab.gnome.org/GNOME/dia/issues/428 + + + + + + + + + + CVE-2019-19479 on Ubuntu 20.04 (focal) - low. + An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-01 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19479.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 + https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 + + + + + + + + + + CVE-2019-19481 on Ubuntu 20.04 (focal) - low. + An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-01 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19481.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618 + https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278 + + + + + + + + + + CVE-2019-19489 on Ubuntu 20.04 (focal) - medium. + SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-02 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19489.html + https://www.exploit-db.com/exploits/47709 + + + + + + + + + + CVE-2019-19553 on Ubuntu 20.04 (focal) - medium. + In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-05 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19553.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=34d2e0d5318d0a7e9889498c721639e5cbf4ce45 + https://www.wireshark.org/security/wnpa-sec-2019-22.html + + + + + + + + + + CVE-2019-19555 on Ubuntu 20.04 (focal) - negligible. + read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-12-04 17:16:00 UTC + https://sourceforge.net/p/mcj/tickets/55/ + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946176 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19555.html + + + + + + + + + + CVE-2019-19577 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 18:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19577.html + https://xenbits.xen.org/xsa/advisory-311.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-19578 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 18:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19578.html + https://xenbits.xen.org/xsa/advisory-309.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-19579 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these "alternate" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-04 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19579.html + https://xenbits.xen.org/xsa/advisory-306.html + http://www.openwall.com/lists/oss-security/2019/12/05/7 + http://xenbits.xen.org/xsa/advisory-306.html + https://www.openwall.com/lists/oss-security/2019/11/26/2 + + + + + + + + + + CVE-2019-19580 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 18:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19580.html + https://xenbits.xen.org/xsa/advisory-310.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-19581 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 18:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19581.html + https://xenbits.xen.org/xsa/advisory-307.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-19582 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 18:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19582.html + https://xenbits.xen.org/xsa/advisory-307.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-19583 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 18:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19583.html + https://xenbits.xen.org/xsa/advisory-308.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2019-19590 on Ubuntu 20.04 (focal) - medium. + In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-05 02:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19590.html + https://github.com/radareorg/radare2/issues/15543 + + + + + + + + + + CVE-2019-19617 on Ubuntu 20.04 (focal) - medium. + phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-06 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19617.html + https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9 + https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2 + https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/ + + + + + + + + + + CVE-2019-19624 on Ubuntu 20.04 (focal) - low. + An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-06 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19624.html + https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418 + https://github.com/opencv/opencv/issues/14554 + + + + + + + + + + CVE-2019-19635 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-08 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19635.html + https://github.com/saitoha/libsixel/issues/103 + + + + + + + + + + CVE-2019-19636 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-08 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19636.html + https://github.com/saitoha/libsixel/issues/104 + + + + + + + + + + CVE-2019-19637 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-08 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19637.html + https://github.com/saitoha/libsixel/issues/105 + + + + + + + + + + CVE-2019-19638 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-08 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19638.html + https://github.com/saitoha/libsixel/issues/102 + + + + + + + + + + CVE-2019-19647 on Ubuntu 20.04 (focal) - medium. + radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-09 01:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19647.html + https://github.com/radareorg/radare2/issues/15545 + + + + + + + + + + CVE-2019-19648 on Ubuntu 20.04 (focal) - medium. + In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-09 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19648.html + https://github.com/VirusTotal/yara/issues/1178 + + + + amurray| Whilst the description claims code-execution, this is only an out-of-bounds read so just a denial of service. + + + + + + + + + CVE-2019-19709 on Ubuntu 20.04 (focal) - low. + MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19709.html + https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8 + https://phabricator.wikimedia.org/T239466 + + + + + + + + + + CVE-2019-19720 on Ubuntu 20.04 (focal) - medium. + Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-11 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19720.html + https://github.com/marcIhm/yabasic/issues/36 + http://www.yabasic.de/whatsnew.html + + + + + + + + + + CVE-2019-19721 on Ubuntu 20.04 (focal) - low. + An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19721.html + http://hg.libsdl.org/SDL_image/ + https://bugs.gentoo.org/721940 + https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b + https://www.videolan.org/security/ + + + + + + + + + + CVE-2019-19727 on Ubuntu 20.04 (focal) - medium. + SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-13 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19727.html + https://bugzilla.suse.com/show_bug.cgi?id=1155784 + + + + + + + + + + CVE-2019-19728 on Ubuntu 20.04 (focal) - medium. + SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-13 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19728.html + https://bugzilla.suse.com/show_bug.cgi?id=1159692 + + + + + + + + + + CVE-2019-19746 on Ubuntu 20.04 (focal) - medium. + make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-12 03:15:00 UTC + https://sourceforge.net/p/mcj/tickets/57/ + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946628 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19746.html + + + + mdeslaur> can't reproduce on xenial + + + + + + + + + CVE-2019-19770 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-12 20:15:00 UTC + 2019-12-12 20:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1904471 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19770.html + https://bugzilla.kernel.org/show_bug.cgi?id=205713 + https://lore.kernel.org/linux-block/20200419194529.4872-1-mcgrof@kernel.org/ + https://lore.kernel.org/linux-block/20200516031956.2605-1-mcgrof@kernel.org/ + https://github.com/mcgrof/break-blktrace + https://ubuntu.com/security/notices/USN-4680-1 + + + + sbeattie> reproducer in github link sbeattie> according to kernel maintainer, needed commits are: (1b0b28364816) blktrace: break out of blktrace setup on concurrent calls (c3dbe541ef77) blktrace: Avoid sparse warnings when assigning q->blk_trace (a67549c8e568) blktrace: annotate required lock on do_blk_trace_setup() (bad8e64fb19d) blktrace: fix debugfs use after free (b431ef837e33) blktrace: ensure our debugfs dir exists + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19777 on Ubuntu 20.04 (focal) - low. + stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-13 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19777.html + https://github.com/saitoha/libsixel/issues/109 + + + + + + + + + + CVE-2019-19778 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-13 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19778.html + https://github.com/saitoha/libsixel/issues/110 + + + + + + + + + + CVE-2019-19791 on Ubuntu 20.04 (focal) - medium. + [Apache access rules and SOAP/REST endpoints issue] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19791.html + https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1943 + https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-7-is-out/ + + + + + + + + + + CVE-2019-19796 on Ubuntu 20.04 (focal) - low. + Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-13 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19796.html + https://github.com/marcIhm/yabasic/issues/37 + + + + + + + + + + CVE-2019-19797 on Ubuntu 20.04 (focal) - low. + read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-15 20:15:00 UTC + https://sourceforge.net/p/mcj/tickets/67/ + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19797.html + + + + mdeslaur> can't reproduce on xenial and bionic. Could reproduce on eoan. + + + + + + + + + CVE-2019-19814 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 06:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1159437 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19814.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814 + + + + tyhicks> As of 2020-01-09, no upstream fix is available + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19815 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19815.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19815 + https://github.com/torvalds/linux/commit/4969c06a0d83c9c3dc50b8efcdc8eeedfce896f6#diff-41a7fa4590d2af87e82101f2b4dadb56 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19847 on Ubuntu 20.04 (focal) - low. + Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19847.html + https://github.com/fontforge/libspiro/issues/21 + + + + + + + + + + CVE-2019-19905 on Ubuntu 20.04 (focal) - low. + NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-19 18:15:00 UTC + David Mendenhall + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947005 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19905.html + https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226 + https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47 + https://bugs.debian.org/947005 + https://nethack.org/security/CVE-2019-19905.html + + + + sbeattie> escalates to group games + + + + + + + + + CVE-2019-19907 on Ubuntu 20.04 (focal) - medium. + HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-19 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19907.html + https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff + https://stash.kopano.io/projects/KC/repos/kopanocore/browse/RELNOTES.txt + + + + + + + + + + CVE-2019-19916 on Ubuntu 20.04 (focal) - medium. + In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting (XSS) and other attacks when the product renders the content as HTML. Remediating this would also need to consider the polyglot case, e.g., a file that is a valid GIF image and also valid JavaScript. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-20 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19916.html + https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/ + https://github.com/V1n1v131r4/MIME-Confusion-Attack-on-Midori-Browser/blob/master/README.md + https://portswigger.net/research/bypassing-csp-using-polyglot-jpegs + + + + + + + + + + CVE-2019-19917 on Ubuntu 20.04 (focal) - medium. + Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-20 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947113 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19917.html + https://lists.gnu.org/archive/html/lout-users/2019-12/msg00002.html + + + + + + + + + + CVE-2019-19918 on Ubuntu 20.04 (focal) - medium. + Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-20 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947113 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19918.html + https://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.html + + + + + + + + + + CVE-2019-19919 on Ubuntu 20.04 (focal) - medium. + Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-20 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19919.html + https://www.npmjs.com/advisories/1164 + + + + + + + + + + CVE-2019-19920 on Ubuntu 20.04 (focal) - medium. + sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-22 18:15:00 UTC + 2019-12-22 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947198 + https://bugs.launchpad.net/ubuntu/+source/sa-exim/+bug/1856873 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19920.html + https://bugs.debian.org/946829#24 + https://marc.info/?l=spamassassin-users&m=157668107325768&w=2 + https://marc.info/?l=spamassassin-users&m=157668305026635&w=2 + https://ubuntu.com/security/notices/USN-4520-1 + + + + + + + + + + CVE-2019-19921 on Ubuntu 20.04 (focal) - medium. + runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-12 15:15:00 UTC + 2020-02-12 15:15:00 UTC + https://bugs.launchpad.net/bugs/1863669 + https://github.com/opencontainers/runc/issues/2197 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19921.html + https://github.com/opencontainers/runc/pull/2190 + https://github.com/opencontainers/runc/pull/2207 + https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9 + https://ubuntu.com/security/notices/USN-4297-1 + + + + + + + + + + CVE-2019-19953 on Ubuntu 20.04 (focal) - medium. + In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-24 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947311 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19953.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf + https://sourceforge.net/p/graphicsmagick/bugs/617/ + + + + + + + + + + CVE-2019-19960 on Ubuntu 20.04 (focal) - medium. + In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-25 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19960.html + https://github.com/wolfSSL/wolfssl/commit/5ee9f9c7a23f8ed093fe1e42bc540727e96cebb8 (v4.3.0-stable) + https://github.com/wolfSSL/wolfssl/commit/5ee9f9c7a23f8ed093fe1e42bc540727e96cebb8 + https://github.com/wolfSSL/wolfssl/releases/tag/v4.3.0-stable + + + + + + + + + + CVE-2019-19962 on Ubuntu 20.04 (focal) - medium. + wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-25 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19962.html + https://github.com/wolfSSL/wolfssl/commit/23878512c65834d12811b1107d19a001478eca5d (4.3.0-stable) + https://github.com/wolfSSL/wolfssl/commit/23878512c65834d12811b1107d19a001478eca5d + https://github.com/wolfSSL/wolfssl/releases/tag/v4.3.0-stable + + + + + + + + + + CVE-2019-19963 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-25 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19963.html + https://github.com/wolfSSL/wolfssl/commit/7e391f0fd57f2ef375b1174d752a56ce34b2b190 (v4.3.0-stable) + https://github.com/wolfSSL/wolfssl/commit/7e391f0fd57f2ef375b1174d752a56ce34b2b190 + https://github.com/wolfSSL/wolfssl/releases/tag/v4.3.0-stable + + + + + + + + + + CVE-2019-20005 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-26 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20005.html + + + + + + + + + + + + + + + CVE-2019-20006 on Ubuntu 20.04 (focal) - medium. + (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20006.html + https://sourceforge.net/p/ezxml/bugs/15/ + + + + + + + + + + + + + + + CVE-2019-20007 on Ubuntu 20.04 (focal) - medium. + (An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezx ...) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20007.html + https://sourceforge.net/p/ezxml/bugs/13/ + + + + + + + + + + + + + + + CVE-2019-20016 on Ubuntu 20.04 (focal) - medium. + libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20016.html + https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f + https://github.com/hoene/libmysofa/issues/83 + https://github.com/hoene/libmysofa/issues/84 + + + + + + + + + + CVE-2019-20017 on Ubuntu 20.04 (focal) - medium. + A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20017.html + https://github.com/tbeu/matio/issues/127 + + + + + + + + + + CVE-2019-20018 on Ubuntu 20.04 (focal) - medium. + A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20018.html + https://github.com/tbeu/matio/issues/129 + + + + + + + + + + CVE-2019-20019 on Ubuntu 20.04 (focal) - medium. + An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20019.html + https://github.com/tbeu/matio/issues/130 + + + + ebarretto> No available fix as of 2020-08-19 + + + + + + + + + CVE-2019-20020 on Ubuntu 20.04 (focal) - medium. + A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20020.html + https://github.com/tbeu/matio/issues/128 + + + + + + + + + + CVE-2019-20021 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 02:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947471 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20021.html + https://github.com/upx/upx/issues/315 + https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa + + + + + + + + + + CVE-2019-20022 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 02:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948103 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20022.html + https://github.com/saitoha/libsixel/issues/108 + https://github.com/saitoha/libsixel/commit/e17c0765ed708186865f0f8badfed44181063776 + + + + + + + + + + CVE-2019-20023 on Ubuntu 20.04 (focal) - medium. + A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 02:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948103 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20023.html + https://github.com/saitoha/libsixel/issues/120 + + + + + + + + + + CVE-2019-20024 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 02:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948103 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20024.html + https://github.com/saitoha/libsixel/issues/121 + https://github.com/saitoha/libsixel/commit/6367d2fc8c365c5841d05697200e90c73c4b3c4b + + + + + + + + + + CVE-2019-20041 on Ubuntu 20.04 (focal) - medium. + wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript&colon; substring. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 08:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20041.html + https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53 + https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ + + + + + + + + + + CVE-2019-20042 on Ubuntu 20.04 (focal) - medium. + In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 08:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20042.html + https://core.trac.wordpress.org/changeset/46894/trunk + https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d + https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ + https://blog.ripstech.com/filter/vulnerabilities/ + https://wpvulndb.com/vulnerabilities/9975 + + + + + + + + + + CVE-2019-20043 on Ubuntu 20.04 (focal) - medium. + In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 08:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20043.html + https://core.trac.wordpress.org/changeset/46893/trunk + https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9 + https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ + https://wpvulndb.com/vulnerabilities/9973 + + + + + + + + + + CVE-2019-20044 on Ubuntu 20.04 (focal) - low. + In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-24 14:15:00 UTC + Sam Foxman + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951458 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20044.html + https://www.zsh.org/mla/zsh-announce/141 + + + + mdeslaur> reproducer in debian bug mdeslaur> low priority since upstream considers this to be a mdeslaur> "minor vulnerability" + + + + + + + + + CVE-2019-20051 on Ubuntu 20.04 (focal) - medium. + A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20051.html + https://github.com/upx/upx/issues/313 + + + + + + + + + + CVE-2019-20053 on Ubuntu 20.04 (focal) - medium. + An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-27 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947471 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20053.html + https://github.com/upx/upx/issues/314 + https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa + + + + + + + + + + CVE-2019-20056 on Ubuntu 20.04 (focal) - medium. + stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-29 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948103 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20056.html + https://github.com/saitoha/libsixel/issues/126 + + + + + + + + + + CVE-2019-20063 on Ubuntu 20.04 (focal) - medium. + hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-29 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20063.html + https://github.com/hoene/libmysofa/issues/67 + https://github.com/hoene/libmysofa/commit/ecb7b743b6f6d47b93a7bc680a60071a0f9524c6 + https://github.com/hoene/libmysofa/compare/v0.7...v0.8 + + + + + + + + + + CVE-2019-20093 on Ubuntu 20.04 (focal) - medium. + The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-30 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20093.html + https://sourceforge.net/p/podofo/tickets/75/ + + + + + + + + + + CVE-2019-20094 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-30 04:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948103 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20094.html + https://github.com/saitoha/libsixel/issues/125 + + + + + + + + + + CVE-2019-20140 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-30 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948103 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20140.html + https://github.com/saitoha/libsixel/issues/122 + + + + + + + + + + CVE-2019-20149 on Ubuntu 20.04 (focal) - medium. + ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-30 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948095 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20149.html + https://github.com/jonschlinkert/kind-of/issues/30 + https://github.com/jonschlinkert/kind-of/pull/31 + + + + + + + + + + CVE-2019-20159 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20159.html + https://github.com/gpac/gpac/issues/1321 + + + + + + + + + + CVE-2019-20160 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20160.html + https://github.com/gpac/gpac/issues/1334 + + + + + + + + + + CVE-2019-20161 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20161.html + https://github.com/gpac/gpac/issues/1320 + + + + + + + + + + CVE-2019-20162 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20162.html + https://github.com/gpac/gpac/issues/1327 + + + + + + + + + + CVE-2019-20163 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20163.html + https://github.com/gpac/gpac/issues/1335 + + + + + + + + + + CVE-2019-20164 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20164.html + https://github.com/gpac/gpac/issues/1332 + + + + + + + + + + CVE-2019-20165 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20165.html + https://github.com/gpac/gpac/issues/1338 + + + + + + + + + + CVE-2019-20166 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20166.html + https://github.com/gpac/gpac/issues/1331 + + + + + + + + + + CVE-2019-20167 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function senc_Parse() in isomedia/box_code_drm.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20167.html + https://github.com/gpac/gpac/issues/1330 + + + + + + + + + + CVE-2019-20168 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20168.html + https://github.com/gpac/gpac/issues/1333 + + + + + + + + + + CVE-2019-20169 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a use-after-free in the function trak_Read() in isomedia/box_code_base.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20169.html + https://github.com/gpac/gpac/issues/1329 + + + + + + + + + + CVE-2019-20170 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20170.html + https://github.com/gpac/gpac/issues/1328 + + + + + + + + + + CVE-2019-20171 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20171.html + https://github.com/gpac/gpac/issues/1337 + + + + + + + + + + CVE-2019-20176 on Ubuntu 20.04 (focal) - medium. + In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947869 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20176.html + https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 + + + + + + + + + + CVE-2019-20184 on Ubuntu 20.04 (focal) - medium. + KeePass 2.4.1 allows CSV injection in the title field of a CSV export. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-09 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20184.html + https://medium.com/@Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a + + + + + + + + + + CVE-2019-20198 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20198.html + + + + + + + + + + + + + + + + CVE-2019-20199 on Ubuntu 20.04 (focal) - low. + An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20199.html + + + + + + + + + + + + + + + CVE-2019-20200 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20200.html + + + + + + + + + + + + + + + + CVE-2019-20201 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-31 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20201.html + + + + + + + + + + + + + + + CVE-2019-20205 on Ubuntu 20.04 (focal) - medium. + libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-02 14:16:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948103 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20205.html + https://github.com/saitoha/libsixel/issues/127 + + + + + + + + + + CVE-2019-20208 on Ubuntu 20.04 (focal) - medium. + dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-02 14:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20208.html + https://github.com/gpac/gpac/issues/1348 + + + + + + + + + + CVE-2019-20218 on Ubuntu 20.04 (focal) - low. + selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-02 14:16:00 UTC + 2020-01-02 14:16:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20218.html + https://ubuntu.com/security/notices/USN-4298-1 + + + + mdeslaur> tests hang when this is backported to earlier releases + + + + + + + + + CVE-2019-20326 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-16 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948197 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20326.html + https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3) + https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master) + + + + + + + + + + CVE-2019-20330 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-03 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20330.html + https://github.com/FasterXML/jackson-databind/issues/2526 + https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e + https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2 + + + + + + + + + + CVE-2019-20334 on Ubuntu 20.04 (focal) - medium. + In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-04 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20334.html + https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4 + https://bugzilla.nasm.us/show_bug.cgi?id=3392638 + + + + + + + + + + CVE-2019-20352 on Ubuntu 20.04 (focal) - medium. + In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-06 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20352.html + https://bugzilla.nasm.us/show_bug.cgi?id=3392636 + + + + + + + + + + CVE-2019-20373 on Ubuntu 20.04 (focal) - medium. + LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-09 23:15:00 UTC + 2020-01-09 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948538 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20373.html + https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba + https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/1839431 + https://ubuntu.com/security/notices/USN-4533-1 + + + + + + + + + + CVE-2019-20378 on Ubuntu 20.04 (focal) - low. + ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-11 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948664 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20378.html + https://github.com/ganglia/ganglia-web/issues/351 + + + + sbeattie> See README.Debian.security, only supported behind an authenticated HTTP zone + + + + + + + + + CVE-2019-20379 on Ubuntu 20.04 (focal) - low. + ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-11 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948664 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20379.html + https://github.com/ganglia/ganglia-web/issues/351 + + + + sbeattie> See README.Debian.security, only supported behind an authenticated HTTP zone + + + + + + + + + CVE-2019-20382 on Ubuntu 20.04 (focal) - low. + QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-05 19:15:00 UTC + 2020-03-05 19:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20382.html + https://www.openwall.com/lists/oss-security/2020/03/05/1 + https://ubuntu.com/security/notices/USN-4372-1 + + + + + + + + + + CVE-2019-20386 on Ubuntu 20.04 (focal) - low. + An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 06:15:00 UTC + 2020-01-21 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20386.html + https://ubuntu.com/security/notices/USN-4269-1 + + + + + + + + + + CVE-2019-20387 on Ubuntu 20.04 (focal) - medium. + repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949611 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20387.html + https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6) + https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da + https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6 + https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html + + + + + + + + + + CVE-2019-20388 on Ubuntu 20.04 (focal) - low. + xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 23:15:00 UTC + 2020-01-21 23:15:00 UTC + avital + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20388.html + https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 + https://ubuntu.com/security/notices/USN-4991-1 + + + + + + + + + + CVE-2019-20391 on Ubuntu 20.04 (focal) - untriaged. + An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20391.html + https://bugzilla.redhat.com/show_bug.cgi?id=1793934 + https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8 + https://github.com/CESNET/libyang/issues/772 + https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3 + + + + + + + + + + CVE-2019-20392 on Ubuntu 20.04 (focal) - untriaged. + An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20392.html + https://bugzilla.redhat.com/show_bug.cgi?id=1793922 + https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5 + https://github.com/CESNET/libyang/issues/723 + https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1 + + + + + + + + + + CVE-2019-20393 on Ubuntu 20.04 (focal) - untriaged. + A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20393.html + https://bugzilla.redhat.com/show_bug.cgi?id=1793930 + https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed + https://github.com/CESNET/libyang/issues/742 + https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1 + + + + + + + + + + CVE-2019-20394 on Ubuntu 20.04 (focal) - untriaged. + A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20394.html + https://bugzilla.redhat.com/show_bug.cgi?id=1793932 + https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6 + https://github.com/CESNET/libyang/issues/769 + https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3 + + + + + + + + + + CVE-2019-20395 on Ubuntu 20.04 (focal) - untriaged. + A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20395.html + https://bugzilla.redhat.com/show_bug.cgi?id=1793924 + https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237 + https://github.com/CESNET/libyang/issues/724 + https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1 + + + + + + + + + + CVE-2019-20396 on Ubuntu 20.04 (focal) - untriaged. + A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20396.html + https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8 + https://github.com/CESNET/libyang/issues/740 + https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1 + + + + + + + + + + CVE-2019-20397 on Ubuntu 20.04 (focal) - untriaged. + A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20397.html + https://bugzilla.redhat.com/show_bug.cgi?id=1793928 + https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4 + https://github.com/CESNET/libyang/issues/739 + https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1 + + + + + + + + + + CVE-2019-20398 on Ubuntu 20.04 (focal) - untriaged. + A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20398.html + https://bugzilla.redhat.com/show_bug.cgi?id=1793935 + https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08 + https://github.com/CESNET/libyang/issues/773 + https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3 + + + + + + + + + + CVE-2019-20425 on Ubuntu 20.04 (focal) - low. + In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-27 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20425.html + http://lustre.org/ + http://wiki.lustre.org/Lustre_2.12.3_Changelog + https://jira.whamcloud.com/browse/LU-12613 + https://review.whamcloud.com/#/c/36209/ + + + + sbeattie> lustre was removed from the upstream staging tree in 4.18 (be65f9ed267fd7d8b3146b7c4be9ecdd3e0aa3ed) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20429 on Ubuntu 20.04 (focal) - low. + In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-27 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20429.html + http://lustre.org/ + http://wiki.lustre.org/Lustre_2.12.3_Changelog + https://jira.whamcloud.com/browse/LU-12590 + https://review.whamcloud.com/#/c/36119/ + https://git.whamcloud.com/?p=fs/lustre-release.git;a=commitdiff;h=268edb13d769994c4841864034d72f0bd7b36e12 + + + + sbeattie> lustre was removed from the upstream staging tree in 4.18 (be65f9ed267fd7d8b3146b7c4be9ecdd3e0aa3ed) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20444 on Ubuntu 20.04 (focal) - medium. + HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." It was discovered that Netty has HTTP request smuggling vulnerability. A remote attacker could use it to extract sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-29 21:15:00 UTC + 2020-01-29 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20444.html + https://github.com/netty/netty/issues/9866 + https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final + https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2@%3Ccommits.druid.apache.org%3E + https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E + https://ubuntu.com/security/notices/USN-4532-1 + https://ubuntu.com/security/notices/USN-4600-1 + https://ubuntu.com/security/notices/USN-4600-2 + + + + + + + + + + CVE-2019-20445 on Ubuntu 20.04 (focal) - medium. + HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. It was discovered that Netty has HTTP request smuggling vulnerability. A remote attacker could use it to extract sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-29 21:15:00 UTC + 2020-01-29 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20445.html + https://github.com/netty/netty/issues/9861 + https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final + https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2@%3Ccommits.druid.apache.org%3E + https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E + https://ubuntu.com/security/notices/USN-4532-1 + https://ubuntu.com/security/notices/USN-4600-1 + https://ubuntu.com/security/notices/USN-4600-2 + + + + + + + + + + CVE-2019-20446 on Ubuntu 20.04 (focal) - low. + In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-02 14:15:00 UTC + 2020-02-02 14:15:00 UTC + https://gitlab.gnome.org/GNOME/librsvg/issues/515 + https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1889206 (regression) + https://gitlab.gnome.org/GNOME/librsvg/-/issues/612 (regression) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20446.html + https://ubuntu.com/security/notices/USN-4436-1 + https://ubuntu.com/security/notices/USN-4436-2 + + + + mdeslaur> also affects older versions written in C mdeslaur> The fixes added to 2.40.21 cause a regression, and upstream will mdeslaur> not be fixing them. + + + + + + + + + CVE-2019-20454 on Ubuntu 20.04 (focal) - low. + An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-14 14:15:00 UTC + https://bugs.exim.org/show_bug.cgi?id=2421 + https://bugs.php.net/bug.php?id=78338 + https://bugzilla.redhat.com/show_bug.cgi?id=1735494 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20454.html + + + + + + + + + + CVE-2019-20478 on Ubuntu 20.04 (focal) - medium. + In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-19 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20478.html + https://www.exploit-db.com/exploits/47655 + + + + + + + + + + CVE-2019-20503 on Ubuntu 20.04 (focal) - medium. + usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-06 20:15:00 UTC + 2020-03-06 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953270 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20503.html + https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 + https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503 + https://ubuntu.com/security/notices/USN-4299-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + + + + + + + + + + + CVE-2019-2053 on Ubuntu 20.04 (focal) - negligible. + In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-122074159 + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-05-08 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2053.html + https://source.android.com/security/bulletin/2019-05-01 + + + + mdeslaur> per upstream: The actual read bytes would be stored locally, mdeslaur> but they were not used for anything, so other than reading mdeslaur> beyond the end of an allocated heap memory buffer, this did not mdeslaur> result in any behavior difference or exposure of the bytes. + + + + + + + + + CVE-2019-20628 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20628.html + https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 + https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8 + https://github.com/gpac/gpac/issues/1269 + + + + + + + + + + CVE-2019-20629 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20629.html + https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 + https://github.com/gpac/gpac/issues/1264 + + + + + + + + + + CVE-2019-20630 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20630.html + https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 + https://github.com/gpac/gpac/issues/1268 + + + + + + + + + + CVE-2019-20631 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20631.html + https://github.com/gpac/gpac/issues/1270 + + + + + + + + + + CVE-2019-20632 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20632.html + https://github.com/gpac/gpac/issues/1271 + + + + + + + + + + CVE-2019-20633 on Ubuntu 20.04 (focal) - low. + GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20633.html + https://savannah.gnu.org/bugs/index.php?56683 + + + + sbeattie> this issue was introduced by the fix for CVE-2018-6952, which has not been applied to any Ubuntu release, due to a complete fix not being available. + + + + + + + + + CVE-2019-20637 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-08 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956305 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20637.html + http://varnish-cache.org/security/VSV00004.html#vsv00004 + https://github.com/varnishcache/varnish-cache/commit/bd7b3d6d47ccbb5e1747126f8e2a297f38e56b8c + + + + + + + + + + CVE-2019-20787 on Ubuntu 20.04 (focal) - medium. + Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-22 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20787.html + https://www.teeworlds.com/forum/viewtopic.php?pid=123860 + + + + + + + + + + CVE-2019-20788 on Ubuntu 20.04 (focal) - medium. + libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-23 19:15:00 UTC + 2020-04-23 19:15:00 UTC + avital + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954163 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20788.html + https://ubuntu.com/security/notices/USN-4407-1 + + + + + + + + + + CVE-2019-20790 on Ubuntu 20.04 (focal) - medium. + OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20790.html + https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816 + https://sourceforge.net/p/opendmarc/tickets/235/ + https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf + + + + + + + + + + CVE-2019-20792 on Ubuntu 20.04 (focal) - low. + OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-29 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20792.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208 + https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4 + https://github.com/OpenSC/OpenSC/compare/0.19.0...0.20.0 + + + + + + + + + + CVE-2019-20794 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-09 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20794.html + https://sourceforge.net/p/fuse/mailman/message/36598753/ + https://github.com/sargun/fuse-example + https://lore.kernel.org/lkml/1e796f9e008fb78fb96358ff74f39bd4865a7c88.1604926010.git.gladkov.alexey@gmail.com/ + + + + jdstrand> Patch not available, unclear if >=5.6.12 has the fix or if the range is wrong. All distros consider this minor. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20797 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by I_SendPacket or I_SendPacketTo in i_network.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-18 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20797.html + https://logicaltrust.net/blog/2019/10/prboom1.html + https://sourceforge.net/p/prboom-plus/bugs/252/ + https://sourceforge.net/p/prboom-plus/bugs/253/ + + + + + + + + + + CVE-2019-20805 on Ubuntu 20.04 (focal) - untriaged. + p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-06-01 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20805.html + https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010 + https://github.com/upx/upx/issues/317 + + + + + + + + + + CVE-2019-20807 on Ubuntu 20.04 (focal) - low. + In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-28 14:15:00 UTC + 2020-05-28 14:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20807.html + https://github.com/vim/vim/releases/tag/v8.1.0881 + https://ubuntu.com/security/notices/USN-4582-1 + + + + + + + + + + CVE-2019-20838 on Ubuntu 20.04 (focal) - low. + libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 17:15:00 UTC + Yunho Kim + https://bugs.gentoo.org/717920 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20838.html + https://www.pcre.org/original/changelog.txt + + + + + + + + + + CVE-2019-20839 on Ubuntu 20.04 (focal) - medium. + libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20839.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + + + + + + + + + + + + + + CVE-2019-20840 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20840.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + + + + + + + + + + + + + CVE-2019-20907 on Ubuntu 20.04 (focal) - medium. + In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-13 13:15:00 UTC + 2020-07-13 13:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20907.html + https://bugs.python.org/issue39017 + https://github.com/python/cpython/pull/21454 + https://ubuntu.com/security/notices/USN-4428-1 + https://ubuntu.com/security/notices/USN-4754-3 + + + + + + + + + + + + + CVE-2019-20916 on Ubuntu 20.04 (focal) - medium. + The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-04 20:15:00 UTC + 2020-09-04 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20916.html + https://github.com/pypa/pip/issues/6413 + https://github.com/pypa/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace (19.2) + https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace + https://github.com/pypa/pip/compare/19.1.1...19.2 + https://ubuntu.com/security/notices/USN-4601-1 + + + + + + + + + + CVE-2019-20917 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-11 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20917.html + https://docs.inspircd.org/security/2019-02/ + + + + + + + + + + CVE-2019-20920 on Ubuntu 20.04 (focal) - untriaged. + Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20920.html + https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478 + https://www.npmjs.com/advisories/1316 + https://www.npmjs.com/advisories/1324 + + + + + + + + + + CVE-2019-20922 on Ubuntu 20.04 (focal) - untriaged. + Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20922.html + https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b + https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388 + https://www.npmjs.com/advisories/1300 + + + + + + + + + + CVE-2019-20923 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20923.html + https://jira.mongodb.org/browse/SERVER-39481 + + + + + + + + + + CVE-2019-20924 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20924.html + https://jira.mongodb.org/browse/SERVER-44377 + + + + + + + + + + CVE-2019-20925 on Ubuntu 20.04 (focal) - medium. + An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-24 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20925.html + https://jira.mongodb.org/browse/SERVER-43751 + + + + msalvatore> Introduced by https://github.com/mongodb/mongo/commit/91800fc61913358350b658406065c5d893d2ba2c + + + + + + + + + CVE-2019-20933 on Ubuntu 20.04 (focal) - medium. + InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-19 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20933.html + https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0 + https://github.com/influxdata/influxdb/issues/12927 + https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6 + + + + + + + + + + CVE-2019-2110 on Ubuntu 20.04 (focal) - medium. + In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-69703445 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-11 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2110.html + https://source.android.com/security/bulletin/2019-10-01 + + + + + + + + + + CVE-2019-2126 on Ubuntu 20.04 (focal) - low. + In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-20 20:15:00 UTC + 2019-08-20 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2126.html + https://source.android.com/security/bulletin/2019-08-01 + https://ubuntu.com/security/notices/USN-4199-1 + + + + amurray> mkvparser.cc is embedded in libwebm in various other packages mdeslaur> mkvparser.cc doesn't appear to be built in the firefox package + + + + + + + + + + + + + + CVE-2019-2128 on Ubuntu 20.04 (focal) - medium. + In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132647222. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-20 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2128.html + https://source.android.com/security/bulletin/2019-08-01 + + + + + + + + + + CVE-2019-2136 on Ubuntu 20.04 (focal) - medium. + In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132650049. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-20 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2136.html + https://source.android.com/security/bulletin/2019-08-01 + + + + + + + + + + CVE-2019-2137 on Ubuntu 20.04 (focal) - medium. + In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-132438333. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-20 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2137.html + https://source.android.com/security/bulletin/2019-08-01 + + + + + + + + + + + + + CVE-2019-2173 on Ubuntu 20.04 (focal) - medium. + In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-11 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2173.html + https://source.android.com/security/bulletin/2019-10-01 + + + + + + + + + + CVE-2019-2180 on Ubuntu 20.04 (focal) - low. + In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-05 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934957 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2180.html + + + + mdeslaur> this CVE is for the "Fixed IPP buffer overflow (rdar://50035411)" mdeslaur> part of the commit + + + + + + + + + CVE-2019-2183 on Ubuntu 20.04 (focal) - medium. + In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-11 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2183.html + https://source.android.com/security/bulletin/pixel/2019-10-01 + + + + + + + + + + CVE-2019-2386 on Ubuntu 20.04 (focal) - low. + After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.9; v3.6 versions prior to 3.6.13; v3.4 versions prior to 3.4.22. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-06 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2386.html + https://jira.mongodb.org/browse/SERVER-38984 + https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0829 + + + + + + + + + + CVE-2019-2391 on Ubuntu 20.04 (focal) - medium. + Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-31 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2391.html + https://github.com/mongodb/js-bson/releases/tag/v1.1.4 + + + + + + + + + + CVE-2019-2392 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2392.html + https://jira.mongodb.org/browse/SERVER-43699 + + + + + + + + + + CVE-2019-2393 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2393.html + https://jira.mongodb.org/browse/SERVER-43350 + + + + + + + + + + CVE-2019-2422 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + 2019-01-16 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2422.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + https://ubuntu.com/security/notices/USN-3875-1 + https://ubuntu.com/security/notices/USN-3942-1 + https://ubuntu.com/security/notices/USN-3949-1 + + + + + + + + + + + + + CVE-2019-2435 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2435.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#CVE-2019-2435 + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2446 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2446.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2448 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2448.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2450 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2450.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2451 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2451.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2500 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2500.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2501 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2501.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-25013 on Ubuntu 20.04 (focal) - low. + The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-04 18:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24973 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979273 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25013.html + + + + + + + + + + CVE-2019-25026 on Ubuntu 20.04 (focal) - medium. + Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25026.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2019-25031 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25031.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + + + + + + + CVE-2019-25032 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25032.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + + + + + + + CVE-2019-25033 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25033.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + mdeslaur> same commit as CVE-2019-25032 + + + + + + + + + CVE-2019-25034 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25034.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + + + + + + + CVE-2019-25035 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25035.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + + + + + + + CVE-2019-25036 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25036.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + + + + + + + CVE-2019-25037 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25037.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + + + + + + + CVE-2019-25038 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25038.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + + + + + + + CVE-2019-25039 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25039.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + mdeslaur> same commit as CVE-2019-25038 + + + + + + + + + CVE-2019-2504 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2504.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-25040 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25040.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + + + + + + + CVE-2019-25041 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25041.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + mdeslaur> same commit as CVE-2019-25040 + + + + + + + + + CVE-2019-25042 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 06:15:00 UTC + 2021-04-27 06:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25042.html + https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ + https://ubuntu.com/security/notices/USN-4938-1 + + + + + + + + + + CVE-2019-25043 on Ubuntu 20.04 (focal) - medium. + ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25043.html + https://github.com/SpiderLabs/ModSecurity/issues/2566 + + + + + + + + + + CVE-2019-25044 on Ubuntu 20.04 (focal) - medium. + The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-14 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25044.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3e2219216c92919a6bd1711f340f5faa98695e6 + https://syzkaller.appspot.com/bug?id=36fe241584203cf394d44560a42e3430434f1213 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 + https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-blk_mq_free_rqs + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-25045 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-07 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25045.html + https://git.kernel.org/linus/dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 + https://syzkaller.appspot.com/bug?id=f99edaeec58ad40380ed5813d89e205861be2896 + https://sites.google.com/view/syzscope/warning-in-xfrm_state_fini-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-2505 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2505.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-25051 on Ubuntu 20.04 (focal) - medium. + objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-20 07:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-25051.html + https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462 + + + + + + + + + + CVE-2019-2506 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2506.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2508 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2508.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2509 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2509.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2511 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2511.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2520 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2520.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2521 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2521.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2522 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2522.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2523 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2523.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2524 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2524.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2525 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2525.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2526 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2526.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2527 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.26 and prior to 6.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2527.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2548 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2548.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2552 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2552.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2553 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2553.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2554 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2554.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2555 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2555.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2556 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 19:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2556.html + http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html + + + + + + + + + + CVE-2019-2574 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2574.html + + + + + + + + + + CVE-2019-2602 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). It was discovered that the BigDecimal implementation in OpenJDK performed excessive computation when given certain values. An attacker could use this to cause a denial of service (excessive CPU usage). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + 2019-04-23 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2602.html + https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3975-1 + + + + + + + + + + + + + CVE-2019-2614 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + 2019-04-23 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927308 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2614.html + https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-3957-1 + https://ubuntu.com/security/notices/USN-3957-2 + https://ubuntu.com/security/notices/USN-3957-3 + https://ubuntu.com/security/notices/USN-4070-3 + + + + mdeslaur> as of 2019-04-23, no details for 5.5 + + + + + + + + + CVE-2019-2627 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + 2019-04-23 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927308 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2627.html + https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-3957-1 + https://ubuntu.com/security/notices/USN-3957-2 + https://ubuntu.com/security/notices/USN-3957-3 + https://ubuntu.com/security/notices/USN-4070-3 + + + + mdeslaur> as of 2019-04-23, no details for 5.5 + + + + + + + + + CVE-2019-2628 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + 2019-04-23 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927308 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2628.html + https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-3957-1 + https://ubuntu.com/security/notices/USN-4070-3 + + + + mdeslaur> 5.6 not affected, 5.5 is presumed not-affected also + + + + + + + + + CVE-2019-2656 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2656.html + + + + + + + + + + CVE-2019-2657 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2657.html + + + + + + + + + + CVE-2019-2678 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2678.html + + + + + + + + + + CVE-2019-2679 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2679.html + + + + + + + + + + CVE-2019-2680 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2680.html + + + + + + + + + + CVE-2019-2684 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Corwin de Boor and Robert Xiao discovered that the RMI registry implementation in OpenJDK did not properly select the correct skeleton class in some situations. An attacker could use this to possibly escape Java sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + 2019-04-23 + Corwin de Boor and Robert Xiao + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2684.html + https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixJAVA + https://ubuntu.com/security/notices/USN-3975-1 + + + + + + + + + + + + + CVE-2019-2690 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2690.html + + + + + + + + + + CVE-2019-2696 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2696.html + + + + + + + + + + CVE-2019-2703 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2703.html + + + + + + + + + + CVE-2019-2721 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2721.html + + + + + + + + + + CVE-2019-2722 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2722.html + + + + + + + + + + CVE-2019-2723 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-23 19:32:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2723.html + + + + + + + + + + CVE-2019-2737 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + 2019-07-19 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932340 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2737.html + https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4070-1 + https://ubuntu.com/security/notices/USN-4070-2 + https://ubuntu.com/security/notices/USN-4070-3 + + + + ebarretto> as of 2019-08-22, no details for 5.5 + + + + + + + + + CVE-2019-2739 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + 2019-07-19 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932340 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2739.html + https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4070-1 + https://ubuntu.com/security/notices/USN-4070-2 + https://ubuntu.com/security/notices/USN-4070-3 + + + + ebarretto> as of 2019-08-22, no details for 5.5 + + + + + + + + + CVE-2019-2740 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + 2019-07-19 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932340 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2740.html + https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4070-1 + https://ubuntu.com/security/notices/USN-4070-2 + https://ubuntu.com/security/notices/USN-4070-3 + + + + ebarretto> as of 2019-08-22, no details for 5.5 + + + + + + + + + CVE-2019-2758 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + 2019-07-19 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932340 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2758.html + https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4070-1 + https://ubuntu.com/security/notices/USN-4070-3 + + + + ebarretto> as of 2019-08-22, no details for 5.5 + + + + + + + + + CVE-2019-2805 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + 2019-07-19 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932340 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2805.html + https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4070-1 + https://ubuntu.com/security/notices/USN-4070-2 + https://ubuntu.com/security/notices/USN-4070-3 + + + + ebarretto> as of 2019-08-22, no details for 5.5 + + + + + + + + + CVE-2019-2848 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2848.html + + + + + + + + + + CVE-2019-2850 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2850.html + + + + + + + + + + CVE-2019-2859 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2859.html + + + + + + + + + + CVE-2019-2863 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2863.html + + + + + + + + + + CVE-2019-2864 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2864.html + + + + + + + + + + CVE-2019-2865 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2865.html + + + + + + + + + + CVE-2019-2866 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2866.html + + + + + + + + + + CVE-2019-2867 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2867.html + + + + + + + + + + CVE-2019-2873 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2873.html + + + + + + + + + + CVE-2019-2874 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2874.html + + + + + + + + + + CVE-2019-2875 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2875.html + + + + + + + + + + CVE-2019-2876 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2876.html + + + + + + + + + + CVE-2019-2877 on Ubuntu 20.04 (focal) - untriaged. + Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2877.html + + + + + + + + + + CVE-2019-2894 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side-channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + Jan Jancar, Petr Svenda, and Vladimir Sedlacek + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2894.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://minerva.crocs.fi.muni.cz/ + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2910 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2910.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2911 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2911.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2914 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2914.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2920 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2920.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2922 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2922.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + + + + CVE-2019-2923 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2923.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + + + + CVE-2019-2924 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2924.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + + + + CVE-2019-2926 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2926.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + + + + + + + + CVE-2019-2938 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2938.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + https://ubuntu.com/security/notices/USN-4195-2 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + + + + CVE-2019-2944 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2944.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + + + + + + + + CVE-2019-2945 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom Socket implementation. An attacker could use this to specially create a Java class that could possibly bypass Java sandbox restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2945.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2946 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2946.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2948 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2948.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2949 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). Rob Hamm discovered that the Kerberos implementation in OpenJDK did not properly handle proxy credentials. An attacker could possibly use this to impersonate another user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + Rob Hamm + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2949.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2950 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2950.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2957 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2957.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2960 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2960.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2962 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that a NULL pointer dereference existed in the font handling implementation in OpenJDK. An attacker could use this to cause a denial of service (application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2962.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2963 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2963.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2964 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the Concurrency subsystem in OpenJDK did not properly bound stack consumption when compiling regular expressions. An attacker could use this to cause a denial of service (application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2964.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2966 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2966.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2967 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2967.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2968 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2968.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2969 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2969.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2973 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the JAXP subsystem in OpenJDK did not properly handle XPath expressions in some situations. An attacker could use this to cause a denial of service (application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2973.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2974 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + https://bugs.launchpad.net/bugs/1852109 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2974.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + https://ubuntu.com/security/notices/USN-4195-2 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + + + + CVE-2019-2975 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). It was discovered that the Nashorn JavaScript subcomponent in OpenJDK did not properly handle regular expressions in some situations. An attacker could use this to cause a denial of service (application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2975.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2977 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L). It was discovered that the String class in OpenJDK contained an out-of-bounds access vulnerability. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2977.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + sbeattie> does not affect openjdk-8 + + + + + + + + + + + + CVE-2019-2978 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the Jar URL handler in OpenJDK did not properly handled nested Jar URLs in some situations. An attacker could use this to cause a denial of service (application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2978.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2981 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the JAXP subsystem in OpenJDK did not properly handle XPath expressions in some situations. An attacker could use this to cause a denial of service (application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2981.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2982 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2982.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2983 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the Serialization component of OpenJDK did not properly handle deserialization of certain object attributes. An attacker could use this to cause a denial of service (application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2983.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2984 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2984.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + + + + + + + + CVE-2019-2987 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the FreetypeFontScaler class in OpenJDK did not properly validate dimensions of glyph bitmap images read from font files. An attacker could specially craft a font file that could cause a denial of service (application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2987.html + https://www.oracle.com/security-alerts/cpuoct2019.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2988 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that a buffer overflow existed in the SunGraphics2D class in OpenJDK. An attacker could possibly use this to cause a denial of service (excessive memory consumption or application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2988.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2989 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N). It was discovered that the Networking component in OpenJDK did not properly handle certain responses from HTTP proxies. An attacker controlling a malicious HTTP proxy could possibly use this to inject content into a proxied HTTP connection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2989.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2991 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2991.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2992 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that the font handling implementation in OpenJDK did not properly validate TrueType font files in some situations. An attacker could specially craft a font file that could cause a denial of service (excessive memory consumption). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2992.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-2993 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942443 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2993.html + https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2997 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2997.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2998 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2998.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-2999 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). It was discovered that the JavaDoc generator in OpenJDK did not properly filter out some HTML elements properly, including documentation comments in Java source code. An attacker could possibly use this to craft a Cross-Site Scripting attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2999.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4223-1 + + + + + + + + + + + + + + CVE-2019-3002 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3002.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + + + + + + + + CVE-2019-3003 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3003.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-3004 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3004.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-3005 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3005.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + + + + + + + + CVE-2019-3009 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3009.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-3011 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3011.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-3017 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3017.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + + + + + + + + CVE-2019-3018 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3018.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + https://ubuntu.com/security/notices/USN-4195-1 + + + + leosilva> since 5.5 is no longer upstream supported leosilva> and so far we cannot patch it leosilva> marking as ignored. + + + + + + + + + CVE-2019-3021 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3021.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + + + + + + + + CVE-2019-3026 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3026.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + + + + + + + + CVE-2019-3028 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3028.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + + + + + + + + CVE-2019-3031 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3031.html + http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html + + + + + + + + + + CVE-2019-3309 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-18 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3309.html + + + + + + + + + + CVE-2019-3461 on Ubuntu 20.04 (focal) - medium. + Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 18:29:00 UTC + 2019-02-04 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918956 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3461.html + https://ubuntu.com/security/notices/USN-4077-1 + + + + ebarretto> Version on trusty needs the fix, but the fix depends on bind mounts ebarretto> from util-linux package. And the util-linux in trusty doesn't ebarretto> contain that feature. We could use another solution but I am not ebarretto> sure how this might affect the race condition. + + + + + + + + + CVE-2019-3465 on Ubuntu 20.04 (focal) - medium. + Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-07 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944107 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3465.html + https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ + + + + + + + + + + CVE-2019-3467 on Ubuntu 20.04 (focal) - medium. + Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-23 19:15:00 UTC + 2019-12-23 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3467.html + https://ubuntu.com/security/notices/USN-4530-1 + + + + + + + + + + CVE-2019-3500 on Ubuntu 20.04 (focal) - medium. + aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. It was discovered that aria2 could accidentally leak authentication data. An attacker could possibly use this to gain access to sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 07:29:00 UTC + 2019-01-02 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918058 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3500.html + https://github.com/aria2/aria2/issues/1329 + https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a + https://ubuntu.com/security/notices/USN-3965-1 + + + + + + + + + + CVE-2019-3573 on Ubuntu 20.04 (focal) - low. + In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3573.html + https://github.com/saitoha/libsixel/issues/83 + https://github.com/TeamSeri0us/pocs/tree/master/libsixel + + + + + + + + + + CVE-2019-3574 on Ubuntu 20.04 (focal) - low. + In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-02 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3574.html + https://github.com/saitoha/libsixel/issues/83 + https://github.com/TeamSeri0us/pocs/tree/master/libsixel + + + + + + + + + + CVE-2019-3681 on Ubuntu 20.04 (focal) - low. + A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 . + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-29 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3681.html + https://bugzilla.suse.com/show_bug.cgi?id=1122675 + + + + + + + + + + CVE-2019-3685 on Ubuntu 20.04 (focal) - medium. + Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-05 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3685.html + + + + + + + + + + CVE-2019-3689 on Ubuntu 20.04 (focal) - low. + The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-19 14:15:00 UTC + 2019-09-19 14:15:00 UTC + mdeslaur + https://bugzilla.suse.com/show_bug.cgi?id=1150733 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940848 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3689.html + https://ubuntu.com/security/notices/USN-4400-1 + + + + + + + + + + CVE-2019-3804 on Ubuntu 20.04 (focal) - low. + It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-26 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3804.html + https://github.com/cockpit-project/cockpit/pull/10819 + https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12 + + + + + + + + + + CVE-2019-3806 on Ubuntu 20.04 (focal) - low. + An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-29 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3806.html + https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html + + + + + + + + + + CVE-2019-3807 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-29 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3807.html + https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html + + + + + + + + + + CVE-2019-3811 on Ubuntu 20.04 (focal) - low. + A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-15 15:29:00 UTC + https://pagure.io/SSSD/sssd/issue/3901 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919051 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3811.html + + + + + + + + + + CVE-2019-3816 on Ubuntu 20.04 (focal) - medium. + Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-14 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754501 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3816.html + http://bugzilla.suse.com/show_bug.cgi?id=1122623 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816 + + + + + + + + + + CVE-2019-3825 on Ubuntu 20.04 (focal) - medium. + A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-06 20:29:00 UTC + 2019-02-06 + Burghard Britzke + https://gitlab.gnome.org/GNOME/gdm/issues/460 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921764 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3825.html + https://ubuntu.com/security/notices/USN-3892-1 + + + + + + + + + + CVE-2019-3826 on Ubuntu 20.04 (focal) - low. + A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-26 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921615 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3826.html + https://github.com/prometheus/prometheus/pull/5163 + + + + + + + + + + CVE-2019-3833 on Ubuntu 20.04 (focal) - medium. + Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-14 22:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754501 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3833.html + http://bugzilla.suse.com/show_bug.cgi?id=1122623 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3833 + + + + + + + + + + CVE-2019-3855 on Ubuntu 20.04 (focal) - medium. + An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote, unauthenticated attacker could execute arbitrary code on the client system. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 21:29:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3855.html + https://www.libssh2.org/CVE-2019-3855.html + https://github.com/libssh2/libssh2/pull/315 + + + + + + + + + + CVE-2019-3856 on Ubuntu 20.04 (focal) - medium. + An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. It was discovered that libssh2 incorrectly handled prompt requests. A remote attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3856.html + https://www.libssh2.org/CVE-2019-3856.html + https://github.com/libssh2/libssh2/pull/315 + + + + + + + + + + CVE-2019-3857 on Ubuntu 20.04 (focal) - medium. + An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. It was discovered that libssh2 incorrectly handled SSH_MSG_CHANNEL_REQUEST packets. A remote attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3857.html + https://www.libssh2.org/CVE-2019-3857.html + https://github.com/libssh2/libssh2/pull/315 + + + + + + + + + + CVE-2019-3858 on Ubuntu 20.04 (focal) - medium. + An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. It was discovered that libssh2 incorrectly handled specially crafted SFTP packets. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3858.html + https://github.com/libssh2/libssh2/pull/316 + + + + + + + + + + CVE-2019-3859 on Ubuntu 20.04 (focal) - medium. + An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. It was discovered that libssh2 incorrectly handled certain specially crafted packets. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3859.html + https://www.libssh2.org/CVE-2019-3859.html + https://github.com/libssh2/libssh2/pull/315 + https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html + + + + msalvatore> Upstream fix causes regression: msalvatore> https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html msalvatore> Follow up patch: https://github.com/libssh2/libssh2/commit/ca2744483eac4e707084df5fc55cc69d57571dde + + + + + + + + + CVE-2019-3860 on Ubuntu 20.04 (focal) - medium. + An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. It was discovered that libssh2 incorrectly handled SFTP packets with empty payloads. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3860.html + https://libssh2.org/CVE-2019-3860.html + https://github.com/libssh2/libssh2/pull/316 + + + + + + + + + + CVE-2019-3861 on Ubuntu 20.04 (focal) - medium. + An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. It was discovered that libssh2 incorrectly handled padding value in SSH packets. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3861.html + https://libssh2.org/CVE-2019-3861.html + https://github.com/libssh2/libssh2/pull/316 + + + + + + + + + + CVE-2019-3862 on Ubuntu 20.04 (focal) - medium. + An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. It was discovered that libssh2 incorrectly handled SSH_MSG_CHANNEL_REQUEST packets. A remote attacker could possibly use this issue to cause a denial of service or obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3862.html + https://libssh2.org/CVE-2019-3862.html + https://github.com/libssh2/libssh2/pull/316 + + + + + + + + + + CVE-2019-3863 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. It was discovered that libssh2 incorrectly handled interactive response messages length. A remote attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-25 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3863.html + https://www.libssh2.org/CVE-2019-3863.html + https://github.com/libssh2/libssh2/pull/315 + + + + + + + + + + CVE-2019-3866 on Ubuntu 20.04 (focal) - medium. + An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-08 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3866.html + https://bugzilla.redhat.com/show_bug.cgi?id=1768731 + + + + + + + + + + CVE-2019-3871 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924966 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3871.html + https://github.com/PowerDNS/pdns/issues/7573 + https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html + + + + + + + + + + CVE-2019-3881 on Ubuntu 20.04 (focal) - medium. + Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for later execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-04 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796383 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3881.html + https://salsa.debian.org/ruby-team/bundler/blob/debian/1.16.1-2/debian/patches/0006-Don-t-use-insecure-temporary-directory-as-home-direc.patch + https://salsa.debian.org/ruby-team/bundler/blob/debian/1.16.1-2/debian/patches/0007-Remove-temporary-home-directories.patch + + + + + + + + + + CVE-2019-3883 on Ubuntu 20.04 (focal) - medium. + In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-17 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3883.html + https://bugzilla.redhat.com/show_bug.cgi?id=1693612 + https://pagure.io/389-ds-base/issue/50329 + + + + + + + + + + CVE-2019-3888 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-12 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3888.html + https://github.com/undertow-io/undertow/pull/736 + + + + + + + + + + CVE-2019-3890 on Ubuntu 20.04 (focal) - untriaged. + It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-08-01 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3890.html + https://gitlab.gnome.org/GNOME/evolution-ews/issues/36 + https://bugzilla.redhat.com/show_bug.cgi?id=1678313 + + + + + + + + + + CVE-2019-3895 on Ubuntu 20.04 (focal) - medium. + An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-03 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3895.html + https://bugs.launchpad.net/octavia/+bug/1620629 + https://bugzilla.redhat.com/show_bug.cgi?id=1694608 + + + + + + + + + + CVE-2019-3902 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the target's filesystem. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-22 16:29:00 UTC + 2019-04-22 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3902.html + https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29 + https://ubuntu.com/security/notices/USN-4086-1 + + + + + + + + + + CVE-2019-3992 on Ubuntu 20.04 (focal) - medium. + ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain access to valid admin usernames and, in older versions of ELOG, passwords. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3992.html + https://www.tenable.com/security/research/tra-2019-53 + + + + + + + + + + CVE-2019-3993 on Ubuntu 20.04 (focal) - medium. + ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3993.html + https://www.tenable.com/security/research/tra-2019-53 + + + + + + + + + + CVE-2019-3994 on Ubuntu 20.04 (focal) - medium. + ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3994.html + https://www.tenable.com/security/research/tra-2019-53 + + + + + + + + + + CVE-2019-3995 on Ubuntu 20.04 (focal) - medium. + ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3995.html + https://www.tenable.com/security/research/tra-2019-53 + + + + + + + + + + CVE-2019-3996 on Ubuntu 20.04 (focal) - medium. + ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3996.html + https://www.tenable.com/security/research/tra-2019-53 + + + + + + + + + + CVE-2019-5010 on Ubuntu 20.04 (focal) - low. + An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-31 21:15:00 UTC + 2019-01-18 + mdeslaur + Colin Read and Nicolas Edet + https://bugs.python.org/issue35746 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5010.html + https://github.com/python/cpython/pull/11569 + https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html + https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-pythonorg.html + https://ubuntu.com/security/notices/USN-4127-1 + https://ubuntu.com/security/notices/USN-4127-2 + + + + mdeslaur> DoS is only possible in certain situations, see upstream bug mdeslaur> report. Marking as low. + + + + + + + + + CVE-2019-5051 on Ubuntu 20.04 (focal) - medium. + An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-03 19:15:00 UTC + 2019-07-03 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5051.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820 + https://ubuntu.com/security/notices/USN-4238-1 + + + + + + + + + + + + + CVE-2019-5052 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. USN-4238-1 addressed serveral vulnerabilities in SDL_image. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-03 19:15:00 UTC + 2019-07-03 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5052.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0821 + https://ubuntu.com/security/notices/USN-4238-1 + + + + + + + + + + + + + CVE-2019-5057 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5057.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841 + + + + + + + + + + CVE-2019-5058 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5058.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842 + + + + + + + + + + CVE-2019-5059 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5059.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843 + + + + + + + + + + CVE-2019-5060 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-31 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5060.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844 + + + + + + + + + + CVE-2019-5061 on Ubuntu 20.04 (focal) - low. + An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-12 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5061.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849 + + + + sbeattie| upstream fix appears to be to remove (the incomplete) IAPP support completely. + + + + + + + + + CVE-2019-5062 on Ubuntu 20.04 (focal) - negligible. + An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-12-12 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5062.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850 + + + + + + + + + + CVE-2019-5086 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 16:15:00 UTC + pfsmorigo + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5086.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878 + https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878 + + + + + + + + + + CVE-2019-5087 on Ubuntu 20.04 (focal) - medium. + An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 16:15:00 UTC + pfsmorigo + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5087.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879 + https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0879 + + + + + + + + + + CVE-2019-5152 on Ubuntu 20.04 (focal) - medium. + An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5152.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942 + https://github.com/shadowsocks/shadowsocks-libev/issues/2525 + https://github.com/shadowsocks/shadowsocks-libev/issues/2525#issuecomment-557551274 + + + + + + + + + + CVE-2019-5163 on Ubuntu 20.04 (focal) - medium. + An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5163.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956 + https://github.com/shadowsocks/shadowsocks-libev/issues/2536 + + + + + + + + + + CVE-2019-5164 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5164.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958 + https://github.com/shadowsocks/shadowsocks-libev/issues/2537 + + + + + + + + + + CVE-2019-5418 on Ubuntu 20.04 (focal) - medium. + There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5418.html + https://www.openwall.com/lists/oss-security/2019/03/13/5 + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2019-5419 on Ubuntu 20.04 (focal) - medium. + There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 14:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5419.html + https://www.openwall.com/lists/oss-security/2019/03/13/4 + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2019-5427 on Ubuntu 20.04 (focal) - medium. + c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-22 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5427.html + https://hackerone.com/reports/509315 + + + + + + + + + + CVE-2019-5429 on Ubuntu 20.04 (focal) - low. + Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-29 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5429.html + https://svn.filezilla-project.org/filezilla?view=revision&revision=9112 + https://www.tenable.com/security/research/tra-2019-14 + + + + + + + + + + CVE-2019-5432 on Ubuntu 20.04 (focal) - medium. + A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-06 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928673 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5432.html + https://hackerone.com/reports/541354 + + + + + + + + + + CVE-2019-5439 on Ubuntu 20.04 (focal) - medium. + A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-13 16:29:00 UTC + 2019-06-13 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930276 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5439.html + https://hackerone.com/reports/484398 + http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security + https://ubuntu.com/security/notices/USN-4074-1 + + + + + + + + + + CVE-2019-5459 on Ubuntu 20.04 (focal) - medium. + An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-30 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5459.html + https://hackerone.com/reports/502816 + + + + ebarretto> It also affects faad2 + + + + + + + + + CVE-2019-5477 on Ubuntu 20.04 (focal) - medium. + A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4. USN-4175-1 addressed CVE-2019-5477 in Nokogiri. This update provides the corresponding fix for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-16 16:15:00 UTC + 2019-08-16 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5477.html + https://github.com/sparklemotion/nokogiri/issues/1915 + https://ubuntu.com/security/notices/USN-4175-1 + + + + + + + + + + CVE-2019-5737 on Ubuntu 20.04 (focal) - medium. + In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1. Marco Pracucci discovered that Node.js mishandled HTTP and HTTPS connections. An attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-28 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5737.html + https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ + + + + + + + + + + CVE-2019-5785 on Ubuntu 20.04 (focal) - medium. + Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-27 17:15:00 UTC + 2019-02-14 + chrisccoulson + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818180 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5785.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2019-5785 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2019-5785 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2019-5785 + https://ubuntu.com/security/notices/USN-3897-1 + https://ubuntu.com/security/notices/USN-3896-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-5827 on Ubuntu 20.04 (focal) - low. + Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-27 17:15:00 UTC + 2019-06-27 17:15:00 UTC + https://crbug.com/952406 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-5827 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928770 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5827.html + https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html + https://ubuntu.com/security/notices/USN-4205-1 + + + + mdeslaur> this is a chromium-specific flaw related to data types used mdeslaur> in memory allocation. This isn't directly an issue in sqlite3 mdeslaur> although the commits listed do prevent the issue from happening. + + + + + + + + + + + + + CVE-2019-5885 on Ubuntu 20.04 (focal) - medium. + Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5885.html + https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/ + + + + + + + + + + CVE-2019-6109 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-31 18:29:00 UTC + 2019-01-14 + mdeslaur + Harry Sintonen + https://bugzilla.mindrot.org/show_bug.cgi?id=2434 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6109.html + https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt + https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037459.html + https://ubuntu.com/security/notices/USN-3885-1 + + + + seth-arnold> openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. mdeslaur> mdeslaur> The recommended workaround for this issue is to switch to using mdeslaur> sftp instead of scp. mdeslaur> mdeslaur> The updates in USN-3885-1 inverted two CVE numbers by accident. + + + + + + + + + + + + CVE-2019-6111 on Ubuntu 20.04 (focal) - low. + An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-31 18:29:00 UTC + 2019-01-14 + mdeslaur + Harry Sintonen + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6111.html + https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt + https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037459.html + https://ubuntu.com/security/notices/USN-3885-1 + https://ubuntu.com/security/notices/USN-3885-2 + + + + seth-arnold> openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. mdeslaur> mdeslaur> The recommended workaround for this issue is to switch to using mdeslaur> sftp instead of scp. mdeslaur> mdeslaur> The updates in USN-3885-1 inverted two CVE numbers by accident. mdeslaur> mdeslaur> The initial USN was incomplete and did not include the second mdeslaur> commit. + + + + + + + + + + + + CVE-2019-6130 on Ubuntu 20.04 (focal) - medium. + Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-11 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918971 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6130.html + https://bugs.ghostscript.com/show_bug.cgi?id=700446 + http://www.ghostscript.com/cgi-bin/findgit.cgi?faf47b94e24314d74907f3f6bc874105f2c962ed + + + + + + + + + + CVE-2019-6131 on Ubuntu 20.04 (focal) - medium. + svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-11 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918970 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6131.html + https://bugs.ghostscript.com/show_bug.cgi?id=700442 + http://www.ghostscript.com/cgi-bin/findgit.cgi?c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b + + + + + + + + + + CVE-2019-6201 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6201.html + https://webkitgtk.org/security/WSA-2019-0002.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6212 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-05 16:29:00 UTC + 2019-02-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6212.html + https://webkitgtk.org/security/WSA-2019-0001.html + https://ubuntu.com/security/notices/USN-3889-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6215 on Ubuntu 20.04 (focal) - medium. + A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-05 16:29:00 UTC + 2019-02-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6215.html + https://webkitgtk.org/security/WSA-2019-0001.html + https://ubuntu.com/security/notices/USN-3889-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6216 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-05 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6216.html + https://webkitgtk.org/security/WSA-2019-0001.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6217 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-05 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6217.html + https://webkitgtk.org/security/WSA-2019-0001.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6226 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-05 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6226.html + https://webkitgtk.org/security/WSA-2019-0001.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6227 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-05 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6227.html + https://webkitgtk.org/security/WSA-2019-0001.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6229 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-05 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6229.html + https://webkitgtk.org/security/WSA-2019-0001.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6233 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-05 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6233.html + https://webkitgtk.org/security/WSA-2019-0001.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6234 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-05 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6234.html + https://webkitgtk.org/security/WSA-2019-0001.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6237 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + G. Geshev and Liu Long + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6237.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-6251 on Ubuntu 20.04 (focal) - medium. + WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-14 08:29:00 UTC + 2019-01-14 + https://gitlab.gnome.org/GNOME/epiphany/issues/532 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6251.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + + + + + + + + + + CVE-2019-6256 on Ubuntu 20.04 (focal) - medium. + A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. It was discovered that liveMedia incorrectly handled certain network sessions. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-14 08:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919529 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6256.html + + + + + + + + + + CVE-2019-6283 on Ubuntu 20.04 (focal) - medium. + In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-14 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6283.html + https://github.com/sass/libsass/issues/2814 + + + + + + + + + + CVE-2019-6284 on Ubuntu 20.04 (focal) - medium. + In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-14 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6284.html + https://github.com/sass/libsass/issues/2816 + + + + + + + + + + CVE-2019-6285 on Ubuntu 20.04 (focal) - low. + The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-14 22:29:00 UTC + https://github.com/jbeder/yaml-cpp/issues/660 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919432 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6285.html + + + + mdeslaur> same commit as CVE-2018-20573 + + + + + + + + + CVE-2019-6286 on Ubuntu 20.04 (focal) - medium. + In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-14 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6286.html + https://github.com/sass/libsass/issues/2815 + + + + + + + + + + CVE-2019-6290 on Ubuntu 20.04 (focal) - negligible. + An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-01-15 00:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392548 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6290.html + + + + mdeslaur> no fix as of 2019-04-25 + + + + + + + + + CVE-2019-6291 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-01-15 00:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392549 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6291.html + + + + mdeslaur> no fix as of 2019-04-25 + + + + + + + + + CVE-2019-6292 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-01-15 00:29:00 UTC + https://github.com/jbeder/yaml-cpp/issues/657 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919430 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6292.html + + + + mdeslaur> same commit as CVE-2018-20573 + + + + + + + + + CVE-2019-6293 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-15 00:29:00 UTC + https://github.com/westes/flex/issues/414 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6293.html + + + + + + + + + + CVE-2019-6438 on Ubuntu 20.04 (focal) - medium. + SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. It was discovered that Slurm mishandles 23-bit systems.A local attacker could use this to gain administrative privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-31 09:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920997 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6438.html + https://www.schedmd.com/news.php?id=213 + https://lists.schedmd.com/pipermail/slurm-announce/2019/000018.html + https://github.com/SchedMD/slurm/commit/750cc23edcc6fddfff21d33bdaf4fb7deb28cfda + + + + + + + + + + CVE-2019-6439 on Ubuntu 20.04 (focal) - negligible. + examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6439.html + https://github.com/wolfSSL/wolfssl/issues/2032 + + + + mdeslaur> issue only in example code + + + + + + + + + CVE-2019-6446 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 05:29:00 UTC + https://github.com/numpy/numpy/issues/12759 + https://bugzilla.suse.com/show_bug.cgi?id=1122208 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6446.html + + + + mdeslaur> The following commit added an option that will allow disabling mdeslaur> the use of pickles in load and save operations: mdeslaur> https://github.com/numpy/numpy/commit/a2bd3a7eabfe053d6d16a2130fdcad9e5211f6bb mdeslaur> mdeslaur> That commit is included in xenial+ mdeslaur> mdeslaur> Marking this as low priority due to the limited reverse-depends mdeslaur> in main, and the fact that it may not be possible to switch the mdeslaur> default to false in stable releases without breaking use-cases. + + + + + + + + + CVE-2019-6455 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6455.html + https://github.com/TeamSeri0us/pocs/tree/master/recutils + + + + + + + + + + CVE-2019-6456 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6456.html + https://github.com/TeamSeri0us/pocs/tree/master/recutils + + + + + + + + + + CVE-2019-6457 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6457.html + https://github.com/TeamSeri0us/pocs/tree/master/recutils + + + + + + + + + + CVE-2019-6458 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6458.html + https://github.com/TeamSeri0us/pocs/tree/master/recutils + + + + + + + + + + CVE-2019-6459 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6459.html + https://github.com/TeamSeri0us/pocs/tree/master/recutils + + + + + + + + + + CVE-2019-6460 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6460.html + https://github.com/TeamSeri0us/pocs/tree/master/recutils + + + + + + + + + + CVE-2019-6461 on Ubuntu 20.04 (focal) - low. + An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 18:29:00 UTC + https://gitlab.freedesktop.org/cairo/cairo/issues/352 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6461.html + https://github.com/TeamSeri0us/pocs/tree/master/gerbv + + + + mdeslaur> as of 2020-11-26, no upstream fix + + + + + + + + + CVE-2019-6462 on Ubuntu 20.04 (focal) - low. + An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 18:29:00 UTC + https://gitlab.freedesktop.org/cairo/cairo/issues/353 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6462.html + https://github.com/TeamSeri0us/pocs/tree/master/gerbv + + + + mdeslaur> as of 2020-11-26, no upstream fix + + + + + + + + + CVE-2019-6472 on Ubuntu 20.04 (focal) - medium. + A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-08-28 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6472.html + + + + + + + + + + CVE-2019-6473 on Ubuntu 20.04 (focal) - medium. + An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-08-28 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6473.html + + + + + + + + + + CVE-2019-6474 on Ubuntu 20.04 (focal) - medium. + A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-16 18:15:00 UTC + 2019-08-28 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6474.html + + + + amurray> This only affects servers which are using memfile for lease storage. + + + + + + + + + CVE-2019-6502 on Ubuntu 20.04 (focal) - negligible. + sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-01-22 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6502.html + https://github.com/OpenSC/OpenSC/issues/1586 + + + + + + + + + + CVE-2019-6690 on Ubuntu 20.04 (focal) - medium. + python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + 2019-03-21 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6690.html + https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability + https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112 + https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112 + https://ubuntu.com/security/notices/USN-3964-1 + + + + + + + + + + CVE-2019-6777 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-24 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920375 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6777.html + https://github.com/ZoneMinder/zoneminder/issues/2436 + https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41 + + + + + + + + + + CVE-2019-6798 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted username. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-26 17:29:00 UTC + 2019-01-26 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6798.html + https://www.phpmyadmin.net/security/PMASA-2019-2/ + https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb78670590f7511399435 + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2019-6799 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls. It was discovered that phpMyAdmin would allow sensitive files to be leaked if certain configuration options were set. An attacker could use this vulnerability to access confidential information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-26 17:29:00 UTC + 2019-01-26 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6799.html + https://www.phpmyadmin.net/security/PMASA-2019-1/ + https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec + https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900 + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2019-6956 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. It was discovered that Freeware Advanced Audio Decoder 2 incorrectly handled certain mp4 files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-25 16:29:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6956.html + https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md + https://sourceforge.net/p/faac/bugs/240/ + https://security-tracker.debian.org/tracker/DLA-1899-1 + + + + + + + + + + CVE-2019-6976 on Ubuntu 20.04 (focal) - medium. + libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-26 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6976.html + https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a + https://github.com/libvips/libvips/releases/tag/v8.7.4 + + + + + + + + + + CVE-2019-6988 on Ubuntu 20.04 (focal) - low. + An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-28 16:29:00 UTC + https://github.com/uclouvain/openjpeg/issues/1178 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922648 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6988.html + + + + mdeslaur> no upstream fix available as of 2021-06-14 + + + + + + + + + CVE-2019-6991 on Ubuntu 20.04 (focal) - medium. + A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-28 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6991.html + https://github.com/ZoneMinder/zoneminder/issues/2478 + https://github.com/ZoneMinder/zoneminder/pull/2482 + + + + seth-arnold> the patch I saw looked like it introduced a memory leak + + + + + + + + + CVE-2019-6992 on Ubuntu 20.04 (focal) - medium. + A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-28 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6992.html + https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498 + https://github.com/ZoneMinder/zoneminder/issues/2445 + + + + + + + + + + CVE-2019-7147 on Ubuntu 20.04 (focal) - low. + A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-29 00:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392544 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7147.html + + + + mdeslaur> no fix as of 2019-04-25 + + + + + + + + + CVE-2019-7149 on Ubuntu 20.04 (focal) - low. + A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-29 00:29:00 UTC + 2019-01-28 + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=24102 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920910 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7149.html + https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html + https://ubuntu.com/security/notices/USN-4012-1 + + + + + + + + + + CVE-2019-7150 on Ubuntu 20.04 (focal) - low. + An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-29 00:29:00 UTC + 2019-01-28 + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=24103 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920909 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7150.html + https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html + https://ubuntu.com/security/notices/USN-4012-1 + + + + + + + + + + CVE-2019-7151 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-29 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920853 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7151.html + https://github.com/WebAssembly/binaryen/issues/1881 + https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b + https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e + + + + + + + + + + CVE-2019-7152 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-29 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920853 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7152.html + https://github.com/WebAssembly/binaryen/issues/1880 + https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b + https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e + + + + + + + + + + CVE-2019-7153 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-29 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920853 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7153.html + https://github.com/WebAssembly/binaryen/issues/1879 + https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b + https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e + + + + + + + + + + CVE-2019-7154 on Ubuntu 20.04 (focal) - medium. + The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-29 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920853 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7154.html + https://github.com/WebAssembly/binaryen/issues/1876 + https://github.com/WebAssembly/binaryen/commit/79a4fbc80d7ffce4cbcfd04315ce3a0efa88d7fa + + + + + + + + + + CVE-2019-7156 on Ubuntu 20.04 (focal) - low. + In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-29 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7156.html + https://github.com/uvoteam/libdoc/issues/5 + + + + + + + + + + CVE-2019-7164 on Ubuntu 20.04 (focal) - low. + SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-20 00:29:00 UTC + https://github.com/sqlalchemy/sqlalchemy/issues/4481 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922669 + https://github.com/sqlalchemy/sqlalchemy/issues/4538 (example regression) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7164.html + + + + mdeslaur> since 1.0, sqlalchemy issues a warning when text() is omitted mdeslaur> this fix for this issue turns the warning into an error mdeslaur> since this change may break existing applications, it may not mdeslaur> get fixed, marking priority as low + + + + + + + + + CVE-2019-7165 on Ubuntu 20.04 (focal) - medium. + A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-03 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931222 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7165.html + + + + + + + + + + CVE-2019-7233 on Ubuntu 20.04 (focal) - low. + In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-30 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7233.html + https://github.com/uvoteam/libdoc/issues/6 + + + + + + + + + + CVE-2019-7251 on Ubuntu 20.04 (focal) - medium. + An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-28 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923690 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7251.html + https://downloads.asterisk.org/pub/security/AST-2019-001.html + + + + + + + + + + CVE-2019-7282 on Ubuntu 20.04 (focal) - medium. + In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-31 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920486 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7282.html + https://bugs.debian.org/920486 + https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt + + + + + + + + + + CVE-2019-7283 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-31 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920486 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7283.html + https://bugs.debian.org/920486 + https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt + + + + + + + + + + CVE-2019-7285 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7285.html + https://webkitgtk.org/security/WSA-2019-0002.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-7292 on Ubuntu 20.04 (focal) - medium. + A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7292.html + https://webkitgtk.org/security/WSA-2019-0002.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-7313 on Ubuntu 20.04 (focal) - medium. + www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-03 08:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921271 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7313.html + https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code + https://github.com/buildbot/buildbot/pull/4584/files#diff-a2e7e3ee5f6a1d3cd9c6abf0328c21e0 + + + + + + + + + + CVE-2019-7314 on Ubuntu 20.04 (focal) - medium. + liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. It was discovered that liveMedia incorrectly handled certain RTSP streamings. An attacker could possiby use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7314.html + http://lists.live555.com/pipermail/live-devel/2019-February/021143.html + http://www.live555.com/liveMedia/public/changelog.txt + + + + + + + + + + CVE-2019-7317 on Ubuntu 20.04 (focal) - medium. + png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 08:29:00 UTC + 2019-02-04 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803 + https://github.com/glennrp/libpng/issues/275 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7317.html + https://ubuntu.com/security/notices/USN-3962-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-7317 + https://ubuntu.com/security/notices/USN-3991-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-7317 + https://ubuntu.com/security/notices/USN-3997-1 + https://ubuntu.com/security/notices/USN-4080-1 + https://ubuntu.com/security/notices/USN-4083-1 + + + + + + + + + + + + + + + + CVE-2019-7325 on Ubuntu 20.04 (focal) - medium. + Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7325.html + https://github.com/ZoneMinder/zoneminder/issues/2450 + + + + + + + + + + CVE-2019-7326 on Ubuntu 20.04 (focal) - medium. + Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7326.html + https://github.com/ZoneMinder/zoneminder/issues/2452 + + + + + + + + + + CVE-2019-7327 on Ubuntu 20.04 (focal) - medium. + Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7327.html + https://github.com/ZoneMinder/zoneminder/issues/2447 + + + + + + + + + + CVE-2019-7328 on Ubuntu 20.04 (focal) - medium. + Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7328.html + https://github.com/ZoneMinder/zoneminder/issues/2449 + + + + + + + + + + CVE-2019-7329 on Ubuntu 20.04 (focal) - medium. + Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7329.html + https://github.com/ZoneMinder/zoneminder/issues/2446 + + + + + + + + + + CVE-2019-7330 on Ubuntu 20.04 (focal) - medium. + Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7330.html + https://github.com/ZoneMinder/zoneminder/issues/2448 + + + + + + + + + + CVE-2019-7331 on Ubuntu 20.04 (focal) - medium. + Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7331.html + https://github.com/ZoneMinder/zoneminder/issues/2451 + + + + + + + + + + CVE-2019-7332 on Ubuntu 20.04 (focal) - medium. + Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7332.html + https://github.com/ZoneMinder/zoneminder/issues/2442 + + + + + + + + + + CVE-2019-7333 on Ubuntu 20.04 (focal) - medium. + Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7333.html + https://github.com/ZoneMinder/zoneminder/issues/2441 + + + + + + + + + + CVE-2019-7334 on Ubuntu 20.04 (focal) - medium. + Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7334.html + https://github.com/ZoneMinder/zoneminder/issues/2443 + + + + + + + + + + CVE-2019-7335 on Ubuntu 20.04 (focal) - medium. + Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7335.html + https://github.com/ZoneMinder/zoneminder/issues/2453 + + + + + + + + + + CVE-2019-7336 on Ubuntu 20.04 (focal) - medium. + Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7336.html + https://github.com/ZoneMinder/zoneminder/issues/2457 + + + + + + + + + + CVE-2019-7337 on Ubuntu 20.04 (focal) - medium. + Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7337.html + https://github.com/ZoneMinder/zoneminder/issues/2456 + + + + + + + + + + CVE-2019-7338 on Ubuntu 20.04 (focal) - medium. + Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7338.html + https://github.com/ZoneMinder/zoneminder/issues/2454 + + + + + + + + + + CVE-2019-7339 on Ubuntu 20.04 (focal) - medium. + POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7339.html + https://github.com/ZoneMinder/zoneminder/issues/2460 + + + + + + + + + + CVE-2019-7340 on Ubuntu 20.04 (focal) - medium. + POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7340.html + https://github.com/ZoneMinder/zoneminder/issues/2462 + + + + + + + + + + CVE-2019-7341 on Ubuntu 20.04 (focal) - medium. + Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7341.html + https://github.com/ZoneMinder/zoneminder/issues/2463 + + + + + + + + + + CVE-2019-7342 on Ubuntu 20.04 (focal) - medium. + POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7342.html + https://github.com/ZoneMinder/zoneminder/issues/2461 + + + + + + + + + + CVE-2019-7343 on Ubuntu 20.04 (focal) - medium. + Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7343.html + https://github.com/ZoneMinder/zoneminder/issues/2464 + + + + + + + + + + CVE-2019-7344 on Ubuntu 20.04 (focal) - medium. + Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7344.html + https://github.com/ZoneMinder/zoneminder/issues/2455 + + + + + + + + + + CVE-2019-7345 on Ubuntu 20.04 (focal) - low. + Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7345.html + https://github.com/ZoneMinder/zoneminder/issues/2468 + + + + + + + + + + CVE-2019-7346 on Ubuntu 20.04 (focal) - medium. + A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7346.html + https://github.com/ZoneMinder/zoneminder/issues/2469 + + + + + + + + + + CVE-2019-7347 on Ubuntu 20.04 (focal) - low. + A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7347.html + https://github.com/ZoneMinder/zoneminder/issues/2476 + + + + + + + + + + CVE-2019-7348 on Ubuntu 20.04 (focal) - medium. + Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7348.html + https://github.com/ZoneMinder/zoneminder/issues/2467 + + + + + + + + + + CVE-2019-7349 on Ubuntu 20.04 (focal) - medium. + Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7349.html + https://github.com/ZoneMinder/zoneminder/issues/2465 + + + + + + + + + + CVE-2019-7350 on Ubuntu 20.04 (focal) - medium. + Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7350.html + https://github.com/ZoneMinder/zoneminder/issues/2471 + + + + ebarretto> No fix available as of 2019-09-06. + + + + + + + + + CVE-2019-7351 on Ubuntu 20.04 (focal) - medium. + Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7351.html + https://github.com/ZoneMinder/zoneminder/issues/2466 + + + + ebarretto> No fix available as of 2019-09-06. + + + + + + + + + CVE-2019-7352 on Ubuntu 20.04 (focal) - medium. + Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7352.html + https://github.com/ZoneMinder/zoneminder/issues/2475 + + + + + + + + + + CVE-2019-7443 on Ubuntu 20.04 (focal) - medium. + KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-07 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921995 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7443.html + https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html + https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a + + + + + + + + + + CVE-2019-7548 on Ubuntu 20.04 (focal) - low. + SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-06 21:29:00 UTC + https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7548.html + https://github.com/no-security/sqlalchemy_test + + + + mdeslaur> since 1.0, sqlalchemy issues a warning when text() is omitted mdeslaur> this fix for this issue turns the warning into an error mdeslaur> since this change may break existing applications, it may not mdeslaur> get fixed, marking priority as low + + + + + + + + + CVE-2019-7572 on Ubuntu 20.04 (focal) - low. + SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. It was discovered that SDL (Simple DirectMedia Layer) did not properly handle certain crafted input, resulting in a heap-based buffer over-read. An attacker could use this to cause SDL to crash or leak sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-07 07:29:00 UTC + 2019-02-07 07:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4495 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7572.html + https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 + https://ubuntu.com/security/notices/USN-4156-1 + https://ubuntu.com/security/notices/USN-4156-2 + + + + + + + + + + + + + CVE-2019-7573 on Ubuntu 20.04 (focal) - low. + SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). It was discovered that SDL (Simple DirectMedia Layer) did not properly handle certain crafted input, resulting in a heap-based buffer over-read. An attacker could use this to cause SDL to crash or leak sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-07 07:29:00 UTC + 2019-02-07 07:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4491 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7573.html + https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 + https://ubuntu.com/security/notices/USN-4156-1 + https://ubuntu.com/security/notices/USN-4156-2 + + + + + + + + + + + + + CVE-2019-7574 on Ubuntu 20.04 (focal) - low. + SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. It was discovered that SDL (Simple DirectMedia Layer) did not properly handle certain crafted input, resulting in a heap-based buffer over-read. An attacker could use this to cause SDL to crash or leak sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-07 07:29:00 UTC + 2019-02-07 07:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4496 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7574.html + https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 + https://ubuntu.com/security/notices/USN-4156-1 + https://ubuntu.com/security/notices/USN-4156-2 + + + + + + + + + + + + + CVE-2019-7575 on Ubuntu 20.04 (focal) - low. + SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. It was discovered that SDL (Simple DirectMedia Layer) did not properly handle certain crafted input, resulting in a heap-based buffer overflow. An attacker could use this to cause SDL to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-07 07:29:00 UTC + 2019-02-07 07:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4493 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7575.html + https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 + https://ubuntu.com/security/notices/USN-4156-1 + https://ubuntu.com/security/notices/USN-4156-2 + + + + + + + + + + + + + CVE-2019-7576 on Ubuntu 20.04 (focal) - low. + SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). It was discovered that SDL (Simple DirectMedia Layer) did not properly handle certain crafted input, resulting in a heap-based buffer over-read. An attacker could use this to cause SDL to crash or leak sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-07 07:29:00 UTC + 2019-02-07 07:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4490 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7576.html + https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 + https://ubuntu.com/security/notices/USN-4156-1 + https://ubuntu.com/security/notices/USN-4156-2 + + + + mdeslaur> same fix as CVE-2019-7573 + + + + + + + + + + + + CVE-2019-7577 on Ubuntu 20.04 (focal) - low. + SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. It was discovered that SDL (Simple DirectMedia Layer) did not properly handle certain crafted input, resulting in a heap-based buffer over-read. An attacker could use this to cause SDL to crash or leak sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-07 07:29:00 UTC + 2019-02-07 07:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4492 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7577.html + https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 + https://ubuntu.com/security/notices/USN-4156-1 + https://ubuntu.com/security/notices/USN-4156-2 + + + + + + + + + + + + + CVE-2019-7578 on Ubuntu 20.04 (focal) - low. + SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. It was discovered that SDL (Simple DirectMedia Layer) did not properly handle certain crafted input, resulting in a heap-based buffer over-read. An attacker could use this to cause SDL to crash or leak sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-07 07:29:00 UTC + 2019-02-07 07:29:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=4494 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7578.html + https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 + https://ubuntu.com/security/notices/USN-4156-1 + https://ubuntu.com/security/notices/USN-4156-2 + + + + + + + + + + + + + CVE-2019-7629 on Ubuntu 20.04 (focal) - medium. + Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-18 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7629.html + https://tintin.sourceforge.io/forum/viewtopic.php?f=1&t=2584&sid=31b77bb001faea9269bf224280960e29#p10505 + https://tintin.sourceforge.io/news.php + https://trustfoundry.net/cve-2019-7629-rce-in-an-open-source-mud-client/ + + + + + + + + + + CVE-2019-7635 on Ubuntu 20.04 (focal) - medium. + SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. USN-4143-1 addressed serveral vulnerabilities in SDL 2.0. This update provides the corresponding fixes for Ubuntu 14.04 ESM. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-08 11:29:00 UTC + 2019-02-08 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924609 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924610 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932754 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932755 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7635.html + https://bugzilla.libsdl.org/show_bug.cgi?id=4498 + https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 + https://ubuntu.com/security/notices/USN-4143-1 + https://ubuntu.com/security/notices/USN-4156-1 + https://ubuntu.com/security/notices/USN-4156-2 + https://ubuntu.com/security/notices/USN-4238-1 + + + + + + + + + + + + + + + CVE-2019-7653 on Ubuntu 20.04 (focal) - medium. + The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-09 03:29:00 UTC + 2019-02-09 03:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921751 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7653.html + https://bugs.debian.org/921751 + https://ubuntu.com/security/notices/USN-4535-1 + + + + mdeslaur> python-rdflib-tools binary package is in universe + + + + + + + + + CVE-2019-7659 on Ubuntu 20.04 (focal) - medium. + Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-09 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7659.html + https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_applications_built_with_the_WITH_COOKIES_flag_enabled_ + https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_applications_built_with_the_WITH_COOKIES_flag_enabled_(Jan_14,_2019) + + + + + + + + + + CVE-2019-7663 on Ubuntu 20.04 (focal) - medium. + An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-09 16:29:00 UTC + 2019-02-09 + http://bugzilla.maptools.org/show_bug.cgi?id=2833 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7663.html + https://ubuntu.com/security/notices/USN-3906-1 + https://ubuntu.com/security/notices/USN-3906-2 + + + + msalvatore> gdal in bionic and later uses system libtiff mdeslaur> same fixes as CVE-2018-17000 and CVE-2018-12900 ebarretto> marking openjpeg2 as not affected as it uses system libtiff + + + + + + + + + + + + + + CVE-2019-7664 on Ubuntu 20.04 (focal) - low. + In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-09 16:29:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921881 + https://sourceware.org/bugzilla/show_bug.cgi?id=24084 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7664.html + + + + + + + + + + CVE-2019-7665 on Ubuntu 20.04 (focal) - low. + In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-09 16:29:00 UTC + 2019-02-09 + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=24089 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921880 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7665.html + https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html + https://ubuntu.com/security/notices/USN-4012-1 + + + + + + + + + + CVE-2019-7700 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-10 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7700.html + https://github.com/WebAssembly/binaryen/issues/1864 + + + + + + + + + + CVE-2019-7733 on Ubuntu 20.04 (focal) - medium. + In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-11 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7733.html + https://github.com/rgaufman/live555/issues/21 + + + + + + + + + + CVE-2019-8287 on Ubuntu 20.04 (focal) - medium. + TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. It was discovered that TightVNC contains global buffer overflow vulnerability. A attacker could use it to provoke a Denial of Service or even a remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8287.html + https://www.openwall.com/lists/oss-security/2018/12/10/5 + + + + + + + + + + CVE-2019-8320 on Ubuntu 20.04 (focal) - medium. + A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-06 15:29:00 UTC + 2019-03-27 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8320.html + https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5) + https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3) + https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ + https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html + https://ubuntu.com/security/notices/USN-3945-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2019-8321 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible. It was discovered that Gem::UserInteraction#verbose failed to escape certain characters. An attacker could use this vulnerability inject escape sequences into a victim's terminal. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-17 20:15:00 UTC + 2019-03-27 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8321.html + https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5) + https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3) + https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ + https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html + https://ubuntu.com/security/notices/USN-3945-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2019-8322 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. It was discovered that the `gem owner`a command failed to sanitize the contents of the API response. An attacker could use this vulnerability inject escape sequences into a victim's terminal. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-17 20:15:00 UTC + 2019-03-27 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8322.html + https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5) + https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3) + https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ + https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html + https://ubuntu.com/security/notices/USN-3945-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2019-8323 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur. It was discovered that Gem::GemcutterUtilities#with_response failed to escape certain characters. An attacker could use this vulnerability inject escape sequences into a victim's terminal. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-17 20:15:00 UTC + 2019-03-27 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8323.html + https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5) + https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3) + https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ + https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html + https://ubuntu.com/security/notices/USN-3945-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2019-8324 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. It was discovered that RubyGems as embedded in JRuby did not properly handle multi-line gem names. If a user were tricked into installing a malicious gem, an attacker could execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-17 19:15:00 UTC + 2019-03-27 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8324.html + https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5) + https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3) + https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ + https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html + https://ubuntu.com/security/notices/USN-3945-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2019-8325 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.) It was discovered that Gem::CommandMangert#run failed to escape certain characters. An attacker could use this vulnerability inject escape sequences into a victim's terminal. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-17 19:15:00 UTC + 2019-03-27 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8325.html + https://bugs.ruby-lang.org/attachments/7669 (for 2.4.5) + https://bugs.ruby-lang.org/attachments/7670 (for 2.5.3) + https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ + https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html + https://ubuntu.com/security/notices/USN-3945-1 + + + + tyhicks> ruby{1.9.1,2.0,2.3} and jruby ship an embedded rubygems. + + + + + + + + + CVE-2019-8331 on Ubuntu 20.04 (focal) - medium. + In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-20 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8331.html + https://github.com/twbs/bootstrap/pull/28236 + https://github.com/twbs/bootstrap/releases/tag/v4.3.1 + + + + + + + + + + + + + CVE-2019-8337 on Ubuntu 20.04 (focal) - medium. + In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-13 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922345 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8337.html + https://marlam.de/msmtp/news/ + + + + + + + + + + + + + CVE-2019-8339 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-17 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8339.html + https://falco.org/docs/event-sources/dropped-events/ + https://github.com/falcosecurity/falco/pull/561 + https://sysdig.com/blog/cve-2019-8339-falco-vulnerability/ + https://www.twistlock.com/labs-blog/falco-vulnerability-cve-2019-8339/ + + + + + + + + + + CVE-2019-8343 on Ubuntu 20.04 (focal) - low. + In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-15 07:29:00 UTC + https://bugzilla.nasm.us/show_bug.cgi?id=3392556 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922433 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8343.html + + + + mdeslaur> no fix as of 2019-04-25 + + + + + + + + + CVE-2019-8354 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-15 23:29:00 UTC + 2019-02-15 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8354.html + https://sourceforge.net/p/sox/bugs/319 + https://ubuntu.com/security/notices/USN-4079-1 + https://ubuntu.com/security/notices/USN-4079-2 + + + + + + + + + + CVE-2019-8355 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-15 23:29:00 UTC + 2019-02-15 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8355.html + https://sourceforge.net/p/sox/bugs/320 + https://ubuntu.com/security/notices/USN-4079-1 + https://ubuntu.com/security/notices/USN-4079-2 + + + + + + + + + + CVE-2019-8356 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-15 23:29:00 UTC + 2019-02-15 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8356.html + https://sourceforge.net/p/sox/bugs/321 + https://ubuntu.com/security/notices/USN-4079-1 + https://ubuntu.com/security/notices/USN-4079-2 + + + + + + + + + + CVE-2019-8357 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-15 23:29:00 UTC + 2019-02-15 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8357.html + https://sourceforge.net/p/sox/bugs/318 + https://ubuntu.com/security/notices/USN-4079-1 + https://ubuntu.com/security/notices/USN-4079-2 + + + + + + + + + + CVE-2019-8375 on Ubuntu 20.04 (focal) - medium. + The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-24 13:29:00 UTC + 2019-02-24 + https://bugs.webkit.org/show_bug.cgi?id=184875 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8375.html + https://trac.webkit.org/changeset/241515/webkit + https://www.inputzero.io/2019/02/fuzzing-webkit.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 mdeslaur> not included in 2.22.7 + + + + + + + + + + + + CVE-2019-8376 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-17 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8376.html + https://github.com/appneta/tcpreplay/issues/537 + https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_layer4_v6-tcpreplay-4-3-1/ + + + + + + + + + + CVE-2019-8377 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-17 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8377.html + https://github.com/appneta/tcpreplay/issues/536 + https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-get_ipv6_l4proto-tcpreplay-4-3-1/ + + + + + + + + + + CVE-2019-8379 on Ubuntu 20.04 (focal) - low. + An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-17 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928729 + https://sourceforge.net/p/advancemame/bugs/271/ + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8379.html + + + + + + + + + + CVE-2019-8381 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-17 02:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8381.html + https://github.com/appneta/tcpreplay/issues/538 + https://research.loginsoft.com/bugs/invalid-memory-access-vulnerability-in-function-do_checksum-tcpreplay-4-3-1/ + + + + + + + + + + CVE-2019-8383 on Ubuntu 20.04 (focal) - low. + An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-17 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928730 + https://sourceforge.net/p/advancemame/bugs/272/ + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8383.html + + + + mdeslaur> same commit as CVE-2019-8379 + + + + + + + + + CVE-2019-8396 on Ubuntu 20.04 (focal) - medium. + A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-17 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8396.html + https://github.com/magicSwordsMan/PAAFS/tree/master/vul4 + + + + + + + + + + CVE-2019-8397 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-17 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8397.html + https://github.com/magicSwordsMan/PAAFS/tree/master/vul5 + + + + + + + + + + CVE-2019-8398 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-17 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8398.html + https://github.com/magicSwordsMan/PAAFS/tree/master/vul6 + + + + + + + + + + CVE-2019-8423 on Ubuntu 20.04 (focal) - medium. + ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-18 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8423.html + https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewseventsphp-line-44-sql-injection + https://www.seebug.org/vuldb/ssvid-97761 + https://github.com/ZoneMinder/zoneminder/issues/2399 + https://github.com/ZoneMinder/zoneminder/pull/2434 + + + + + + + + + + CVE-2019-8424 on Ubuntu 20.04 (focal) - medium. + ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-18 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8424.html + https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection + https://www.seebug.org/vuldb/ssvid-97763 + https://github.com/ZoneMinder/zoneminder/issues/2399 + https://github.com/ZoneMinder/zoneminder/pull/2421 + + + + + + + + + + CVE-2019-8425 on Ubuntu 20.04 (focal) - medium. + includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-18 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8425.html + https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#sql-query-error-reflected-xss + https://www.seebug.org/vuldb/ssvid-97764 + https://github.com/ZoneMinder/zoneminder/issues/2399 + + + + + + + + + + CVE-2019-8426 on Ubuntu 20.04 (focal) - medium. + skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-18 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8426.html + https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolcapphp-reflected-xss + https://www.seebug.org/vuldb/ssvid-97766 + https://github.com/ZoneMinder/zoneminder/issues/2399 + https://github.com/ZoneMinder/zoneminder/pull/2423 + + + + + + + + + + CVE-2019-8427 on Ubuntu 20.04 (focal) - medium. + daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-18 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8427.html + https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#includesfunctionsphp-daemoncontrol-command-injection + https://github.com/ZoneMinder/zoneminder/issues/2399 + + + + + + + + + + CVE-2019-8428 on Ubuntu 20.04 (focal) - medium. + ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-18 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8428.html + https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#skinsclassicviewscontrolphp-line-35-second-order-sqli + https://www.seebug.org/vuldb/ssvid-97765 + https://github.com/ZoneMinder/zoneminder/issues/2399 + https://github.com/ZoneMinder/zoneminder/pull/2422 + + + + + + + + + + CVE-2019-8429 on Ubuntu 20.04 (focal) - medium. + ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-18 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922724 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8429.html + https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-393-sql-injection + https://www.seebug.org/vuldb/ssvid-97762 + https://github.com/ZoneMinder/zoneminder/issues/2399 + https://github.com/ZoneMinder/zoneminder/issues/2399 + + + + + + + + + + CVE-2019-8457 on Ubuntu 20.04 (focal) - medium. + SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-30 16:29:00 UTC + 2019-05-31 + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929775 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8457.html + https://www.sqlite.org/src/info/90acdbfce9c08858 + https://ubuntu.com/security/notices/USN-4004-1 + https://ubuntu.com/security/notices/USN-4004-2 + https://ubuntu.com/security/notices/USN-4019-1 + https://ubuntu.com/security/notices/USN-4019-2 + + + + leosilva> db5.3 has a sqlite into /lang/sql/sqlite + + + + + + + + + + + + + + CVE-2019-8503 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8503.html + https://webkitgtk.org/security/WSA-2019-0002.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8506 on Ubuntu 20.04 (focal) - medium. + A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8506.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8515 on Ubuntu 20.04 (focal) - medium. + A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8515.html + https://webkitgtk.org/security/WSA-2019-0002.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8518 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8518.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8523 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8523.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8524 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8524.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8535 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8535.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8536 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8536.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8544 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8544.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8551 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8551.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8558 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8558.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8559 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8559.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8563 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-04-11 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8563.html + https://webkitgtk.org/security/WSA-2019-0002.html + https://ubuntu.com/security/notices/USN-3948-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8571 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8571.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8583 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8583.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8584 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + G. Geshev + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8584.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8586 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8586.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8587 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + G. Geshev + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8587.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8594 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + Suyoung Lee, Sooel Son, HyungSeok Han and Sang Kil Cha + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8594.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8595 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-05-17 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8595.html + https://ubuntu.com/security/notices/USN-3992-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8596 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + Wen Xu + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8596.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8597 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8597.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8601 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8601.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8607 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-05-17 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8607.html + https://ubuntu.com/security/notices/USN-3992-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8608 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + G. Geshev + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8608.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8609 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + Wen Xu + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8609.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8610 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8610.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8611 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + Samuel Groß + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8611.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8615 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-05-17 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8615.html + https://ubuntu.com/security/notices/USN-3992-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8619 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + Wen Xu of SSLab and Hanqing Zhao + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8619.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8622 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + Samuel Groß + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8622.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8623 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + Samuel Groß + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8623.html + https://webkitgtk.org/security/WSA-2019-0003.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8625 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-11-01 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8625.html + https://webkitgtk.org/security/WSA-2019-0005.html + https://ubuntu.com/security/notices/USN-4178-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8644 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8644.html + https://webkitgtk.org/security/WSA-2019-0004.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8649 on Ubuntu 20.04 (focal) - medium. + A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8649.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8658 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8658.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8666 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8666.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8669 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8669.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8671 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8671.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8672 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8672.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8673 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8673.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8674 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8674.html + https://webkitgtk.org/security/WSA-2019-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8676 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8676.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8677 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8677.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8678 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8678.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8679 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8679.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8680 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8680.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8681 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8681.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8683 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8683.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8684 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8684.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8686 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8686.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8687 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8687.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8688 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8688.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8689 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8689.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8690 on Ubuntu 20.04 (focal) - medium. + A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8690.html + https://ubuntu.com/security/notices/USN-4130-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8707 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8707.html + https://webkitgtk.org/security/WSA-2019-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8710 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8710.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8719 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8719.html + https://webkitgtk.org/security/WSA-2019-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8720 on Ubuntu 20.04 (focal) - medium. + + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-01 + 2019-11-01 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8720.html + https://webkitgtk.org/security/WSA-2019-0005.html + https://ubuntu.com/security/notices/USN-4178-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8726 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8726.html + https://webkitgtk.org/security/WSA-2019-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8733 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8733.html + https://webkitgtk.org/security/WSA-2019-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8735 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8735.html + https://webkitgtk.org/security/WSA-2019-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8743 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8743.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8763 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8763.html + https://webkitgtk.org/security/WSA-2019-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8764 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8764.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8765 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8765.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8766 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8766.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8768 on Ubuntu 20.04 (focal) - medium. + "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8768.html + https://webkitgtk.org/security/WSA-2019-0005.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8769 on Ubuntu 20.04 (focal) - medium. + An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-11-01 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8769.html + https://webkitgtk.org/security/WSA-2019-0005.html + https://ubuntu.com/security/notices/USN-4178-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8771 on Ubuntu 20.04 (focal) - medium. + This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-27 20:15:00 UTC + 2019-11-01 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8771.html + https://webkitgtk.org/security/WSA-2019-0005.html + https://ubuntu.com/security/notices/USN-4178-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8782 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8782.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8783 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8783.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8808 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8808.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8811 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8811.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8812 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-11-08 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8812.html + https://webkitgtk.org/security/WSA-2019-0006.html + https://ubuntu.com/security/notices/USN-4181-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8813 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8813.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8814 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + 2019-11-08 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8814.html + https://webkitgtk.org/security/WSA-2019-0006.html + https://ubuntu.com/security/notices/USN-4181-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8815 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8815.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8816 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8816.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8819 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8819.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8820 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8820.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8821 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8821.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8822 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8822.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8823 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8823.html + https://webkitgtk.org/security/WSA-2019-0006.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8835 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-27 20:15:00 UTC + 2020-01-28 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8835.html + https://webkitgtk.org/security/WSA-2020-0001.html + https://ubuntu.com/security/notices/USN-4261-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8842 on Ubuntu 20.04 (focal) - low. + A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-27 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8842.html + + + + + + + + + + CVE-2019-8844 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-27 20:15:00 UTC + 2020-01-28 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8844.html + https://webkitgtk.org/security/WSA-2020-0001.html + https://ubuntu.com/security/notices/USN-4261-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8846 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-27 21:15:00 UTC + 2020-01-28 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8846.html + https://webkitgtk.org/security/WSA-2020-0001.html + https://ubuntu.com/security/notices/USN-4261-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2019-8936 on Ubuntu 20.04 (focal) - medium. + NTP through 4.2.8p12 has a NULL Pointer Dereference. It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service (crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-15 16:29:00 UTC + 2019-05-15 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924228 + https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1891953 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8936.html + http://bugs.ntp.org/show_bug.cgi?id=3565 + http://bk.ntp.org/ntp-stable/ntpd/ntp_control.c?PAGE=diffs&REV=5c8106e7wWtXdh0lzg1ytlWribBTcQ + https://ubuntu.com/security/notices/USN-4563-1 + https://ubuntu.com/security/notices/USN-4563-2 + + + + leosilva> issue was introduced with the fix from CVE-2018-7182 + + + + + + + + + CVE-2019-8937 on Ubuntu 20.04 (focal) - medium. + HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-17 15:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929136 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8937.html + https://www.exploit-db.com/exploits/46429/ + http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html + https://sourceforge.net/projects/hoteldruid/ + + + + + + + + + + CVE-2019-8942 on Ubuntu 20.04 (focal) - medium. + WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-20 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8942.html + https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ + + + + + + + + + + CVE-2019-8943 on Ubuntu 20.04 (focal) - medium. + WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-20 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8943.html + https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ + + + + + + + + + + CVE-2019-8955 on Ubuntu 20.04 (focal) - medium. + In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-21 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8955.html + https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312 + https://trac.torproject.org/projects/tor/ticket/29168 + + + + + + + + + + CVE-2019-9026 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9026.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9027 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9027.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9028 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9028.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9029 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9029.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9030 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9030.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9031 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9031.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9032 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV in the function Mat_VarFree() in mat.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9032.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9033 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9033.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9034 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9034.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9035 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9035.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9036 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9036.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9037 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9037.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9038 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-23 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9038.html + https://github.com/tbeu/matio/issues/103 + https://github.com/TeamSeri0us/pocs/tree/master/matio + + + + + + + + + + CVE-2019-9070 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-24 00:29:00 UTC + 2019-02-24 00:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 + https://sourceware.org/bugzilla/show_bug.cgi?id=24229 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9070.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + sbeattie> upstream notes this issue is in libiberty sbeattie> same fix as CVE-2019-9071 + + + + + + + + + CVE-2019-9071 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-24 00:29:00 UTC + 2019-02-24 00:29:00 UTC + https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394 + https://sourceware.org/bugzilla/show_bug.cgi?id=24227 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9071.html + https://ubuntu.com/security/notices/USN-4326-1 + https://ubuntu.com/security/notices/USN-4336-1 + + + + sbeattie> upstream notes this issue is in libiberty sbeattie> same fix as CVE-2019-9070 + + + + + + + + + CVE-2019-9073 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-24 00:29:00 UTC + 2019-02-24 00:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24233 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9073.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2019-9074 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-24 00:29:00 UTC + 2019-02-24 00:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24235 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9074.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2019-9075 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-24 00:29:00 UTC + 2019-02-24 00:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24236 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9075.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2019-9077 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-24 00:29:00 UTC + 2019-02-24 00:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24243 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9077.html + https://ubuntu.com/security/notices/USN-4336-1 + + + + + + + + + + CVE-2019-9084 on Ubuntu 20.04 (focal) - medium. + In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-07 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9084.html + + + + + + + + + + CVE-2019-9085 on Ubuntu 20.04 (focal) - medium. + Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-24 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9085.html + + + + + + + + + + CVE-2019-9086 on Ubuntu 20.04 (focal) - medium. + HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-07 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9086.html + + + + + + + + + + CVE-2019-9087 on Ubuntu 20.04 (focal) - medium. + HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-07 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9087.html + + + + + + + + + + CVE-2019-9151 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-25 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9151.html + https://github.com/magicSwordsMan/PAAFS/tree/master/vul7 + + + + + + + + + + CVE-2019-9152 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-25 19:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9152.html + https://github.com/magicSwordsMan/PAAFS/tree/master/vul8 + + + + + + + + + + CVE-2019-9187 on Ubuntu 20.04 (focal) - low. + ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-05 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9187.html + https://ikiwiki.info/security/#cve-2019-9187 + https://www.openwall.com/lists/oss-security/2019/02/28/1 + http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=e7b0d4a + http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=67543ce + http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=d283e4c + http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2 + + + + + + + + + + CVE-2019-9199 on Ubuntu 20.04 (focal) - medium. + PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-26 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9199.html + https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/ + https://sourceforge.net/p/podofo/tickets/40/ + + + + + + + + + + CVE-2019-9208 on Ubuntu 20.04 (focal) - medium. + In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 04:29:00 UTC + 2019-02-27 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923611 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9208.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2 + https://www.wireshark.org/security/wnpa-sec-2019-07.html + https://ubuntu.com/security/notices/USN-3986-1 + + + + + + + + + + CVE-2019-9209 on Ubuntu 20.04 (focal) - medium. + In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 04:29:00 UTC + 2019-02-27 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923611 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9209.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b + https://www.wireshark.org/security/wnpa-sec-2019-06.html + https://ubuntu.com/security/notices/USN-3986-1 + + + + + + + + + + CVE-2019-9214 on Ubuntu 20.04 (focal) - medium. + In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 04:29:00 UTC + 2019-02-27 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923611 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9214.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15536 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c557bb0910be271e49563756411a690a1bc53ce5 + https://www.wireshark.org/security/wnpa-sec-2019-08.html + https://ubuntu.com/security/notices/USN-3986-1 + + + + + + + + + + CVE-2019-9215 on Ubuntu 20.04 (focal) - medium. + In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. It was discovered that liveMedia incorrectly handled certain requests. An attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-28 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9215.html + http://www.live555.com/liveMedia/public/changelog.txt + + + + + + + + + + CVE-2019-9233 on Ubuntu 20.04 (focal) - low. + In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122529021 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9233.html + https://source.android.com/security/bulletin/android-10 + + + + mdeslaur> This CVE was assigned to Android, impact on Ubuntu is unknown mdeslaur> introduced by https://w1.fi/cgit/hostap/commit/?id=bb598c3bdd06 + + + + + + + + + CVE-2019-9234 on Ubuntu 20.04 (focal) - low. + In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122465453 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9234.html + https://source.android.com/security/bulletin/android-10 + + + + mdeslaur> This CVE was assigned to Android, impact on Ubuntu is unknown mdeslaur> No equivalent fix in upstream wpa source as of 2021-04-07 + + + + + + + + + CVE-2019-9243 on Ubuntu 20.04 (focal) - low. + In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120905706 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9243.html + https://source.android.com/security/bulletin/android-10 + + + + mdeslaur> This CVE was assigned to Android, impact on Ubuntu is unknown mdeslaur> No equivalent fix in upstream wpa source as of 2021-04-07 + + + + + + + + + CVE-2019-9423 on Ubuntu 20.04 (focal) - medium. + In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9423.html + https://source.android.com/security/bulletin/android-10 + https://www.openwall.com/lists/oss-security/2019/11/07/1 + + + + mdeslaur> no details as of 2020-03-09 + + + + + + + + + CVE-2019-9511 on Ubuntu 20.04 (focal) - medium. + Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-13 21:15:00 UTC + 2019-08-13 + mdeslaur + Jonathan Looney of Netflix + 2019-08-13 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9511.html + https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + https://ubuntu.com/security/notices/USN-4099-1 + + + + sbeattie> nginx added http2 support in 1.9.5 sbeattie> nghttp2: nghttpd and nghttp are affected, libnghttp2 is not mdeslaur> nghttp2-server is in universe + + + + + + + + + + + + + CVE-2019-9512 on Ubuntu 20.04 (focal) - medium. + Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-13 21:15:00 UTC + 2019-08-13 + Jonathan Looney of Netflix + 2019-08-13 + https://github.com/golang/go/issues/33606 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9512.html + https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + https://netty.io/news/2019/08/13/4-1-39-Final.html + http://blog.kazuhooku.com/2019/08/h2o-version-226-230-beta2-released.html + https://github.com/netty/netty/pull/9460 + https://labs.twistedmatrix.com/2019/11/twisted-19100-released.html + https://ubuntu.com/security/notices/USN-4308-1 + + + + sbeattie> nginx added http2 support in 1.9.5 sbeattie> nginx previously fixed issue for CVE-2018-16844 sbeattie> netty added http2 support in 4.1.0 sbeattie> nghttp2: nghttpd and nghttp are affected, libnghttp2 is not sbeattie> twisted added http2 support in 16.3 sbeattie> trafficserver enabled http2 support by default in 7.0 mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + + + CVE-2019-9513 on Ubuntu 20.04 (focal) - medium. + Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-13 21:15:00 UTC + 2019-08-13 + mdeslaur + Jonathan Looney of Netflix + 2019-08-13 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9513.html + https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + https://ubuntu.com/security/notices/USN-4099-1 + + + + sbeattie> nginx added http2 support in 1.9.5 sbeattie> nghttp2: nghttpd and nghttp are affected, libnghttp2 is not mdeslaur> nghttp2-server is in universe + + + + + + + + + + + + + CVE-2019-9514 on Ubuntu 20.04 (focal) - medium. + Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-13 21:15:00 UTC + 2019-08-13 + Jonathan Looney of Netflix + 2019-08-13 + https://github.com/golang/go/issues/33606 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9514.html + https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + https://netty.io/news/2019/08/13/4-1-39-Final.html + http://blog.kazuhooku.com/2019/08/h2o-version-226-230-beta2-released.html + https://github.com/netty/netty/pull/9460 + https://labs.twistedmatrix.com/2019/11/twisted-19100-released.html + https://ubuntu.com/security/notices/USN-4308-1 + + + + sbeattie> nginx added http2 support in 1.9.5 sbeattie> nginx previously fixed issue for CVE-2018-16844 sbeattie> netty added http2 support in 4.1.0 sbeattie> twisted added http2 support in 16.3 sbeattie> trafficserver enabled http2 support by default in 7.0 mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + + + + + + CVE-2019-9515 on Ubuntu 20.04 (focal) - medium. + Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-13 21:15:00 UTC + 2019-08-13 + Jonathan Looney of Netflix + 2019-08-13 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9515.html + https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + https://netty.io/news/2019/08/13/4-1-39-Final.html + http://blog.kazuhooku.com/2019/08/h2o-version-226-230-beta2-released.html + https://github.com/netty/netty/pull/9460 + https://labs.twistedmatrix.com/2019/11/twisted-19100-released.html + https://ubuntu.com/security/notices/USN-4308-1 + + + + sbeattie> nginx added http2 support in 1.9.5 sbeattie> nginx previously fixed issue for CVE-2018-16844 sbeattie> netty added http2 support in 4.1.0 sbeattie> twisted added http2 support in 16.3 sbeattie> trafficserver enabled http2 support by default in 7.0 + + + + + + + + + + + + + + + + CVE-2019-9518 on Ubuntu 20.04 (focal) - medium. + Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-13 21:15:00 UTC + Piotr Sikora of Google + 2019-08-13 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9518.html + https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + https://netty.io/news/2019/08/13/4-1-39-Final.html + https://github.com/netty/netty/pull/9461 + + + + + + + + + + + + + CVE-2019-9543 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-03-01 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923553 + https://gitlab.freedesktop.org/poppler/poppler/issues/730 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9543.html + https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/ + + + + mdeslaur> as of 2020-11-24, not fixed upstream + + + + + + + + + CVE-2019-9545 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-03-01 19:29:00 UTC + https://gitlab.freedesktop.org/poppler/poppler/issues/731 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923552 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9545.html + https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/ + + + + mdeslaur> as of 2020-11-24, not fixed upstream + + + + + + + + + CVE-2019-9578 on Ubuntu 20.04 (focal) - low. + In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-05 23:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9578.html + https://developers.yubico.com/libu2f-host/Release_Notes.html + https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5 + + + + + + + + + + CVE-2019-9587 on Ubuntu 20.04 (focal) - negligible. + There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-03-06 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9587.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263 + https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/ + + + + jdstrand> xpdf in koffice is 2.0 amurray> according to upstream this and CVE-2019-9588 might be one and the same issue mdeslaur> can't reproduce with poppler, no indication it is affected mdeslaur> as of 2019-07-23, xpdf commit not available. ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + + + + CVE-2019-9588 on Ubuntu 20.04 (focal) - low. + There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-06 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9588.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41261 + https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/ + + + + jdstrand> xpdf in koffice is 2.0 amurray> according to upstream this and CVE-2019-9587 might be one and the same issue mdeslaur> can't reproduce with poppler, no indication it is affected mdeslaur> as of 2019-07-23, xpdf commit not available. ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + + + + CVE-2019-9589 on Ubuntu 20.04 (focal) - low. + There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-06 08:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9589.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41262 + https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/ + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler, no indication it is affected mdeslaur> code is different in texlive-bin, doesn't look vulnerable ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + + + + CVE-2019-9636 on Ubuntu 20.04 (focal) - medium. + Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-08 21:29:00 UTC + 2019-03-08 + mdeslaur + Jonathan Birch and Panayiotis Panayiotou + https://bugs.python.org/issue36216 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9636.html + https://github.com/python/cpython/pull/12201 + https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html + https://ubuntu.com/security/notices/USN-4127-1 + https://ubuntu.com/security/notices/USN-4127-2 + + + + + + + + + + CVE-2019-9644 on Ubuntu 20.04 (focal) - medium. + An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-12 09:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924515 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9644.html + https://github.com/jupyter/notebook/commit/cfc335b76466ccf1538ce545b654b29b5ab0097c + https://github.com/jupyter/notebook/commit/b5105814fc41c6d789b317fa59f786bad7f9d798 + https://github.com/jupyter/notebook/commit/bfaa61385729ed4fb453863053f9a79141f01119 + https://github.com/jupyter/notebook/compare/f3f00df...05aa4b2 + + + + + + + + + + CVE-2019-9656 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-03-11 05:29:00 UTC + 2019-03-11 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924350 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9656.html + https://github.com/libofx/libofx/issues/22 + https://github.com/TeamSeri0us/pocs/tree/master/libofx + https://ubuntu.com/security/notices/USN-4523-1 + + + + + + + + + + CVE-2019-9658 on Ubuntu 20.04 (focal) - medium. + Checkstyle before 8.18 loads external DTDs by default. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-11 05:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924598 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9658.html + https://github.com/checkstyle/checkstyle/issues/6474 + https://github.com/checkstyle/checkstyle/issues/6478 + https://github.com/checkstyle/checkstyle/pull/6476 + https://checkstyle.org/releasenotes.html#Release_8.18 + + + + + + + + + + CVE-2019-9674 on Ubuntu 20.04 (focal) - low. + Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-04 15:15:00 UTC + 2020-02-04 15:15:00 UTC + leosilva + https://bugs.python.org/issue36260 + https://bugs.python.org/issue36462 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9674.html + https://github.com/python/cpython/blob/master/Lib/zipfile.py + https://python-security.readthedocs.io/security.html#archives-and-zip-bomb + https://www.python.org/news/security/ + https://ubuntu.com/security/notices/USN-4428-1 + https://ubuntu.com/security/notices/USN-4754-3 + + + + + + + + + + CVE-2019-9687 on Ubuntu 20.04 (focal) - medium. + PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-11 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924430 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9687.html + https://sourceforge.net/p/podofo/code/1969 + + + + + + + + + + CVE-2019-9689 on Ubuntu 20.04 (focal) - medium. + process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953326 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9689.html + http://axtls.sourceforge.net + http://packetstormsecurity.com/files/155500/axTLS-2.1.5-Denial-Of-Service.html + https://seclists.org/bugtraq/2019/Nov/44 + https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842 + https://www.telekom.com/resource/blob/586428/51ae062269fbcb068bd20379f87f1398/dl-191121-critical-remote-denial-of-service-vulnerability-ii--data.pdf + + + + + + + + + + CVE-2019-9704 on Ubuntu 20.04 (focal) - low. + Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-12 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9704.html + https://salsa.debian.org/debian/cron/commit/f2525567 + + + + + + + + + + CVE-2019-9705 on Ubuntu 20.04 (focal) - low. + Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-12 01:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9705.html + https://salsa.debian.org/debian/cron/commit/26814a26 + + + + + + + + + + CVE-2019-9706 on Ubuntu 20.04 (focal) - low. + Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-12 01:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9706.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 + https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html + https://salsa.debian.org/debian/cron/commit/40791b93 + + + + + + + + + + CVE-2019-9717 on Ubuntu 20.04 (focal) - medium. + In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-19 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9717.html + https://github.com/libav/libav/blob/df744e3cf66548c9167ea857104a29d2ea92819e/libavcodec/srtdec.c#L90 + https://lgtm.com/security/ + + + + + + + + + + + + + + CVE-2019-9719 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-19 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9719.html + https://github.com/libav/libav/blob/df744e3cf66548c9167ea857104a29d2ea92819e/libavcodec/srtdec.c#L113 + https://github.com/libav/libav/commits/master/libavcodec/srtdec.c + https://lgtm.com/projects/g/libav/libav/snapshot/f5f553ca3bdca0c97dd08bbf002f0d8cb193788b/files/libavcodec/srtdec.c?sort=name&dir=ASC&mode=heatmap#xeec693aa6d85853b:1 + https://lgtm.com/security/ + + + + + + + + + + + + + + CVE-2019-9720 on Ubuntu 20.04 (focal) - medium. + A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-19 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9720.html + https://github.com/libav/libav/blob/df744e3cf66548c9167ea857104a29d2ea92819e/libavcodec/srtdec.c#L161 + https://lgtm.com/security/ + + + + + + + + + + + + + + CVE-2019-9740 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-13 03:29:00 UTC + 2019-03-12 + mdeslaur + https://bugs.python.org/issue36276 (marked as dupe) + https://bugs.python.org/issue30458 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9740.html + https://python-security.readthedocs.io/vuln/http-header-injection2.html + https://ubuntu.com/security/notices/USN-4127-1 + https://ubuntu.com/security/notices/USN-4127-2 + + + + + + + + + + CVE-2019-9746 on Ubuntu 20.04 (focal) - low. + In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-13 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9746.html + https://bugs.chromium.org/p/webm/issues/detail?id=1605 + https://chromium.googlesource.com/webm/libwebm/+/2427abe0bde234987ed005a3adca461e9a85dfb7 + https://github.com/webmproject/libwebm/commit/2427abe0bde234987ed005a3adca461e9a85dfb7 + + + + mdeslaur> as of 2020-08-12, unfixed in chromium-browser mdeslaur> webm_info.cc doesn't look to be built in the Ubuntu chromium-browser packages, marking as not-affected + + + + + + + + + CVE-2019-9752 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-13 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9752.html + https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework/ + https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework + + + + + + + + + + CVE-2019-9754 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-13 22:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9754.html + https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html + + + + + + + + + + CVE-2019-9787 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-14 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924546 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9787.html + https://blog.ripstech.com/2019/wordpress-csrf-to-rce/ + https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b + https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/ + https://wordpress.org/support/wordpress-version/version-5-1-1/ + + + + + + + + + + CVE-2019-9788 on Ubuntu 20.04 (focal) - negligible. + Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9788.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9798 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9788 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + https://ubuntu.com/security/notices/USN-3927-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine seth-arnold> Only affects Android + + + + + + + + + + + + + CVE-2019-9789 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9789.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9790 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9790.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9790 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9790 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9790 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + https://ubuntu.com/security/notices/USN-3927-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9791 on Ubuntu 20.04 (focal) - medium. + The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9791.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9791 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9791 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + https://ubuntu.com/security/notices/USN-3927-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9792 on Ubuntu 20.04 (focal) - medium. + The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9792.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9792 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9792 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + https://ubuntu.com/security/notices/USN-3927-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9793 on Ubuntu 20.04 (focal) - medium. + A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9793.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9793 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + https://ubuntu.com/security/notices/USN-3927-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9794 on Ubuntu 20.04 (focal) - negligible. + A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9794.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9794 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9794 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9794 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine seth-arnold> Only affects Windows + + + + + + + + + CVE-2019-9795 on Ubuntu 20.04 (focal) - medium. + A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9795.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9795 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9795 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9795 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + https://ubuntu.com/security/notices/USN-3927-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9796 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9796.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9796 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9796 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9796 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + https://ubuntu.com/security/notices/USN-3927-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9797 on Ubuntu 20.04 (focal) - medium. + Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9797.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9797 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9798 on Ubuntu 20.04 (focal) - negligible. + On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9798.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine seth-arnold> Only affects Windows + + + + + + + + + CVE-2019-9799 on Ubuntu 20.04 (focal) - medium. + Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9799.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9800 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9800.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9800 + https://ubuntu.com/security/notices/USN-3991-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9800 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9801 on Ubuntu 20.04 (focal) - negligible. + Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9801.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9801 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9801 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine seth-arnold> Only affects Windows + + + + + + + + + CVE-2019-9802 on Ubuntu 20.04 (focal) - medium. + If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9802.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9802 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9803 on Ubuntu 20.04 (focal) - medium. + The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9803.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9803 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9804 on Ubuntu 20.04 (focal) - negligible. + In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9804.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9804 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine seth-arnold> Only affects MacOS + + + + + + + + + CVE-2019-9805 on Ubuntu 20.04 (focal) - medium. + A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9805.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9805 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9806 on Ubuntu 20.04 (focal) - low. + A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9806.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9806 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9807 on Ubuntu 20.04 (focal) - low. + When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9807.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9807 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9808 on Ubuntu 20.04 (focal) - low. + If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9808.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9808 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9809 on Ubuntu 20.04 (focal) - low. + If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-20 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9809.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9809 + https://ubuntu.com/security/notices/USN-3918-1 + https://ubuntu.com/security/notices/USN-3918-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9810 on Ubuntu 20.04 (focal) - medium. + Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-25 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9810.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9810 + https://ubuntu.com/security/notices/USN-3919-1 + https://ubuntu.com/security/notices/USN-3927-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9811 on Ubuntu 20.04 (focal) - medium. + As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-07-11 + chrisccoulson + Niklas Baumstark + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9811.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-9811 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-9811 + https://ubuntu.com/security/notices/USN-4054-1 + https://ubuntu.com/security/notices/USN-4064-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9812 on Ubuntu 20.04 (focal) - medium. + Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2019-09-04 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9812.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812 + https://ubuntu.com/security/notices/USN-4122-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9813 on Ubuntu 20.04 (focal) - medium. + Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-26 17:29:00 UTC + 2019-03-25 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9813.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9813 + https://ubuntu.com/security/notices/USN-3919-1 + https://ubuntu.com/security/notices/USN-3927-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9814 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 67. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9814.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9814 + https://ubuntu.com/security/notices/USN-3991-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9815 on Ubuntu 20.04 (focal) - medium. + If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9815.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9815 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9815 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> MacOS only fix, as it depends on a MacOS only feature + + + + + + + + + CVE-2019-9816 on Ubuntu 20.04 (focal) - medium. + A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9816.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816 + https://ubuntu.com/security/notices/USN-3991-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9817 on Ubuntu 20.04 (focal) - medium. + Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9817.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817 + https://ubuntu.com/security/notices/USN-3991-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9818 on Ubuntu 20.04 (focal) - medium. + A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9818.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9818 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine chrisccoulson> Windows only bug + + + + + + + + + CVE-2019-9819 on Ubuntu 20.04 (focal) - medium. + A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9819.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819 + https://ubuntu.com/security/notices/USN-3991-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9819 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9820 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9820.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820 + https://ubuntu.com/security/notices/USN-3991-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820 + https://ubuntu.com/security/notices/USN-3997-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2019-9821 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-23 14:15:00 UTC + 2019-05-21 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9821.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821 + https://ubuntu.com/security/notices/USN-3991-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2019-9834 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-03-15 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9834.html + https://github.com/netdata/netdata/issues/5800#issuecomment-510986112 + https://www.exploit-db.com/exploits/46545 + https://www.youtube.com/watch?v=zSG93yX0B8k + + + + + + + + + + CVE-2019-9877 on Ubuntu 20.04 (focal) - low. + There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9877.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41265 + https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/ + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler, no indication it is affected ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-9878 on Ubuntu 20.04 (focal) - medium. + There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + https://github.com/kermitt2/pdfalto/issues/46 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9878.html + https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/ + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> can't reproduce with poppler, no indication it is affected ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore. + + + + + + + + + CVE-2019-9892 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-22 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9892.html + https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/ + + + + + + + + + + CVE-2019-9894 on Ubuntu 20.04 (focal) - untriaged. + A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9894.html + https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html + + + + + + + + + + CVE-2019-9895 on Ubuntu 20.04 (focal) - untriaged. + In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9895.html + https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html + + + + + + + + + + CVE-2019-9897 on Ubuntu 20.04 (focal) - untriaged. + Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9897.html + https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html + + + + + + + + + + CVE-2019-9898 on Ubuntu 20.04 (focal) - untriaged. + Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9898.html + https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html + + + + + + + + + + CVE-2019-9904 on Ubuntu 20.04 (focal) - low. + An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 18:29:00 UTC + https://gitlab.com/graphviz/graphviz/issues/1512 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9904.html + https://research.loginsoft.com/bugs/stack-buffer-overflow-in-function-agclose-graphviz/ + + + + + + + + + + CVE-2019-9923 on Ubuntu 20.04 (focal) - low. + pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-22 08:29:00 UTC + 2019-03-22 08:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925286 + http://savannah.gnu.org/bugs/?55369 (private) + https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9923.html + https://ubuntu.com/security/notices/USN-4692-1 + + + + + + + + + + CVE-2019-9942 on Ubuntu 20.04 (focal) - medium. + A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-23 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9942.html + https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077 + https://symfony.com/blog/twig-sandbox-information-disclosure + + + + + + + + + + CVE-2019-9946 on Ubuntu 20.04 (focal) - medium. + Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-02 18:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9946.html + https://bugzilla.redhat.com/show_bug.cgi?id=1692712 + https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272 + + + + + + + + + + CVE-2019-9947 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-23 18:29:00 UTC + 2019-03-23 + mdeslaur + https://bugs.python.org/issue35906 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9947.html + https://python-security.readthedocs.io/vuln/http-header-injection2.html + https://ubuntu.com/security/notices/USN-4127-1 + https://ubuntu.com/security/notices/USN-4127-2 + + + + mdeslaur> in certain python releases, introduced by: mdeslaur> https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2262 mdeslaur> mdeslaur> Same fix as CVE-2019-9740 + + + + + + + + + CVE-2019-9948 on Ubuntu 20.04 (focal) - medium. + urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-23 18:29:00 UTC + 2019-03-23 + mdeslaur + Sihoon Lee + https://bugs.python.org/issue35907 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9948.html + https://github.com/python/cpython/pull/11842 + https://ubuntu.com/security/notices/USN-4127-1 + https://ubuntu.com/security/notices/USN-4127-2 + + + + + + + + + + CVE-2019-9959 on Ubuntu 20.04 (focal) - low. + The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-22 15:15:00 UTC + 2019-07-22 15:15:00 UTC + mdeslaur + https://gitlab.freedesktop.org/poppler/poppler/issues/805 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9959.html + https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS + https://ubuntu.com/security/notices/USN-4646-1 + + + + ebarretto> Marking emscripten ignored as poppler code is only for test/example. + + + + + + + + + + + + CVE-2020-0034 on Ubuntu 20.04 (focal) - low. + In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0034.html + + + + + + + + + + CVE-2020-0093 on Ubuntu 20.04 (focal) - low. + In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-14 21:15:00 UTC + 2020-05-14 21:15:00 UTC + leosilva + https://github.com/libexif/libexif/issues/42 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0093.html + https://source.android.com/security/bulletin/2020-05-01 + https://ubuntu.com/security/notices/USN-4396-1 + + + + + + + + + + + + + CVE-2020-0256 on Ubuntu 20.04 (focal) - low. + In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-11 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0256.html + https://sourceforge.net/p/gptfdisk/code/ci/81c8bbee46ad6ebacf72eae70ba5147f376205a4/ + https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083 + + + + sbeattie> requires device with a bad gpt table + + + + + + + + + CVE-2020-0306 on Ubuntu 20.04 (focal) - low. + In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139666480 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0306.html + https://source.android.com/security/bulletin/android-11 + + + + sbeattie| possibly a weak hardening measure allowing easier exploitation, and not a vulnerability in and of itself. But clarity is needed. + + + + + + + + + + + + + + CVE-2020-0347 on Ubuntu 20.04 (focal) - low. + In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-18 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0347.html + https://source.android.com/security/bulletin/android-11 + + + + + + + + + + CVE-2020-0409 on Ubuntu 20.04 (focal) - medium. + In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-156997193 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-10 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0409.html + https://source.android.com/security/bulletin/2020-11-01 + https://android.googlesource.com/platform/system/core/+/bff51b88aaf96279c58edb812be0bda2fcaf4967 + + + + + + + + + + CVE-2020-0423 on Ubuntu 20.04 (focal) - low. + In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-14 14:15:00 UTC + 2020-10-14 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0423.html + https://git.kernel.org/linus/f3277cbfba763cd2826396521b9296de67cf1bbc + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4659-1 + https://ubuntu.com/security/notices/USN-4680-1 + https://ubuntu.com/security/notices/USN-4912-1 + + + + sbeattie> The binder module is enabled in Ubuntu kernels but not loaded by default. Systems without binder loaded should not be vulnerable. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0465 on Ubuntu 20.04 (focal) - medium. + In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel It was discovered that the HID multitouch implementation within the Linux kernel did not properly validate input events in some situations. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 22:15:00 UTC + 2020-12-14 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0465.html + https://git.kernel.org/linus/35556bed836f8dc07ac55f69c8d17dce3e7f0e25 + https://git.kernel.org/linus/bce1305c0ece3dc549663605e567655dd701752c + https://source.android.com/security/bulletin/2020-12-01 + https://ubuntu.com/security/notices/USN-4912-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0466 on Ubuntu 20.04 (focal) - medium. + In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel It was discovered that the eventpoll (aka epoll) implementation in the Linux kernel contained a logic error that could lead to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 22:15:00 UTC + 2020-12-14 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0466.html + https://git.kernel.org/linus/52c479697c9b73f628140dcdfcd39ea302d05482 + https://git.kernel.org/linus/a9ed4a6560b8562b7e2e2bed9527e88001f7b682 + https://source.android.com/security/bulletin/2020-12-01 + https://ubuntu.com/security/notices/USN-4912-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0499 on Ubuntu 20.04 (focal) - low. + In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0499.html + https://android.googlesource.com/platform/external/flac/+/029048f823ced50f63a92e25073427ec3a9bd909%5E%21/#F0 + https://source.android.com/security/bulletin/pixel/2020-12-01 + + + + + + + + + + CVE-2020-10001 on Ubuntu 20.04 (focal) - low. + An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10001.html + + + + + + + + + + CVE-2020-10018 on Ubuntu 20.04 (focal) - medium. + WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 23:15:00 UTC + 2020-03-02 23:15:00 UTC + https://bugs.webkit.org/show_bug.cgi?id=204342 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10018.html + https://trac.webkit.org/changeset/257292 + https://webkitgtk.org/security/WSA-2020-0003.html + https://ubuntu.com/security/notices/USN-4310-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-10029 on Ubuntu 20.04 (focal) - low. + The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-04 15:15:00 UTC + 2020-03-04 15:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25487 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953108 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10029.html + https://ubuntu.com/security/notices/USN-4416-1 + + + + + + + + + + CVE-2020-10030 on Ubuntu 20.04 (focal) - low. + An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 16:15:00 UTC + 2020-05-19 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10030.html + https://www.openwall.com/lists/oss-security/2020/05/19/3 + + + + + + + + + + CVE-2020-10134 on Ubuntu 20.04 (focal) - medium. + Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10134.html + https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/method-vulnerability/ + + + + seth-arnold> This appears to be a flaw in the protocol; it's possible that any "fixes" for this issue may be strictly user-interface messages to the user. mdeslaur> no software fix available as of 2020-07-17 + + + + + + + + + CVE-2020-10135 on Ubuntu 20.04 (focal) - medium. + Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 16:15:00 UTC + 2020-05-19 16:15:00 UTC + Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10135.html + https://francozappa.github.io/about-bias/ + https://kb.cert.org/vuls/id/647177/ + https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/ + https://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html + https://bugzilla.suse.com/show_bug.cgi?id=1171988 + https://lore.kernel.org/linux-bluetooth/20200520212015.626026-2-luiz.dentz@gmail.com/T/#m3d2012da00716dc280e9725484e8ff1d640d03b5 + https://lkml.org/lkml/2020/10/15/98 + https://github.com/marcinguy/CVE-2020-10135-BIAS + https://ubuntu.com/security/notices/USN-4657-1 + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4659-1 + https://ubuntu.com/security/notices/USN-4680-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10177 on Ubuntu 20.04 (focal) - low. + Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-25 19:15:00 UTC + 2020-06-25 19:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10177.html + https://github.com/python-pillow/Pillow/pull/4538 + https://github.com/python-pillow/Pillow/commits/master/src/libImaging + https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html + https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html + https://ubuntu.com/security/notices/USN-4430-1 + https://ubuntu.com/security/notices/USN-4430-2 + https://ubuntu.com/security/notices/USN-4697-2 + + + + + + + + + + + + + CVE-2020-10187 on Ubuntu 20.04 (focal) - medium. + Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-04 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959903 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10187.html + https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6 + https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9 + https://github.com/doorkeeper-gem/doorkeeper/releases + https://github.com/rubysec/ruby-advisory-db/pull/446 + + + + + + + + + + CVE-2020-10188 on Ubuntu 20.04 (focal) - medium. + utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-06 15:15:00 UTC + pfsmorigo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953477 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953478 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10188.html + https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html + https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216 + + + + + + + + + + + + + + CVE-2020-10232 on Ubuntu 20.04 (focal) - medium. + In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-09 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10232.html + https://github.com/sleuthkit/sleuthkit/issues/1836 + https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1 + + + + + + + + + + CVE-2020-10233 on Ubuntu 20.04 (focal) - medium. + In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-09 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10233.html + https://github.com/sleuthkit/sleuthkit/issues/1829 + + + + + + + + + + CVE-2020-10289 on Ubuntu 20.04 (focal) - medium. + Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-20 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10289.html + https://github.com/ros/actionlib/pull/171 + + + + + + + + + + CVE-2020-10378 on Ubuntu 20.04 (focal) - low. + In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-25 19:15:00 UTC + 2020-06-25 19:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10378.html + https://github.com/python-pillow/Pillow/pull/4538 + https://github.com/python-pillow/Pillow/commits/master/src/libImaging + https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html + https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html + https://ubuntu.com/security/notices/USN-4430-1 + https://ubuntu.com/security/notices/USN-4430-2 + + + + + + + + + + + + + CVE-2020-10379 on Ubuntu 20.04 (focal) - medium. + In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-25 19:15:00 UTC + 2020-06-25 19:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10379.html + https://github.com/python-pillow/Pillow/pull/4538 + https://github.com/python-pillow/Pillow/commits/master/src/libImaging + https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html + https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html + https://ubuntu.com/security/notices/USN-4430-2 + + + + + + + + + + + + + CVE-2020-10380 on Ubuntu 20.04 (focal) - medium. + RMySQL through 0.10.19 allows SQL Injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-17 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10380.html + https://github.com/r-dbi/RMySQL/blob/master/NEWS.md + + + + + + + + + + CVE-2020-10573 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-14 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10573.html + https://github.com/meetecho/janus-gateway/pull/1988 + + + + + + + + + + CVE-2020-10574 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-14 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10574.html + https://github.com/meetecho/janus-gateway/pull/1989 + + + + + + + + + + CVE-2020-10575 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-14 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10575.html + https://github.com/meetecho/janus-gateway/pull/1994 + + + + + + + + + + CVE-2020-10576 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-14 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10576.html + https://github.com/meetecho/janus-gateway/pull/1993 + + + + + + + + + + CVE-2020-10577 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-14 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10577.html + https://github.com/meetecho/janus-gateway/pull/1990 + + + + + + + + + + CVE-2020-10592 on Ubuntu 20.04 (focal) - low. + Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-23 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10592.html + https://blog.torproject.org/new-releases-03510-0419-0427 + https://bugs.torproject.org/33120 + https://trac.torproject.org/projects/tor/ticket/33120 + + + + + + + + + + CVE-2020-10593 on Ubuntu 20.04 (focal) - low. + Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-23 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10593.html + https://blog.torproject.org/new-releases-03510-0419-0427 + https://bugs.torproject.org/33619 + https://trac.torproject.org/projects/tor/ticket/33619 + + + + + + + + + + CVE-2020-10648 on Ubuntu 20.04 (focal) - low. + Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10648.html + http://www.openwall.com/lists/oss-security/2020/03/18/5 + https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ + https://github.com/u-boot/u-boot/commits/master + + + + + + + + + + CVE-2020-10663 on Ubuntu 20.04 (focal) - medium. + The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-28 21:15:00 UTC + 2020-04-28 21:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10663.html + https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ + https://hackerone.com/reports/706934 + https://ubuntu.com/security/notices/USN-4882-1 + + + + + + + + + + + + + CVE-2020-10672 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-18 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10672.html + https://github.com/FasterXML/jackson-databind/issues/2659 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-10673 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-18 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10673.html + https://github.com/FasterXML/jackson-databind/issues/2660 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-10683 on Ubuntu 20.04 (focal) - medium. + dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-01 19:15:00 UTC + 2020-05-01 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958055 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10683.html + https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 + https://ubuntu.com/security/notices/USN-4575-1 + + + + + + + + + + CVE-2020-10684 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10684.html + https://bugzilla.redhat.com/show_bug.cgi?id=1815519 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684 + + + + + + + + + + CVE-2020-10685 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-11 14:15:00 UTC + https://github.com/ansible/ansible/pull/68433 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10685.html + https://github.com/ansible/ansible/pull/68433 + + + + + + + + + + CVE-2020-10687 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10687.html + https://bugzilla.redhat.com/show_bug.cgi?id=1785049 + + + + + + + + + + CVE-2020-10688 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10688.html + https://bugzilla.redhat.com/show_bug.cgi?id=1814974 + https://github.com/quarkusio/quarkus/issues/7248 + https://issues.redhat.com/browse/RESTEASY-2519 + + + + + + + + + + + + + CVE-2020-10691 on Ubuntu 20.04 (focal) - medium. + An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-30 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10691.html + https://bugzilla.redhat.com/show_bug.cgi?id=1817161 + + + + sbeattie> functionality introduced in ansible 2.9 + + + + + + + + + CVE-2020-10693 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-06 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10693.html + https://bugzilla.redhat.com/show_bug.cgi?id=1805501 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693 + + + + + + + + + + CVE-2020-10699 on Ubuntu 20.04 (focal) - high. + A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10699.html + https://github.com/open-iscsi/targetcli-fb/issues/162 + + + + + + + + + + CVE-2020-10705 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-10 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10705.html + https://bugzilla.redhat.com/show_bug.cgi?id=1803241 + + + + + + + + + + CVE-2020-10719 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10719.html + https://bugzilla.redhat.com/show_bug.cgi?id=1828459 + + + + + + + + + + CVE-2020-10729 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10729.html + https://github.com/ansible/ansible/issues/34144 + https://github.com/ansible/ansible/pull/67429/ + https://github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6 + + + + + + + + + + CVE-2020-10737 on Ubuntu 20.04 (focal) - medium. + A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-27 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960089 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10737.html + https://bugzilla.redhat.com/show_bug.cgi?id=1833042 + https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac + + + + + + + + + + CVE-2020-10744 on Ubuntu 20.04 (focal) - low. + An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10744.html + https://bugzilla.redhat.com/show_bug.cgi?id=1835566 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744 + + + + + + + + + + CVE-2020-10749 on Ubuntu 20.04 (focal) - untriaged. + A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-06-03 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10749.html + https://github.com/containernetworking/plugins/pull/484 + https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43 + + + + + + + + + + CVE-2020-10753 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-26 15:15:00 UTC + 2020-06-26 15:15:00 UTC + Adam Mohammed + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10753.html + https://github.com/ceph/ceph/pull/35773 + https://ubuntu.com/security/notices/USN-4528-1 + https://ubuntu.com/security/notices/USN-4706-1 + + + + mdeslaur> fixed in 15.2.5-0ubuntu0.20.04.1 in focal-updates, but not yet mdeslaur> in security pocket. + + + + + + + + + CVE-2020-10755 on Ubuntu 20.04 (focal) - low. + An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-10 17:15:00 UTC + 2020-06-10 17:15:00 UTC + David Hill and Eric Harney + https://bugs.launchpad.net/cinder/+bug/1823200 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10755.html + https://wiki.openstack.org/wiki/OSSN/OSSN-0086 + https://ubuntu.com/security/notices/USN-4420-1 + + + + mdeslaur> Fixing this moves VxFlex OS passwords from the mdeslaur> block_device_mapping table to a file called mdeslaur> /opt/emc/scaleio/openstack/connector.conf mdeslaur> mdeslaur> From python-os-brick patch: mdeslaur> It requires that a configuration file be deployed on compute mdeslaur> nodes, cinder nodes, and anywhere you would perform a volume mdeslaur> attachment in your deployment, when using Cinder with a Dell mdeslaur> EMC VxFlex OS backend. mdeslaur> mdeslaur> If we fix this in stable releases, it will break environments mdeslaur> until the new configuration file is deployed. + + + + + + + + + + + + CVE-2020-10756 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 16:15:00 UTC + 2020-07-09 16:15:00 UTC + Ziming Zhang and VictorV + https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10756.html + https://ubuntu.com/security/notices/USN-4437-1 + https://ubuntu.com/security/notices/USN-4467-1 + + + + + + + + + + + + + CVE-2020-10759 on Ubuntu 20.04 (focal) - medium. + A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 19:15:00 UTC + 2020-06-09 + leosilva + Justin Steven + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10759.html + https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md + https://ubuntu.com/security/notices/USN-4395-1 + + + + + + + + + + + + + CVE-2020-10781 on Ubuntu 20.04 (focal) - low. + A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. Luca Bruno discovered that the zram module in the Linux kernel did not properly restrict unprivileged users from accessing the hot_add sysfs file. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 13:15:00 UTC + 2020-06-18 00:00:00 UTC + Luca Bruno + https://bugzilla.redhat.com/show_bug.cgi?id=1847832 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10781.html + https://www.openwall.com/lists/oss-security/2020/06/18/1 + https://lore.kernel.org/linux-block/20200617103412.GA2027053@kroah.com/ + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + sbeattie> zram module is not loaded by default, but is enabled. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10802 on Ubuntu 20.04 (focal) - medium. + In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database or table name. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-22 05:15:00 UTC + 2020-03-22 05:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10802.html + https://www.phpmyadmin.net/security/PMASA-2020-3/ + https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe + https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2020-10803 on Ubuntu 20.04 (focal) - medium. + In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. It was discovered that phpMyAdmin did not properly handle data from the database when displaying it. If an attacker were to insert specially-crafted data into certain database tables, the attacker could execute a cross-site scripting (XSS) attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-22 05:15:00 UTC + 2020-03-22 05:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10803.html + https://www.phpmyadmin.net/security/PMASA-2020-4/ + https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5 + https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a + https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2020-10804 on Ubuntu 20.04 (focal) - medium. + In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted username. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-22 04:15:00 UTC + 2020-03-22 04:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10804.html + https://www.phpmyadmin.net/security/PMASA-2020-2/ + https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad + https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80 + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2020-10809 on Ubuntu 20.04 (focal) - low. + An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-22 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10809.html + https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1 + https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/ + https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt + + + + + + + + + + CVE-2020-10810 on Ubuntu 20.04 (focal) - low. + An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-22 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10810.html + https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3 + https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/ + https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt + + + + + + + + + + CVE-2020-10811 on Ubuntu 20.04 (focal) - low. + An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-22 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10811.html + https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 + https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/ + https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt + + + + + + + + + + CVE-2020-10812 on Ubuntu 20.04 (focal) - low. + An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-22 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10812.html + https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4 + https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/ + https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt + + + + + + + + + + CVE-2020-10814 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-08 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10814.html + https://sourceforge.net/p/codeblocks/code/HEAD/tree/trunk/ChangeLog + https://sourceforge.net/p/codeblocks/tickets/934/ + https://www.povonsec.com/codeblocks-security-vulnerability/ + + + + + + + + + + CVE-2020-10870 on Ubuntu 20.04 (focal) - low. + Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-23 20:15:00 UTC + Mike Salvatore + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954810 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10870.html + https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028 + + + + + + + + + + CVE-2020-10932 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10932.html + https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released + https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 + https://tls.mbed.org/tech-updates/security-advisories + + + + + + + + + + CVE-2020-10936 on Ubuntu 20.04 (focal) - high. + Sympa before 6.2.56 allows privilege escalation. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-05-27 18:15:00 UTC + 2020-05-27 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961491 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10936.html + https://sympa-community.github.io/security/2020-002.html + https://ubuntu.com/security/notices/USN-4442-1 + + + + + + + + + + CVE-2020-10938 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10938.html + http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce + https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/ + + + + + + + + + + CVE-2020-10941 on Ubuntu 20.04 (focal) - medium. + Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10941.html + https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 + + + + + + + + + + CVE-2020-10944 on Ubuntu 20.04 (focal) - medium. + HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-28 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10944.html + https://github.com/hashicorp/nomad/issues/7468 + + + + + + + + + + CVE-2020-10945 on Ubuntu 20.04 (focal) - medium. + Centreon before 19.10.7 exposes Session IDs in server responses. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-27 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10945.html + https://sysdream.com/news/lab/2020-05-13-cve-2020-10945-centreon-session-id-exposure/ + + + + + + + + + + CVE-2020-10946 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-27 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10946.html + https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/ + + + + + + + + + + CVE-2020-10960 on Ubuntu 20.04 (focal) - medium. + In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-03 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10960.html + https://phabricator.wikimedia.org/T246602 + https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html + + + + + + + + + + CVE-2020-10968 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-26 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10968.html + https://github.com/FasterXML/jackson-databind/issues/2662 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + sbeattie> debian notes that "starting from 2.10 series mitigated as Safe Default Typing is enabled by default but still an issue when Default Typing is enabled. + + + + + + + + + CVE-2020-10969 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-26 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10969.html + https://github.com/FasterXML/jackson-databind/issues/2642 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + sbeattie> debian notes that "starting from 2.10 series mitigated as Safe Default Typing is enabled by default but still an issue when Default Typing is enabled. + + + + + + + + + CVE-2020-10994 on Ubuntu 20.04 (focal) - low. + In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-25 19:15:00 UTC + 2020-06-25 19:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10994.html + https://github.com/python-pillow/Pillow/pull/4538 + https://github.com/python-pillow/Pillow/commits/master/src/libImaging/ + https://pillow.readthedocs.io/en/stable/releasenotes/ + https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html + https://ubuntu.com/security/notices/USN-4430-1 + https://ubuntu.com/security/notices/USN-4430-2 + + + + + + + + + + + + + CVE-2020-10995 on Ubuntu 20.04 (focal) - medium. + PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 17:15:00 UTC + 2020-05-19 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10995.html + https://www.openwall.com/lists/oss-security/2020/05/19/3 + + + + + + + + + + CVE-2020-11013 on Ubuntu 20.04 (focal) - low. + Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function circumvents this restriction and connects to the cluster even during `helm template` and `helm install|update|delete|rollback --dry-run`. The user is not notified of this behavior. Running `helm template` should not make calls to a cluster. This is different from `install`, which is presumed to have access to a cluster in order to load resources into Kubernetes. Helm 2 is unaffected by this vulnerability. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user&#39;s `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. This issue has been fixed in Helm 3.2.0 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11013.html + https://github.com/helm/helm/releases/tag/v3.2.0 + https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8 + + + + + + + + + + CVE-2020-11020 on Ubuntu 20.04 (focal) - medium. + Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-29 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959392 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11020.html + https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5 + https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e + + + + + + + + + + CVE-2020-11022 on Ubuntu 20.04 (focal) - low. + In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-29 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11022.html + https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ + https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 + https://jquery.com/upgrade-guide/3.5/ + + + + mdeslaur> This is likely an intrusive, backwards-incompatible change that mdeslaur> may break existing software. + + + + + + + + + CVE-2020-11023 on Ubuntu 20.04 (focal) - low. + In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-29 21:15:00 UTC + https://github.com/jquery/jquery/issues/4691 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11023.html + https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 + https://jquery.com/upgrade-guide/3.5/ + + + + mdeslaur> This is likely an intrusive, backwards-incompatible change that mdeslaur> may break existing software. + + + + + + + + + CVE-2020-11025 on Ubuntu 20.04 (focal) - medium. + In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-30 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11025.html + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c + https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + + + + + + + + + + CVE-2020-11026 on Ubuntu 20.04 (focal) - medium. + In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-30 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11026.html + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2 + https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + + + + + + + + + + CVE-2020-11027 on Ubuntu 20.04 (focal) - medium. + In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-30 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11027.html + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw + https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + + + + + + + + + + CVE-2020-11028 on Ubuntu 20.04 (focal) - medium. + In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-30 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11028.html + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w + https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + + + + + + + + + + CVE-2020-11029 on Ubuntu 20.04 (focal) - medium. + In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-30 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11029.html + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c + https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + + + + + + + + + + CVE-2020-11030 on Ubuntu 20.04 (focal) - medium. + In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-30 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11030.html + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh + https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + + + + + + + + + + CVE-2020-11039 on Ubuntu 20.04 (focal) - low. + In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11039.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq + + + + + + + + + + CVE-2020-11049 on Ubuntu 20.04 (focal) - low. + In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 20:15:00 UTC + 2020-05-07 20:15:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/6008 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11049.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr + https://github.com/FreeRDP/FreeRDP/pull/6019 + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + + + + mdeslaur> included in same commit as CVE-2020-11048 + + + + + + + + + CVE-2020-11054 on Ubuntu 20.04 (focal) - low. + In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn't be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11054.html + https://bugs.kde.org/show_bug.cgi?id=420902 + https://github.com/qutebrowser/qutebrowser/commit/021ab572a319ca3db5907a33a59774f502b3b975 + https://github.com/qutebrowser/qutebrowser/commit/19f01bb42d02da539446a52a25bb0c1232b86327 + https://github.com/qutebrowser/qutebrowser/commit/1b7946ed14b386a24db050f2d6dba81ba6518755 + https://github.com/qutebrowser/qutebrowser/commit/2281a205c3e70ec20f35ec8fafecee0d5c4f3478 + https://github.com/qutebrowser/qutebrowser/commit/4020210b193f77cf1785b21717f6ef7c5de5f0f8 + https://github.com/qutebrowser/qutebrowser/commit/6821c236f9ae23adf21d46ce0d56768ac8d0c467 + https://github.com/qutebrowser/qutebrowser/commit/9bd1cf585fccdfe8318fff7af793730e74a04db3 + https://github.com/qutebrowser/qutebrowser/commit/a45ca9c788f648d10cccce2af41405bf25ee2948 + https://github.com/qutebrowser/qutebrowser/commit/d28ed758d077a5bf19ddac4da468f7224114df23 + https://github.com/qutebrowser/qutebrowser/commit/f5d801251aa5436aff44660c87d7013e29ac5864 + https://github.com/qutebrowser/qutebrowser/issues/5403 + https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j + https://tracker.die-offenbachs.homelinux.org/eric/issue328 + + + + + + + + + + CVE-2020-11061 on Ubuntu 20.04 (focal) - medium. + In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-10 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11061.html + https://bugs.bareos.org/view.php?id=1210 + https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4 + + + + + + + + + + CVE-2020-11076 on Ubuntu 20.04 (focal) - medium. + In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-22 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11076.html + https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h + https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd + https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22 + + + + + + + + + + CVE-2020-11077 on Ubuntu 20.04 (focal) - medium. + In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-22 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11077.html + https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm + https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22 + + + + + + + + + + CVE-2020-11078 on Ubuntu 20.04 (focal) - low. + In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-20 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11078.html + https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq + + + + + + + + + + CVE-2020-11080 on Ubuntu 20.04 (focal) - medium. + In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-03 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11080.html + https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#http-2-large-settings-frame-dos-low-cve-2020-11080 + https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090 + https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394 + https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr + + + + + + + + + + CVE-2020-11082 on Ubuntu 20.04 (focal) - medium. + In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-28 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11082.html + https://github.com/github/advisory-review/pull/1020 + https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8 + https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433 + + + + + + + + + + CVE-2020-11086 on Ubuntu 20.04 (focal) - low. + In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11086.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974 + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-11087 on Ubuntu 20.04 (focal) - low. + In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11087.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7 + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-11088 on Ubuntu 20.04 (focal) - low. + In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11088.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-11089 on Ubuntu 20.04 (focal) - low. + In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11089.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-11095 on Ubuntu 20.04 (focal) - medium. + In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 22:15:00 UTC + 2020-06-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11095.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2 + http://www.freerdp.com/2020/06/22/2_1_2-released + https://ubuntu.com/security/notices/USN-4481-1 + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-11096 on Ubuntu 20.04 (focal) - medium. + In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 22:15:00 UTC + 2020-06-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11096.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x + http://www.freerdp.com/2020/06/22/2_1_2-released + https://ubuntu.com/security/notices/USN-4481-1 + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-11097 on Ubuntu 20.04 (focal) - medium. + In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 22:15:00 UTC + 2020-06-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11097.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f + http://www.freerdp.com/2020/06/22/2_1_2-released + https://ubuntu.com/security/notices/USN-4481-1 + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-11098 on Ubuntu 20.04 (focal) - medium. + In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 22:15:00 UTC + 2020-06-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11098.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv + http://www.freerdp.com/2020/06/22/2_1_2-released + https://ubuntu.com/security/notices/USN-4481-1 + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-11111 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-31 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11111.html + https://github.com/FasterXML/jackson-databind/issues/2664 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-11112 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-31 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11112.html + https://github.com/FasterXML/jackson-databind/issues/2666 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-11113 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-31 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11113.html + https://github.com/FasterXML/jackson-databind/issues/2670 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-11441 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-31 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11441.html + https://github.com/phpmyadmin/phpmyadmin/issues/16056 + + + + + + + + + + CVE-2020-11538 on Ubuntu 20.04 (focal) - low. + In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-25 19:15:00 UTC + 2020-06-25 19:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11538.html + https://github.com/python-pillow/Pillow/pull/4538 + https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html + https://pillow.readthedocs.io/en/stable/releasenotes/index.html + https://ubuntu.com/security/notices/USN-4430-1 + https://ubuntu.com/security/notices/USN-4430-2 + + + + + + + + + + + + + CVE-2020-11558 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-05 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11558.html + https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c + https://github.com/gpac/gpac/issues/1440 + + + + + + + + + + + + + CVE-2020-11612 on Ubuntu 20.04 (focal) - medium. + The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-07 18:15:00 UTC + 2020-04-07 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11612.html + https://github.com/netty/netty/issues/6168 + https://github.com/netty/netty/pull/9924 + https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0 + https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final + https://lists.apache.org/thread.html/r14446ed58208cb6d97b6faa6ebf145f1cf2c70c0886c0c133f4d3b6f@%3Ccommits.druid.apache.org%3E + https://lists.apache.org/thread.html/r2958e4d49ee046e1e561e44fdc114a0d2285927501880f15852a9b53@%3Ccommits.druid.apache.org%3E + https://lists.apache.org/thread.html/r3195127e46c87a680b5d1d3733470f83b886bfd3b890c50df718bed1@%3Ccommits.druid.apache.org%3E + https://lists.apache.org/thread.html/r7836bbdbe95c99d4d725199f0c169927d4e87ba57e4beeeb699c097a@%3Ccommits.druid.apache.org%3E + https://lists.apache.org/thread.html/r8a654f11e1172b0effbfd6f8d5b6ca651ae4ac724a976923c268a42f@%3Ccommits.druid.apache.org%3E + https://lists.apache.org/thread.html/ra98e3a8541a09271f96478d5e22c7e3bd1afdf48641c8be25d62d9f9@%3Ccommits.druid.apache.org%3E + https://ubuntu.com/security/notices/USN-4600-2 + + + + + + + + + + CVE-2020-11619 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-07 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11619.html + https://github.com/FasterXML/jackson-databind/issues/2680 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-11620 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-07 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11620.html + https://github.com/FasterXML/jackson-databind/issues/2682 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-11647 on Ubuntu 20.04 (focal) - medium. + In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-10 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11647.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0 + https://www.wireshark.org/security/wnpa-sec-2020-07.html + + + + + + + + + + CVE-2020-11653 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-08 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956307 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11653.html + https://varnish-cache.org/security/VSV00005.html#vsv00005 + https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62 + + + + + + + + + + CVE-2020-11655 on Ubuntu 20.04 (focal) - low. + SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-09 03:15:00 UTC + 2020-04-09 03:15:00 UTC + mdeslaur + Henry Liu + https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11655.html + https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11 + https://ubuntu.com/security/notices/USN-4394-1 + + + + mdeslaur> per upstream bug, introduced in 3.25 + + + + + + + + + + + + CVE-2020-11709 on Ubuntu 20.04 (focal) - low. + cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-12 14:15:00 UTC + https://github.com/yhirose/cpp-httplib/issues/425 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11709.html + https://gist.github.com/shouc/a9330df817128bc4c4132abf3de09495 + https://github.com/yhirose/cpp-httplib/commit/85327e19ae7e72028c30917247238d638ce56d0b + + + + amurray> The Debian chromium source package is called chromium-browser in Ubuntu mdeslaur> starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap mdeslaur> cpp-httplib doesn't look to be built in the Ubuntu chromium-browser packages, marking as not-affected + + + + + + + + + CVE-2020-11713 on Ubuntu 20.04 (focal) - medium. + wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-12 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11713.html + https://github.com/wolfSSL/wolfssl/pull/2894/ + + + + + + + + + + CVE-2020-11721 on Ubuntu 20.04 (focal) - medium. + load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-12 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11721.html + https://github.com/saitoha/libsixel/issues/134 + + + + + + + + + + CVE-2020-11722 on Ubuntu 20.04 (focal) - medium. + Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-12 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11722.html + https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html + https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04 + https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28 + + + + + + + + + + CVE-2020-11724 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-12 21:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11724.html + https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch + + + + mdeslaur> The lua module is included in the debian directory as it is not mdeslaur> part of the upstream nginx release. mdeslaur> It is included in the nginx-extras binary package in universe. + + + + + + + + + CVE-2020-11725 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-12 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11725.html + https://twitter.com/yabbadabbadrew/status/1248632267028582400 + https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474 + https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai@suse.de/ + + + + cascardo> This issue is disputed by upstream, info->owner is used intentionally for that specific API. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-11728 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 16:15:00 UTC + 2020-04-15 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956650 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11728.html + https://gitlab.com/davical-project/awl/-/issues/19 + https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428 + https://ubuntu.com/security/notices/USN-4539-1 + + + + + + + + + + CVE-2020-11729 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956650 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11729.html + https://gitlab.com/davical-project/awl/-/issues/18 + https://gitlab.com/davical-project/awl/-/commit/535505c9acd0dda9cf664c38f5f8cb8dd61dc0cd + + + + + + + + + + CVE-2020-11735 on Ubuntu 20.04 (focal) - medium. + The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-25 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11735.html + https://github.com/wolfSSL/wolfssl/commit/1de07da61f0c8e9926dcbd68119f73230dae283f + https://github.com/wolfSSL/wolfssl/releases/tag/v4.4.0-stable + + + + + + + + + + CVE-2020-11739 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11739.html + https://xenbits.xen.org/xsa/advisory-314.html + http://www.openwall.com/lists/oss-security/2020/04/14/2 + http://xenbits.xen.org/xsa/advisory-314.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-11740 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11740.html + https://xenbits.xen.org/xsa/advisory-313.html + http://www.openwall.com/lists/oss-security/2020/04/14/1 + http://xenbits.xen.org/xsa/advisory-313.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-11741 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11741.html + https://xenbits.xen.org/xsa/advisory-313.html + http://www.openwall.com/lists/oss-security/2020/04/14/1 + http://xenbits.xen.org/xsa/advisory-313.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-11742 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11742.html + https://xenbits.xen.org/xsa/advisory-318.html + http://www.openwall.com/lists/oss-security/2020/04/14/4 + http://xenbits.xen.org/xsa/advisory-318.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-11743 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11743.html + https://xenbits.xen.org/xsa/advisory-316.html + http://www.openwall.com/lists/oss-security/2020/04/14/3 + http://xenbits.xen.org/xsa/advisory-316.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-11793 on Ubuntu 20.04 (focal) - medium. + A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-17 13:15:00 UTC + 2020-04-16 + Cim Stordal + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11793.html + https://webkitgtk.org/security/WSA-2020-0004.html + https://ubuntu.com/security/notices/USN-4331-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-11800 on Ubuntu 20.04 (focal) - high. + Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-10-07 16:15:00 UTC + Fu Chuang + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11800.html + https://support.zabbix.com/browse/DEV-1538 + https://support.zabbix.com/browse/ZBX-17600 + https://support.zabbix.com/browse/ZBXSEC-30 (not public) + https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/85453e04656fc7bd8a6790f5295d79410101745c + + + + + + + + + + CVE-2020-11863 on Ubuntu 20.04 (focal) - medium. + libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11863.html + https://sourceforge.net/p/libemf/code/commit_browser + https://sourceforge.net/p/libemf/mailman/libemf-devel/ + https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/ + + + + + + + + + + CVE-2020-11864 on Ubuntu 20.04 (focal) - medium. + libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11864.html + https://sourceforge.net/p/libemf/code/commit_browser + https://sourceforge.net/p/libemf/mailman/libemf-devel/ + https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/ + + + + + + + + + + CVE-2020-11865 on Ubuntu 20.04 (focal) - medium. + libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11865.html + https://sourceforge.net/p/libemf/code/commit_browser + https://sourceforge.net/p/libemf/mailman/libemf-devel/ + https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/ + + + + + + + + + + CVE-2020-11866 on Ubuntu 20.04 (focal) - medium. + libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11866.html + https://sourceforge.net/p/libemf/code/commit_browser + https://sourceforge.net/p/libemf/mailman/libemf-devel/ + https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/ + + + + + + + + + + CVE-2020-11867 on Ubuntu 20.04 (focal) - medium. + Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-30 22:15:00 UTC + Mike Salvatore + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11867.html + https://github.com/audacity/audacity/releases + https://salvatoresecurity.com/the-many-perils-of-tmp/ + + + + + + + + + + CVE-2020-11868 on Ubuntu 20.04 (focal) - low. + ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-17 04:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958027 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11868.html + http://support.ntp.org/bin/view/Main/NtpBug3592 + http://bugs.ntp.org/3592 + https://bugzilla.redhat.com/show_bug.cgi?id=1716665 + + + + + + + + + + + + + CVE-2020-11879 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-17 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11879.html + https://gitlab.gnome.org/GNOME/evolution/issues/784 + https://gitlab.gnome.org/GNOME/evolution/-/commit/6489f20d6905cc797e2b2581c415e558c457caa7 + https://gitlab.gnome.org/GNOME/evolution/-/blob/master/NEWS + + + + + + + + + + CVE-2020-11880 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-17 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11880.html + https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1 + https://cgit.kde.org/kmail.git/tag/?h=v19.12.3 + + + + + + + + + + CVE-2020-11888 on Ubuntu 20.04 (focal) - medium. + python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-20 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11888.html + https://github.com/trentm/python-markdown2/issues/348 + + + + + + + + + + CVE-2020-11932 on Ubuntu 20.04 (focal) - medium. + It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-13 01:15:00 UTC + Moritz Naumann + 2020-05-12 00:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1878115 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11932.html + + + + + + + + + + CVE-2020-11935 on Ubuntu 20.04 (focal) - medium. + It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-29 + 2020-06-29 + Mauricio Faria de Oliveira + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1873074 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11935.html + https://ubuntu.com/security/notices/USN-4425-1 + https://ubuntu.com/security/notices/USN-4426-1 + https://ubuntu.com/security/notices/USN-4427-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + https://usn.ubuntu.com/lsn/0070-1/ + + + + sbeattie> upstream aufs4-linux.git commits: 515a586eeef31e0717d5dea21e2c11a965340b3c f10aea57d39d6cd311312e9e7746804f7059b5c8 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-11939 on Ubuntu 20.04 (focal) - medium. + In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-23 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11939.html + https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202 + https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi + + + + + + + + + + CVE-2020-11940 on Ubuntu 20.04 (focal) - medium. + In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-23 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11940.html + https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435 + https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi + + + + + + + + + + CVE-2020-11947 on Ubuntu 20.04 (focal) - medium. + iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-31 01:15:00 UTC + 2020-12-31 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11947.html + https://ubuntu.com/security/notices/USN-4725-1 + + + + + + + + + + CVE-2020-11979 on Ubuntu 20.04 (focal) - medium. + As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 20:15:00 UTC + Mike Salvatore + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11979.html + https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E + + + + + + + + + + CVE-2020-11984 on Ubuntu 20.04 (focal) - medium. + Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-07 16:15:00 UTC + 2020-08-07 16:15:00 UTC + mdeslaur + Felix Wilhelm + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11984.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11984 + https://www.openwall.com/lists/oss-security/2020/08/07/1 + https://httpd.apache.org/security/vulnerabilities_24.html + https://ubuntu.com/security/notices/USN-4458-1 + + + + seth-arnold> libapache2-mod-proxy-uwsgi binary package is in universe mdeslaur> the libapache2-mod-proxy-uwsgi module moved from the uwsgi mdeslaur> source package to the apache2 source package in focal+ + + + + + + + + + CVE-2020-11986 on Ubuntu 20.04 (focal) - medium. + To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis of the project at load time. This in turn will run potentially malicious code, from an external source, without the consent of the user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-09 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11986.html + https://www.openwall.com/lists/oss-security/2020/09/07/2 + https://lists.apache.org/thread.html/rbb8ea1b684e73107a0a6a30245ad6112bec2e6e171368c808e69217e%40%3Cannounce.netbeans.apache.org%3E + + + + + + + + + + CVE-2020-11987 on Ubuntu 20.04 (focal) - medium. + Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-24 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11987.html + https://xmlgraphics.apache.org/security.html + + + + + + + + + + CVE-2020-11988 on Ubuntu 20.04 (focal) - medium. + Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-24 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11988.html + https://xmlgraphics.apache.org/security.html + + + + + + + + + + CVE-2020-11989 on Ubuntu 20.04 (focal) - medium. + Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 19:15:00 UTC + 2020-06-22 19:15:00 UTC + pfsmorigo + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11989.html + https://www.openwall.com/lists/oss-security/2020/06/22/1 + https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675%40%3Cuser.shiro.apache.org%3E + https://ubuntu.com/security/notices/USN-4740-1 + + + + + + + + + + CVE-2020-11996 on Ubuntu 20.04 (focal) - medium. + A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-26 17:15:00 UTC + 2020-06-26 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11996.html + https://www.openwall.com/lists/oss-security/2020/06/25/6 + https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976 (9.0.36) + https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552 (8.5.56) + https://lists.apache.org/thread.html/r5541ef6b6b68b49f76fc4c45695940116da2bcbe0312ef204a00a2e0%40%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/r74f5a8204efe574cbfcd95b2a16236fe95beb45c4d9fee3dc789dca9@%3Ccommits.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r8f3d416c193bc9384a8a7dd368623d441f5fcaff1057115008100561@%3Ccommits.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r93ca628ef3a4530dfe5ac49fddc795f0920a4b2a408b57a30926a42b@%3Ccommits.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/rb4ee49ecc4c59620ffd5e66e84a17e526c2c3cfa95d0cd682d90d338@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/rb820f1a2a02bf07414be12c653c2ab5321fd87b9bf6c5e635c53ff4b@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/rc80b96b4b96618b2b7461cb90664a428cfd6605eea9f74e51b792542@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/rea65d6ef2e45dd1c45faae83922042732866c7b88fa109b76c83db52@%3Cnotifications.ofbiz.apache.org%3E + https://ubuntu.com/security/notices/USN-4596-1 + + + + mdeslaur> HTTP/2 support introduced in 8.5 + + + + + + + + + CVE-2020-11998 on Ubuntu 20.04 (focal) - medium. + A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-10 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11998.html + http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt + + + + + + + + + + CVE-2020-12050 on Ubuntu 20.04 (focal) - low. + SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-30 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12050.html + http://www.ch-werner.de/sqliteodbc/ + https://bugzilla.redhat.com/show_bug.cgi?id=1825762 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDS5RK7F47BRXHUYRWGMGLYU2GJEVZQA/ + https://sysdream.com/news/lab/ + + + + + + + + + + CVE-2020-12066 on Ubuntu 20.04 (focal) - medium. + CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-22 17:15:00 UTC + 2020-04-22 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12066.html + https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5 + https://www.teeworlds.com/forum/viewtopic.php?id=14785 + https://ubuntu.com/security/notices/USN-4553-1 + + + + + + + + + + CVE-2020-12105 on Ubuntu 20.04 (focal) - low. + OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-23 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12105.html + https://gitlab.com/openconnect/openconnect/-/merge_requests/96 + + + + + + + + + + CVE-2020-12108 on Ubuntu 20.04 (focal) - medium. + /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-06 15:15:00 UTC + 2020-05-06 15:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12108.html + https://bugs.launchpad.net/mailman/+bug/1873722 + https://code.launchpad.net/mailman + https://mail.python.org/pipermail/mailman-announce/ + https://ubuntu.com/security/notices/USN-4354-1 + + + + + + + + + + CVE-2020-12135 on Ubuntu 20.04 (focal) - medium. + bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 01:15:00 UTC + 2020-04-24 01:15:00 UTC + mdeslaur + Seong-Joong Kim + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958998 + https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12135.html + https://github.com/10gen-archive/mongo-c-driver-legacy/commit/1a1f5e26a4309480d88598913f9eebf9e9cba8ca#diff-f7d29a680148f52d6601f59ed787f577 + https://launchpadlibrarian.net/474887364/bson-fix-overflow.patch + https://ubuntu.com/security/notices/USN-4450-1 + + + + + + + + + + + + + CVE-2020-12137 on Ubuntu 20.04 (focal) - medium. + GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 13:15:00 UTC + 2020-04-24 13:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958930 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12137.html + https://www.openwall.com/lists/oss-security/2020/02/24/2 + http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1801 + http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS + http://www.openwall.com/lists/oss-security/2020/04/24/3 + https://www.openwall.com/lists/oss-security/2020/02/24/3 + https://ubuntu.com/security/notices/USN-4348-1 + + + + + + + + + + CVE-2020-12244 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 14:15:00 UTC + 2020-05-19 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12244.html + https://www.openwall.com/lists/oss-security/2020/05/19/3 + + + + + + + + + + CVE-2020-12268 on Ubuntu 20.04 (focal) - low. + jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12268.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332 + https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e + https://github.com/ArtifexSoftware/jbig2dec/compare/0.17...0.18 + + + + + + + + + + CVE-2020-12272 on Ubuntu 20.04 (focal) - low. + OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12272.html + https://sourceforge.net/p/opendmarc/tickets/237/ + https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf + + + + + + + + + + CVE-2020-12278 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12278.html + https://github.com/git/git/security/advisories/GHSA-5wph-8frv-58vj + https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01 + https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb + https://github.com/libgit2/libgit2/releases/tag/v0.28.4 + https://github.com/libgit2/libgit2/releases/tag/v0.99.0 + + + + + + + + + + CVE-2020-12279 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12279.html + https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v + https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4 + https://github.com/libgit2/libgit2/releases/tag/v0.28.4 + https://github.com/libgit2/libgit2/releases/tag/v0.99.0 + + + + + + + + + + CVE-2020-12362 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12362.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html + + + + mdeslaur> per Intel, this was fixed by a firmware update. v49.0.1 of the mdeslaur> firmware is required. The new firmware requires a kernel mdeslaur> patch: c784e5249e773689e38d2bc1749f08b986621a26 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12363 on Ubuntu 20.04 (focal) - medium. + Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12363.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html + + + + mdeslaur> per Intel, this was fixed by a firmware update. v49.0.1 of the mdeslaur> firmware is required. The new firmware requires a kernel mdeslaur> patch: c784e5249e773689e38d2bc1749f08b986621a26 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12364 on Ubuntu 20.04 (focal) - medium. + Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12364.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html + + + + mdeslaur> per Intel, this was fixed by a firmware update. v49.0.1 of the mdeslaur> firmware is required. The new firmware requires a kernel mdeslaur> patch: c784e5249e773689e38d2bc1749f08b986621a26 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12387 on Ubuntu 20.04 (focal) - medium. + A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 18:15:00 UTC + 2020-05-06 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12387.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387 + https://ubuntu.com/security/notices/USN-4353-1 + https://ubuntu.com/security/notices/USN-4373-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12388 on Ubuntu 20.04 (focal) - medium. + The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 18:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12388.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12388 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12388 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-12389 on Ubuntu 20.04 (focal) - medium. + The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 18:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12389.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12389 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12389 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-12390 on Ubuntu 20.04 (focal) - medium. + Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 18:15:00 UTC + 2020-05-07 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12390.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12390 + https://ubuntu.com/security/notices/USN-4353-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-12391 on Ubuntu 20.04 (focal) - medium. + Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 18:15:00 UTC + 2020-05-07 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12391.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12391 + https://ubuntu.com/security/notices/USN-4353-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-12392 on Ubuntu 20.04 (focal) - medium. + The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 18:15:00 UTC + 2020-05-06 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12392.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831 + https://ubuntu.com/security/notices/USN-4353-1 + https://ubuntu.com/security/notices/USN-4373-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12393 on Ubuntu 20.04 (focal) - medium. + The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 17:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12393.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12393 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12393 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12393 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-12394 on Ubuntu 20.04 (focal) - medium. + A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 17:15:00 UTC + 2020-05-07 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12394.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12394 + https://ubuntu.com/security/notices/USN-4353-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-12395 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 17:15:00 UTC + 2020-05-06 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12395.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12395 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12395 + https://ubuntu.com/security/notices/USN-4353-1 + https://ubuntu.com/security/notices/USN-4373-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12396 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 17:15:00 UTC + 2020-05-07 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12396.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12396 + https://ubuntu.com/security/notices/USN-4353-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-12405 on Ubuntu 20.04 (focal) - medium. + When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-06-02 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12405.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12405 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405 + https://ubuntu.com/security/notices/USN-4383-1 + https://ubuntu.com/security/notices/USN-4421-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12406 on Ubuntu 20.04 (focal) - medium. + Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-06-02 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12406.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12406 + https://ubuntu.com/security/notices/USN-4383-1 + https://ubuntu.com/security/notices/USN-4421-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12407 on Ubuntu 20.04 (focal) - medium. + Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-06-02 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12407.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407 + https://ubuntu.com/security/notices/USN-4383-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-12408 on Ubuntu 20.04 (focal) - low. + When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-06-02 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12408.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12408 + https://ubuntu.com/security/notices/USN-4383-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-12409 on Ubuntu 20.04 (focal) - low. + When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-06-02 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12409.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12409 + https://ubuntu.com/security/notices/USN-4383-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-12410 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-06-03 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12410.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12410 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12410 + https://ubuntu.com/security/notices/USN-4383-1 + https://ubuntu.com/security/notices/USN-4421-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12411 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 77. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-06-02 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12411.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411 + https://ubuntu.com/security/notices/USN-4383-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-12413 on Ubuntu 20.04 (focal) - low. + [racoon attack for NSS] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-25 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12413.html + https://raccoon-attack.com/ + + + + mdeslaur> nss doesn't reuse DHE keys, but does reuse ECDHE keys, which is mdeslaur> not problematic for the moment. See page 13 of mdeslaur> https://raccoon-attack.com/RacoonAttack.pdf mdeslaur> and the nss release notes for 3.17: mdeslaur> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes + + + + + + + + + CVE-2020-12415 on Ubuntu 20.04 (focal) - medium. + When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12415.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12415 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-29/#CVE-2020-12415 + https://ubuntu.com/security/notices/USN-4408-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12416 on Ubuntu 20.04 (focal) - medium. + A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12416.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12416 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-29/#CVE-2020-12416 + https://ubuntu.com/security/notices/USN-4408-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12417 on Ubuntu 20.04 (focal) - medium. + Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12417.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417 + https://ubuntu.com/security/notices/USN-4408-1 + https://ubuntu.com/security/notices/USN-4421-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12418 on Ubuntu 20.04 (focal) - medium. + Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12418.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418 + https://ubuntu.com/security/notices/USN-4408-1 + https://ubuntu.com/security/notices/USN-4421-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12419 on Ubuntu 20.04 (focal) - medium. + When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12419.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419 + https://ubuntu.com/security/notices/USN-4408-1 + https://ubuntu.com/security/notices/USN-4421-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12420 on Ubuntu 20.04 (focal) - medium. + When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12420.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420 + https://ubuntu.com/security/notices/USN-4408-1 + https://ubuntu.com/security/notices/USN-4421-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12421 on Ubuntu 20.04 (focal) - medium. + When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12421.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421 + https://ubuntu.com/security/notices/USN-4408-1 + https://ubuntu.com/security/notices/USN-4421-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12422 on Ubuntu 20.04 (focal) - medium. + In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12422.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-29/#CVE-2020-12422 + https://ubuntu.com/security/notices/USN-4408-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12424 on Ubuntu 20.04 (focal) - medium. + When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 14:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12424.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12424 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-29/#CVE-2020-12424 + https://ubuntu.com/security/notices/USN-4408-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12425 on Ubuntu 20.04 (focal) - medium. + Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12425.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12425 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-29/#CVE-2020-12425 + https://ubuntu.com/security/notices/USN-4408-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12426 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-07-01 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12426.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12426 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-29/#CVE-2020-12426 + https://ubuntu.com/security/notices/USN-4408-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-12457 on Ubuntu 20.04 (focal) - low. + An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12457.html + https://github.com/wolfSSL/wolfssl/pull/2927 + https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable + + + + + + + + + + CVE-2020-12460 on Ubuntu 20.04 (focal) - medium. + OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-27 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966464 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12460.html + https://github.com/trusteddomainproject/OpenDMARC/issues/64 + https://sourceforge.net/projects/opendmarc/ + + + + + + + + + + CVE-2020-12474 on Ubuntu 20.04 (focal) - medium. + Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-01 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12474.html + https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474 + + + + + + + + + + CVE-2020-12625 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-04 02:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12625.html + https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0 + https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4 + https://github.com/roundcube/roundcubemail/releases/tag/1.4.4 + + + + + + + + + + CVE-2020-12626 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-04 02:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12626.html + https://github.com/roundcube/roundcubemail/pull/7302 + https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6 + https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4 + https://github.com/roundcube/roundcubemail/releases/tag/1.4.4 + + + + + + + + + + CVE-2020-12640 on Ubuntu 20.04 (focal) - medium. + Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-04 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12640.html + https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794 + https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 + https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4 + https://github.com/roundcube/roundcubemail/releases/tag/1.4.4 + + + + + + + + + + CVE-2020-12641 on Ubuntu 20.04 (focal) - medium. + rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-04 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12641.html + https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3 + https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 + https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4 + https://github.com/roundcube/roundcubemail/releases/tag/1.4.4 + + + + + + + + + + CVE-2020-12648 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-14 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12648.html + https://labs.bishopfox.com/advisories/tinymce-version-5.2.1 + + + + + + + + + + CVE-2020-12658 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-31 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978931 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12658.html + https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003 (v0.8.3) + https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003 + https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3 + https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master + + + + + + + + + + CVE-2020-12662 on Ubuntu 20.04 (focal) - medium. + Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 14:15:00 UTC + 2020-05-19 11:00:00 UTC + Lior Shafir, Yehuda Afek, and Anat Bremler-Barr + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12662.html + https://www.openwall.com/lists/oss-security/2020/05/19/5 + https://ubuntu.com/security/notices/USN-4374-1 + + + + mdeslaur> intrusive backport to xenial + + + + + + + + + CVE-2020-12663 on Ubuntu 20.04 (focal) - low. + Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 14:15:00 UTC + 2020-05-19 11:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12663.html + https://www.openwall.com/lists/oss-security/2020/05/19/5 + https://ubuntu.com/security/notices/USN-4374-1 + + + + mdeslaur> intrusive backport to xenial + + + + + + + + + CVE-2020-12667 on Ubuntu 20.04 (focal) - medium. + Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961076 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12667.html + https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ + http://cyber-security-group.cs.tau.ac.il/# + http://www.openwall.com/lists/oss-security/2020/05/19/2 + https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1.1.html + + + + + + + + + + CVE-2020-12672 on Ubuntu 20.04 (focal) - medium. + GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-06 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12672.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025 + + + + + + + + + + CVE-2020-12689 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 00:15:00 UTC + 2020-05-07 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900 + https://bugs.launchpad.net/keystone/+bug/1872735 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12689.html + https://www.openwall.com/lists/oss-security/2020/05/06/5 + https://ubuntu.com/security/notices/USN-4480-1 + + + + + + + + + + CVE-2020-12690 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 00:15:00 UTC + 2020-05-07 00:15:00 UTC + https://bugs.launchpad.net/keystone/+bug/1873290 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12690.html + https://www.openwall.com/lists/oss-security/2020/05/06/6 + https://ubuntu.com/security/notices/USN-4480-1 + + + + + + + + + + CVE-2020-12691 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 00:15:00 UTC + 2020-05-07 00:15:00 UTC + https://bugs.launchpad.net/keystone/+bug/1872733 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12691.html + https://www.openwall.com/lists/oss-security/2020/05/06/5 + https://ubuntu.com/security/notices/USN-4480-1 + + + + mdeslaur> same fix as CVE-2020-12689 + + + + + + + + + CVE-2020-12692 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 00:15:00 UTC + 2020-05-07 00:15:00 UTC + https://bugs.launchpad.net/keystone/+bug/1872737 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12692.html + https://www.openwall.com/lists/oss-security/2020/05/06/4 + https://ubuntu.com/security/notices/USN-4480-1 + + + + + + + + + + CVE-2020-12693 on Ubuntu 20.04 (focal) - medium. + Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-21 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961406 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12693.html + https://www.schedmd.com/news.php?id=236 + https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html + + + + + + + + + + CVE-2020-12695 on Ubuntu 20.04 (focal) - medium. + The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-08 17:15:00 UTC + 2020-06-08 17:15:00 UTC + pfsmorigo + https://github.com/pupnp/pupnp/pull/181 + https://github.com/pupnp/pupnp/pull/185 + https://github.com/pupnp/pupnp/pull/188 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12695.html + https://w1.fi/security/2020-1/ + https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt + https://www.openwall.com/lists/oss-security/2020/06/08/2 + https://ubuntu.com/security/notices/USN-4494-1 + https://ubuntu.com/security/notices/USN-4722-1 + https://ubuntu.com/security/notices/USN-4734-1 + https://ubuntu.com/security/notices/USN-4734-2 + + + + + + + + + + + + + + + CVE-2020-12740 on Ubuntu 20.04 (focal) - medium. + tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-08 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12740.html + https://github.com/appneta/tcpreplay/issues/576 + + + + + + + + + + CVE-2020-12755 on Ubuntu 20.04 (focal) - low. + fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-09 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12755.html + https://commits.kde.org/kio-extras/d813cef3cecdec9af1532a40d677a203ff979145 + + + + + + + + + + CVE-2020-12761 on Ubuntu 20.04 (focal) - medium. + modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-09 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960192 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12761.html + https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63 + + + + + + + + + + CVE-2020-12797 on Ubuntu 20.04 (focal) - medium. + HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-11 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12797.html + https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md + https://github.com/hashicorp/consul/pull/8047 + https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md + + + + msalvatore> "Introduced in 1.4.0" + + + + + + + + + CVE-2020-12801 on Ubuntu 20.04 (focal) - low. + If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-18 15:15:00 UTC + Tomas Florian + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12801.html + https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801 + + + + + + + + + + CVE-2020-12802 on Ubuntu 20.04 (focal) - low. + LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-08 16:15:00 UTC + Jens Müller + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12802.html + https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802 + + + + + + + + + + CVE-2020-12803 on Ubuntu 20.04 (focal) - low. + ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-08 16:15:00 UTC + Jens Müller + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12803.html + https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803 + + + + + + + + + + CVE-2020-12823 on Ubuntu 20.04 (focal) - medium. + OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-12 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12823.html + https://gitlab.com/openconnect/openconnect/-/merge_requests/108 + https://bugs.gentoo.org/721570 + + + + + + + + + + CVE-2020-12825 on Ubuntu 20.04 (focal) - low. + libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-12 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960527 + https://gitlab.gnome.org/GNOME/libcroco/-/issues/8 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12825.html + + + + + + + + + + + + + CVE-2020-12829 on Ubuntu 20.04 (focal) - medium. + In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-31 15:15:00 UTC + 2020-05-26 00:00:00 UTC + mdeslaur + Ziming Zhang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961451 + https://bugzilla.redhat.com/show_bug.cgi?id=1808510 + https://bugzilla.redhat.com/show_bug.cgi?id=1786026 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12829.html + https://ubuntu.com/security/notices/USN-4467-1 + + + + + + + + + + CVE-2020-12831 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-13 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12831.html + https://bugzilla.redhat.com/show_bug.cgi?id=1830805 + https://github.com/FRRouting/frr/pull/6383 + + + + + + + + + + CVE-2020-12872 on Ubuntu 20.04 (focal) - low. + yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12872.html + https://medium.com/@charlielabs101/cve-2020-12872-df315411aa70 + https://github.com/erlyaws/yaws/blob/c0fd79f17d52628fcec527da7fa3e788c283c445/src/yaws_config.erl#L2068-L2075 + https://github.com/erlyaws/yaws/releases + https://sweet32.info/ + + + + + + + + + + CVE-2020-12888 on Ubuntu 20.04 (focal) - medium. + The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 18:15:00 UTC + 2020-05-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12888.html + https://bugzilla.redhat.com/show_bug.cgi?id=1836244 + http://www.openwall.com/lists/oss-security/2020/05/19/6 + https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/ + https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/ + https://ubuntu.com/security/notices/USN-4525-1 + https://ubuntu.com/security/notices/USN-4526-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-13091 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13091.html + https://github.com/0FuzzingQ/vuln/blob/master/pandas%20unserialize.md + https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.read_pickle.html + + + + + + + + + + CVE-2020-13092 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13092.html + https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md + https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations + + + + + + + + + + CVE-2020-13124 on Ubuntu 20.04 (focal) - medium. + SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13124.html + https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2 + https://github.com/sabnzbd/sabnzbd/commit/dfcba6e2fb37f58fea06b453b1ba258c7f110429 + https://github.com/sabnzbd/sabnzbd/commit/73d3f7b5c248fc369de3454fe53e3e93924ebfe3 + + + + + + + + + + CVE-2020-13131 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13131.html + https://blog.inhq.net/posts/yubico-libykpiv-vuln/ + https://www.yubico.com/products/services-software/download/smart-card-drivers-tools/ + + + + + + + + + + CVE-2020-13132 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13132.html + https://blog.inhq.net/posts/yubico-libykpiv-vuln/ + https://www.yubico.com/support/security-advisories/ysa-2020-02/ + + + + + + + + + + CVE-2020-13164 on Ubuntu 20.04 (focal) - low. + In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13164.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a + https://www.wireshark.org/security/wnpa-sec-2020-08.html + + + + + + + + + + CVE-2020-13170 on Ubuntu 20.04 (focal) - medium. + HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-11 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13170.html + https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md + https://github.com/hashicorp/consul/pull/8068 + https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md + + + + msalvatore> "Introduced in 1.4.0" + + + + + + + + + CVE-2020-13230 on Ubuntu 20.04 (focal) - low. + In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-20 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13230.html + https://github.com/Cacti/cacti/issues/3343 + https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11 + + + + + + + + + + CVE-2020-13231 on Ubuntu 20.04 (focal) - medium. + In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-20 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13231.html + https://github.com/Cacti/cacti/issues/3342 + https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11 + + + + + + + + + + CVE-2020-13249 on Ubuntu 20.04 (focal) - medium. + libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-20 19:15:00 UTC + 2020-05-20 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13249.html + https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 + https://github.com/mariadb-corporation/mariadb-connector-c/compare/v3.1.7...v3.1.8 + https://ubuntu.com/security/notices/USN-4603-1 + + + + + + + + + + CVE-2020-13250 on Ubuntu 20.04 (focal) - medium. + HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-11 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13250.html + https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md + https://github.com/hashicorp/consul/pull/8023 + https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md + + + + msalvatore> "Introduced in 1.2.0" + + + + + + + + + CVE-2020-13295 on Ubuntu 20.04 (focal) - untriaged. + For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13295.html + https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ + https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json + https://gitlab.com/gitlab-org/gitlab/-/issues/209096 + https://hackerone.com/reports/809248 + + + + + + + + + + CVE-2020-13327 on Ubuntu 20.04 (focal) - untriaged. + An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13327.html + + + + + + + + + + CVE-2020-13401 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-02 14:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1833233 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13401.html + http://www.openwall.com/lists/oss-security/2020/06/01/5 + https://docs.docker.com/engine/release-notes/ + https://github.com/docker/docker-ce/releases/tag/v19.03.11 + + + + + + + + + + CVE-2020-13428 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-08 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13428.html + https://github.com/videolan/vlc-3.0/releases/tag/3.0.11 + http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0 + https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c + + + + + + + + + + CVE-2020-13529 on Ubuntu 20.04 (focal) - low. + An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-10 16:15:00 UTC + 2021-05-10 16:15:00 UTC + mdeslaur + Mitchell Frank + https://github.com/systemd/systemd/issues/16774 + https://bugzilla.redhat.com/show_bug.cgi?id=1959398 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13529.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142 + https://ubuntu.com/security/notices/USN-5013-1 + https://ubuntu.com/security/notices/USN-5013-2 + + + + mdeslaur> FORCERENEW was temporarily disabled until proper support for mdeslaur> RFC6704 is in place + + + + + + + + + CVE-2020-13543 on Ubuntu 20.04 (focal) - medium. + A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13543.html + https://webkitgtk.org/security/WSA-2020-0009.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-13558 on Ubuntu 20.04 (focal) - medium. + A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 18:15:00 UTC + 2021-02-15 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13558.html + https://webkitgtk.org/security/WSA-2021-0001.html + https://ubuntu.com/security/notices/USN-4739-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-13574 on Ubuntu 20.04 (focal) - medium. + A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983596 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13574.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185 + + + + + + + + + + CVE-2020-13575 on Ubuntu 20.04 (focal) - medium. + A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983596 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13575.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186 + + + + + + + + + + CVE-2020-13576 on Ubuntu 20.04 (focal) - medium. + A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13576.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187 + + + + + + + + + + CVE-2020-13577 on Ubuntu 20.04 (focal) - medium. + A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13577.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188 + + + + + + + + + + CVE-2020-13578 on Ubuntu 20.04 (focal) - medium. + A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983596 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13578.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189 + + + + + + + + + + CVE-2020-13584 on Ubuntu 20.04 (focal) - medium. + An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13584.html + https://webkitgtk.org/security/WSA-2020-0008.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-13614 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 23:15:00 UTC + https://github.com/axel-download-accelerator/axel/issues/262 + https://github.com/axel-download-accelerator/axel/issues/271 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13614.html + https://github.com/axel-download-accelerator/axel/issues/262 + https://github.com/axel-download-accelerator/axel/releases/tag/v2.17.8 + + + + sbeattie> if addressing this issue, may also want to add wildcard hostname support as described in axel github issue 271 + + + + + + + + + CVE-2020-13628 on Ubuntu 20.04 (focal) - medium. + Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-27 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13628.html + https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/ + + + + + + + + + + CVE-2020-13692 on Ubuntu 20.04 (focal) - medium. + PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-04 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13692.html + https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65 + https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13 + + + + + + + + + + CVE-2020-13696 on Ubuntu 20.04 (focal) - low. + An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-08 17:15:00 UTC + 2020-06-08 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962221 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13696.html + https://www.openwall.com/lists/oss-security/2020/06/04/6 + https://www.openwall.com/lists/oss-security/2020/06/04/6/1 + https://ubuntu.com/security/notices/USN-4518-1 + + + + + + + + + + CVE-2020-13753 on Ubuntu 20.04 (focal) - medium. + The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-14 14:15:00 UTC + 2020-07-13 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13753.html + https://ubuntu.com/security/notices/USN-4422-1 + https://ubuntu.com/security/notices/USN-4648-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-13757 on Ubuntu 20.04 (focal) - medium. + Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-01 19:15:00 UTC + 2020-06-01 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13757.html + https://github.com/sybrenstuvel/python-rsa/issues/146 + https://ubuntu.com/security/notices/USN-4478-1 + + + + + + + + + + CVE-2020-13765 on Ubuntu 20.04 (focal) - medium. + rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-04 16:15:00 UTC + 2020-06-04 16:15:00 UTC + mdeslaur + https://bugs.launchpad.net/qemu/+bug/1844635 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13765.html + https://www.openwall.com/lists/oss-security/2020/06/03/6 + https://ubuntu.com/security/notices/USN-4467-1 + + + + + + + + + + CVE-2020-13775 on Ubuntu 20.04 (focal) - untriaged. + ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-06-02 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962105 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13775.html + https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 + https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001 + + + + + + + + + + CVE-2020-13791 on Ubuntu 20.04 (focal) - low. + hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-04 16:15:00 UTC + Ren Ding, Hanqing Zhao, Yi Ren + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13791.html + https://www.openwall.com/lists/oss-security/2020/06/04/1 + https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00831.html + https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html + + + + mdeslaur> as of 2021-07-08, the proposed fix has not been commited mdeslaur> while the CVE description mentions hw/pci/pci.c, that is mdeslaur> incorrect, the CVE is assigned to the hw/display/ati.c issue, mdeslaur> the patch to hw/pci/pci.c is just a defense in depth fix. + + + + + + + + + CVE-2020-13802 on Ubuntu 20.04 (focal) - medium. + Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-02 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13802.html + http://packetstormsecurity.com/files/159027/Rebar3-3.13.2-Command-Injection.html + + + + + + + + + + CVE-2020-13817 on Ubuntu 20.04 (focal) - low. + ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-04 13:15:00 UTC + http://support.ntp.org/bin/view/Main/NtpBug3596 + https://bugs.ntp.org/show_bug.cgi?id=3596 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13817.html + + + + + + + + + + CVE-2020-13822 on Ubuntu 20.04 (focal) - untriaged. + The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-06-04 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13822.html + https://github.com/indutny/elliptic/issues/226 + https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4 + https://www.npmjs.com/package/elliptic + https://yondon.blog/2019/01/01/how-not-to-use-ecdsa/ + + + + + + + + + + CVE-2020-13844 on Ubuntu 20.04 (focal) - medium. + Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-08 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13844.html + http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html + https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability + https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation + https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions + https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8 + + + + sbeattie> gcc-3.3 only provides libstdc++5 mdeslaur> Fixing this in stable release would likely require rebuilding mdeslaur> the whole archive using the fixed compiler. Deferring CVE for mdeslaur> now until further information is available. sbeattie> fixed upstream in 10.3.0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-13848 on Ubuntu 20.04 (focal) - untriaged. + Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-06-04 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13848.html + https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0 + https://github.com/pupnp/pupnp/issues/177 + + + + + + + + + + CVE-2020-13867 on Ubuntu 20.04 (focal) - medium. + Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-05 18:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962331 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13867.html + https://github.com/open-iscsi/targetcli-fb/pull/172 + + + + + + + + + + CVE-2020-13881 on Ubuntu 20.04 (focal) - low. + In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-06 19:15:00 UTC + 2020-06-06 19:15:00 UTC + Adarsh Pandey + https://github.com/kravietz/pam_tacplus/issues/149 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13881.html + https://www.openwall.com/lists/oss-security/2020/06/08/1 + https://ubuntu.com/security/notices/USN-4521-1 + + + + + + + + + + CVE-2020-13882 on Ubuntu 20.04 (focal) - low. + CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13882.html + https://github.com/CISOfy/lynis/pull/594 + https://github.com/CISOfy/lynis/commit/5b09da0d9878096d45f04b858c4f65e674369ab4 + https://cisofy.com/security/cve/cve-2020-13882/ + + + + + + + + + + CVE-2020-13898 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13898.html + https://github.com/meetecho/janus-gateway/blob/v0.10.0/sdp.c#L120 + https://github.com/meetecho/janus-gateway/blob/v0.10.0/sdp.c#L123 + https://github.com/meetecho/janus-gateway/pull/2214 + https://github.com/merrychap/CVEs/tree/master/CVE-2020-13898 + + + + + + + + + + CVE-2020-13899 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13899.html + https://github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326 + https://github.com/meetecho/janus-gateway/pull/2214 + https://github.com/merrychap/CVEs/tree/master/CVE-2020-13899 + + + + + + + + + + CVE-2020-13900 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13900.html + https://github.com/meetecho/janus-gateway/blob/v0.10.0/sdp.c#L64 + https://github.com/meetecho/janus-gateway/blob/v0.10.0/sdp.c#L74 + https://github.com/meetecho/janus-gateway/pull/2214 + https://github.com/merrychap/CVEs/tree/master/CVE-2020-13900 + + + + + + + + + + CVE-2020-13901 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13901.html + https://github.com/meetecho/janus-gateway/blob/v0.10.0/sdp.c#L1248 + https://github.com/meetecho/janus-gateway/pull/2214 + https://github.com/merrychap/CVEs/tree/master/CVE-2020-13901 + + + + + + + + + + CVE-2020-13920 on Ubuntu 20.04 (focal) - medium. + Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-10 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13920.html + http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt + + + + + + + + + + CVE-2020-13933 on Ubuntu 20.04 (focal) - medium. + Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-17 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13933.html + https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E + + + + + + + + + + CVE-2020-13934 on Ubuntu 20.04 (focal) - medium. + An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-14 15:15:00 UTC + 2020-07-14 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13934.html + https://www.openwall.com/lists/oss-security/2020/07/14/4 + https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E + https://ubuntu.com/security/notices/USN-4596-1 + + + + + + + + + + CVE-2020-13935 on Ubuntu 20.04 (focal) - medium. + The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-14 15:15:00 UTC + 2020-07-14 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13935.html + https://www.openwall.com/lists/oss-security/2020/07/14/3 + https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E + https://ubuntu.com/security/notices/USN-4448-1 + https://ubuntu.com/security/notices/USN-4596-1 + + + + + + + + + + CVE-2020-13936 on Ubuntu 20.04 (focal) - medium. + An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-10 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13936.html + https://www.openwall.com/lists/oss-security/2021/03/10/1 + http://www.openwall.com/lists/oss-security/2021/03/10/1 + https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a%40%3Cuser.velocity.apache.org%3E + https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024bb8dddbda31d9a@%3Cuser.velocity.apache.org%3E + https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf777728d02068ae6@%3Cannounce.apache.org%3E + https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6@%3Ccommits.velocity.apache.org%3E + + + + + + + + + + CVE-2020-13941 on Ubuntu 20.04 (focal) - medium. + Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-17 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13941.html + https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E + + + + + + + + + + CVE-2020-13947 on Ubuntu 20.04 (focal) - medium. + An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13947.html + http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt + + + + + + + + + + CVE-2020-13949 on Ubuntu 20.04 (focal) - low. + In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-12 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13949.html + + + + + + + + + + CVE-2020-13950 on Ubuntu 20.04 (focal) - low. + Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 07:15:00 UTC + 2021-06-10 07:15:00 UTC + mdeslaur + Marc Stern + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13950.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950 + https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.httpd.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/06/10/4 + https://ubuntu.com/security/notices/USN-4994-1 + + + + mdeslaur> need to check if bionic is vulnerable as it is older than 2.4.41 mdeslaur> included in same backport commit as CVE-2019-17567 mdeslaur> looks like it was introduced by: mdeslaur> https://svn.apache.org/viewvc?view=revision&revision=1656259 + + + + + + + + + CVE-2020-13956 on Ubuntu 20.04 (focal) - medium. + Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-02 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13956.html + https://bugzilla.redhat.com/show_bug.cgi?id=1886587 + + + + + + + + + + CVE-2020-13959 on Ubuntu 20.04 (focal) - medium. + The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-10 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13959.html + https://www.openwall.com/lists/oss-security/2021/03/10/2 + http://www.openwall.com/lists/oss-security/2021/03/10/2 + https://lists.apache.org/thread.html/r6802a38c3041059e763a1aadd7b37fe95de75408144b5805e29b84e3%40%3Cuser.velocity.apache.org%3E + https://lists.apache.org/thread.html/r6802a38c3041059e763a1aadd7b37fe95de75408144b5805e29b84e3@%3Cuser.velocity.apache.org%3E + https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb1caea61915d6b6@%3Ccommits.velocity.apache.org%3E + https://lists.apache.org/thread.html/rf9868c564cff7adfd5283563f2309b93b3e496354a211a57503b2f72@%3Cannounce.apache.org%3E + + + + + + + + + + CVE-2020-13962 on Ubuntu 20.04 (focal) - medium. + Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 00:15:00 UTC + https://bugreports.qt.io/browse/QTBUG-83450 + https://github.com/mumble-voip/mumble/issues/3679 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13962.html + https://github.com/mumble-voip/mumble/pull/4032 + + + + + + + + + + CVE-2020-13964 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13964.html + https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19 + https://github.com/roundcube/roundcubemail/releases/tag/1.3.12 + https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12 + + + + + + + + + + CVE-2020-13965 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13965.html + https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3 + https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5 + https://github.com/roundcube/roundcubemail/releases/tag/1.3.12 + https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12 + + + + + + + + + + CVE-2020-13977 on Ubuntu 20.04 (focal) - medium. + Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13977.html + https://anhtai.me/nagios-core-4-4-5-url-injection/ + https://github.com/sawolf/nagioscore/tree/url-injection-fix + https://www.nagios.org/projects/nagios-core/history/4x/ + + + + + + + + + + CVE-2020-13987 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 22:15:00 UTC + Jos Wetzels, Stanislav Dashevskyi, and Amine Amri + 2020-12-01 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13987.html + https://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp + https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/ + + + + sbeattie> aka FSCT-2020-0009 sbeattie> issue in embedded copy of uIP mdeslaur> per upstream "iscsiuio only uses uip for network "services", mdeslaur> such as DHCP, ARP, etc, and not for normal TCP/IP mdeslaur> communications" + + + + + + + + + CVE-2020-13988 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 22:15:00 UTC + Jos Wetzels, Stanislav Dashevskyi, Amine Amri + 2020-12-01 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13988.html + https://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp + https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/ + + + + sbeattie> aka FSCT-2020-0008 sbeattie> issue in embedded copy of uIP mdeslaur> per upstream "iscsiuio only uses uip for network "services", mdeslaur> such as DHCP, ARP, etc, and not for normal TCP/IP mdeslaur> communications" + + + + + + + + + CVE-2020-13999 on Ubuntu 20.04 (focal) - medium. + ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13999.html + http://libemf.sourceforge.net/index.html + https://sourceforge.net/p/libemf/code/HEAD/tree/ + https://sourceforge.net/p/libemf/news/2020/06/release-of-libemf-1013/ + https://sourceforge.net/projects/libemf/ + + + + + + + + + + CVE-2020-14001 on Ubuntu 20.04 (focal) - medium. + The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum. It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-17 16:15:00 UTC + 2020-07-17 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965305 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14001.html + https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde + https://github.com/gettalong/kramdown + https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0 + https://kramdown.gettalong.org + https://kramdown.gettalong.org/news.html + https://rubygems.org/gems/kramdown + https://ubuntu.com/security/notices/USN-4562-1 + https://ubuntu.com/security/notices/USN-4562-2 + + + + + + + + + + CVE-2020-14002 on Ubuntu 20.04 (focal) - medium. + PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-29 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14002.html + https://lists.tartarus.org/pipermail/putty-announce/ + https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html + https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ + + + + + + + + + + CVE-2020-14004 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-12 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14004.html + https://www.openwall.com/lists/oss-security/2020/06/12/1 + https://bugzilla.suse.com/show_bug.cgi?id=1172171 + https://github.com/Icinga/icinga2/commit/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6 + http://www.openwall.com/lists/oss-security/2020/06/12/1 + https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-14004 + https://github.com/Icinga/icinga2/compare/v2.12.0-rc1...master + https://github.com/Icinga/icinga2/pull/8045/commits/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6 + https://github.com/Icinga/icinga2/releases + + + + + + + + + + CVE-2020-14019 on Ubuntu 20.04 (focal) - medium. + Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-19 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14019.html + https://github.com/open-iscsi/rtslib-fb/pull/162 + + + + mdeslaur> introduced in 2.1.70 + + + + + + + + + CVE-2020-14033 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14033.html + https://github.com/meetecho/janus-gateway/pull/2229 + https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80 + https://github.com/meetecho/janus-gateway/blob/v0.10.0/plugins/janus_streaming.c#L6117 + https://github.com/meetecho/janus-gateway/blob/v0.10.0/plugins/janus_streaming.c#L6166 + + + + + + + + + + CVE-2020-14034 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14034.html + https://github.com/meetecho/janus-gateway/pull/2229 + https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80 + https://github.com/meetecho/janus-gateway/blob/v0.10.0/utils.c#L381 + https://github.com/meetecho/janus-gateway/blob/v0.10.0/utils.c#L401 + + + + + + + + + + CVE-2020-14060 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-14 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14060.html + https://github.com/FasterXML/jackson-databind/issues/2688 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-14061 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-14 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14061.html + https://github.com/FasterXML/jackson-databind/issues/2698 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-14062 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-14 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14062.html + https://github.com/FasterXML/jackson-databind/issues/2704 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-14145 on Ubuntu 20.04 (focal) - low. + The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-29 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14145.html + https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ + https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf + https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 + + + + seth-arnold> openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. mdeslaur> Per the advisory, "The developers of OpenSSH are not planning to mdeslaur> change the behavior of OpenSSH regarding this issue" mdeslaur> We will not be releasing updates for Ubuntu for this issue. mdeslaur> mdeslaur> On 2020-12-02, it was announced that a partial mitigation has mdeslaur> been commited by OpenSSH developers: mdeslaur> https://www.openwall.com/lists/oss-security/2020/12/02/1 sbeattie> partial mitigation landed in openssh 8.4p1 + + + + + + + + + + + + CVE-2020-14147 on Ubuntu 20.04 (focal) - medium. + An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14147.html + https://github.com/antirez/redis/pull/6875 + https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571 + + + + + + + + + + CVE-2020-14148 on Ubuntu 20.04 (focal) - medium. + The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14148.html + https://github.com/ngircd/ngircd/issues/274 + https://github.com/ngircd/ngircd/issues/277 + https://github.com/ngircd/ngircd/pull/275 + https://github.com/ngircd/ngircd/pull/276 + https://github.com/ngircd/ngircd/releases/tag/rel-26-rc2 + + + + + + + + + + CVE-2020-14150 on Ubuntu 20.04 (focal) - low. + GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 17:15:00 UTC + https://bugs.gentoo.org/717936 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14150.html + https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html + + + + + + + + + + CVE-2020-14152 on Ubuntu 20.04 (focal) - low. + In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 17:15:00 UTC + https://bugs.gentoo.org/727908 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14152.html + http://www.ijg.org/files/jpegsrc.v9d.tar.gz + + + + mdeslaur> looks like this was fixed a long time ago in libjpeg-turbo + + + + + + + + + + + + + CVE-2020-14153 on Ubuntu 20.04 (focal) - low. + In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 17:15:00 UTC + https://bugs.gentoo.org/727908 + https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14153.html + http://www.ijg.org/files/jpegsrc.v9d.tar.gz + + + + mdeslaur> patch in libjpeg9 9d appears to be: mdeslaur>- entropy->ac_cur_tbls[blkn] = entropy->ac_derived_tbls[compptr->ac_tbl_no]; mdeslaur>+ entropy->ac_cur_tbls[blkn] = /* AC needs no table when not present */ mdeslaur>+ cinfo->lim_Se ? entropy->ac_derived_tbls[compptr->ac_tbl_no] : NULL; mdeslaur> mdeslaur> per upstream libjpeg-turbo bug, libjpeg-turbo is not vulnerable mdeslaur> to this issue + + + + + + + + + + + + CVE-2020-14155 on Ubuntu 20.04 (focal) - negligible. + libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 17:15:00 UTC + https://bugs.gentoo.org/717920 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14155.html + https://www.pcre.org/original/changelog.txt + + + + + + + + + + CVE-2020-14195 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-16 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14195.html + https://github.com/FasterXML/jackson-databind/issues/2765 + https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259 + + + + + + + + + + CVE-2020-14196 on Ubuntu 20.04 (focal) - low. + In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14196.html + https://www.openwall.com/lists/oss-security/2020/07/01/1 + https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html + + + + + + + + + + CVE-2020-14212 on Ubuntu 20.04 (focal) - medium. + FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-16 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14212.html + https://trac.ffmpeg.org/ticket/8716 + https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463 + + + + + + + + + + CVE-2020-14295 on Ubuntu 20.04 (focal) - medium. + A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14295.html + https://github.com/Cacti/cacti/issues/3622 + + + + + + + + + + CVE-2020-14304 on Ubuntu 20.04 (focal) - low. + A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702 + https://bugzilla.redhat.com/show_bug.cgi?id=1847539 + https://bugzilla.suse.com/show_bug.cgi?id=1173327 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14304.html + https://lore.kernel.org/netdev/20200517172053.GA734488@decadent.org.uk/T/ + + + + sbeattie| no progress as of 2020.10.26, debian bug had a proposed patch that was shown to be not correct. sbeattie> Looks to affect Mellanox driver? sbeattie| Requires root privileges, and does not allow attacker to target specific memory. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14314 on Ubuntu 20.04 (focal) - medium. + A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 20:15:00 UTC + 2020-09-15 20:15:00 UTC + Jay Shin + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14314.html + https://bugzilla.redhat.com/show_bug.cgi?id=1853922 + https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com/T/#u + https://ubuntu.com/security/notices/USN-4579-1 + https://ubuntu.com/security/notices/USN-4578-1 + https://ubuntu.com/security/notices/USN-4576-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14315 on Ubuntu 20.04 (focal) - medium. + A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964796 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14315.html + https://www.openwall.com/lists/oss-security/2020/07/09/2 + https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc + + + + + + + + + + CVE-2020-14326 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14326.html + https://bugzilla.redhat.com/show_bug.cgi?id=1855826 + https://issues.redhat.com/browse/RESTEASY-2643 + + + + + + + + + + + + + CVE-2020-14330 on Ubuntu 20.04 (focal) - medium. + An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-11 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14330.html + https://github.com/ansible/ansible/issues/68400 + https://github.com/ansible/ansible/pull/69653 + https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e + + + + + + + + + + CVE-2020-14332 on Ubuntu 20.04 (focal) - low. + A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-11 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14332.html + https://bugzilla.redhat.com/show_bug.cgi?id=1857805 + + + + + + + + + + CVE-2020-14340 on Ubuntu 20.04 (focal) - untriaged. + A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14340.html + + + + + + + + + + CVE-2020-14342 on Ubuntu 20.04 (focal) - low. + It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-09 12:15:00 UTC + Aurélien Aptel + https://bugzilla.samba.org/show_bug.cgi?id=14442 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14342.html + https://lists.samba.org/archive/samba-technical/2020-September/135747.html + + + + + + + + + + CVE-2020-14350 on Ubuntu 20.04 (focal) - medium. + It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-24 13:15:00 UTC + 2020-08-17 00:00:00 UTC + mdeslaur + Andres Freund + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14350.html + https://www.postgresql.org/about/news/2060/ + https://ubuntu.com/security/notices/USN-4472-1 + + + + leosilva> Since we don't have how to give support for postgresql-9.1 leosilva> that is end of life in upstream, marking as ignored to leosilva> precise. leosilva> since 9.3 has no long upstream support leosilva> and so far we have no ways to patch it leosilva> deferred it for -esm-main releases. + + + + + + + + + CVE-2020-14351 on Ubuntu 20.04 (focal) - low. + A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + 2020-09-25 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14351.html + https://lore.kernel.org/lkml/20200910104153.1672460-1-jolsa@kernel.org/ + https://lore.kernel.org/lkml/20200916115311.GE2301783@krava/ + https://ubuntu.com/security/notices/USN-4657-1 + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4659-1 + https://ubuntu.com/security/notices/USN-4660-1 + https://ubuntu.com/security/notices/USN-4912-1 + + + + sbeattie| access to the perf subsystem is restricted via either the CAP_PERFMON or CAP_SYS_ADMIN capabilities, or through loosened settings of the kernel.perf_event_paranoid sysctl. See https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html for more details. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14355 on Ubuntu 20.04 (focal) - medium. + Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-07 15:15:00 UTC + 2020-10-06 12:00:00 UTC + mdeslaur + Frediano Ziglio + 2020-10-06 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14355.html + https://ubuntu.com/security/notices/USN-4572-1 + https://ubuntu.com/security/notices/USN-4572-2 + + + + + + + + + + + + + CVE-2020-14365 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14365.html + https://bugzilla.redhat.com/show_bug.cgi?id=1869154 + + + + + + + + + + CVE-2020-14367 on Ubuntu 20.04 (focal) - medium. + A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-24 15:15:00 UTC + 2020-08-24 15:15:00 UTC + leosilva + https://bugzilla.redhat.com/show_bug.cgi?id=1870298 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14367.html + https://ubuntu.com/security/notices/USN-4475-1 + + + + + + + + + + CVE-2020-14372 on Ubuntu 20.04 (focal) - medium. + A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged users to load crafted ACPI tables when secure boot is enabled. An attacker could use this to bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 17:15:00 UTC + 2021-03-02 18:00:00 UTC + Máté Kukri + 2021-03-02 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14372.html + https://ubuntu.com/security/notices/USN-4992-1 + + + + amurray| CVE title: "grub2: acpi command allows privileged user to load crafted ACPI tables when secure boot is enabled" sbeattie| grub2-unsigned will contain fixes and supersede grub2, which will contain only BIOS grub bits. + + + + + + + + + + + + CVE-2020-14385 on Ubuntu 20.04 (focal) - low. + A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. David Alan Gilbert discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation in some circumstances. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 22:15:00 UTC + 2020-09-15 22:15:00 UTC + David Alan Gilbert + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14385.html + https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933 + https://ubuntu.com/security/notices/USN-4576-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14390 on Ubuntu 20.04 (focal) - low. + A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-18 18:15:00 UTC + 2020-09-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14390.html + https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489 + https://www.openwall.com/lists/oss-security/2020/09/15/2 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50145474f6ef4a9c19205b173da6264a644c7489 + https://seclists.org/oss-sec/2020/q3/174 + https://ubuntu.com/security/notices/USN-4657-1 + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4660-1 + https://ubuntu.com/security/notices/USN-4912-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14393 on Ubuntu 20.04 (focal) - low. + A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14393.html + https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643 + + + + + + + + + + CVE-2020-14394 on Ubuntu 20.04 (focal) - low. + infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-21 00:00:00 UTC + Gaoning Pan, Xingwei Li + https://bugzilla.redhat.com/show_bug.cgi?id=1908004 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14394.html + + + + mdeslaur> as of 2021-07-08, no details on this issue or a fix mdeslaur> impact is limited, a privileged guest user can only use this mdeslaur> issue to perform a denial of service to their own instance + + + + + + + + + CVE-2020-14396 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14396.html + https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553 + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + + + + + + + + + + + + + + CVE-2020-14397 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14397.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + https://ubuntu.com/security/notices/USN-4573-1 + + + + + + + + + + + + + + + CVE-2020-14398 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14398.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + + + + + + + + + + + + + + CVE-2020-14399 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14399.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + + + + + + + + + + + + + + CVE-2020-14400 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14400.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + + + + + + + + + + + + + + CVE-2020-14401 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14401.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + + + + + + + + + + + + + + CVE-2020-14402 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14402.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + https://ubuntu.com/security/notices/USN-4573-1 + + + + + + + + + + + + + + + CVE-2020-14403 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14403.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + https://ubuntu.com/security/notices/USN-4573-1 + + + + mdeslaur> same commit as CVE-2020-14402 + + + + + + + + + + + + + + CVE-2020-14404 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14404.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + https://ubuntu.com/security/notices/USN-4573-1 + + + + mdeslaur> same commit as CVE-2020-14402 + + + + + + + + + + + + + + CVE-2020-14405 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 16:15:00 UTC + 2020-06-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14405.html + https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 + https://ubuntu.com/security/notices/USN-4434-1 + + + + + + + + + + + + + + CVE-2020-14409 on Ubuntu 20.04 (focal) - medium. + SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-19 20:15:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=5200 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14409.html + + + + mdeslaur> for libsdl1.2, this was fixed by CVE-2019-7637 + + + + + + + + + CVE-2020-14410 on Ubuntu 20.04 (focal) - medium. + SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-19 20:15:00 UTC + https://bugzilla.libsdl.org/show_bug.cgi?id=5200 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14410.html + + + + mdeslaur> same commit as CVE-2020-14409 mdeslaur> for libsdl1.2, this was fixed by CVE-2019-7637 + + + + + + + + + CVE-2020-14422 on Ubuntu 20.04 (focal) - low. + Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 14:15:00 UTC + 2020-06-18 14:15:00 UTC + leosilva + https://bugs.python.org/issue41004 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14422.html + https://github.com/python/cpython/pull/20956 + https://ubuntu.com/security/notices/USN-4428-1 + + + + + + + + + + + + + CVE-2020-14539 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14539.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14540 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14540.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14547 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14547.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14550 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14550.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14553 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14553.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14556 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-14 + 2020-07-14 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14556 + https://bugs.openjdk.java.net/browse/JDK-8249677 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14556.html + https://ubuntu.com/security/notices/USN-4433-1 + https://ubuntu.com/security/notices/USN-4453-1 + + + + sbeattie> fix for openjdk-8 introduced a regression + + + + + + + + + + + + + + CVE-2020-14559 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14559.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14562 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-14 + 2020-07-14 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14562.html + https://ubuntu.com/security/notices/USN-4433-1 + + + + + + + + + + + + + + CVE-2020-14567 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14567.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14568 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14568.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14573 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-14 + 2020-07-14 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14573.html + https://ubuntu.com/security/notices/USN-4433-1 + + + + + + + + + + + + + + CVE-2020-14575 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14575.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14576 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14576.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14577 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-14 + 2020-07-14 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14577.html + https://ubuntu.com/security/notices/USN-4433-1 + https://ubuntu.com/security/notices/USN-4453-1 + + + + + + + + + + + + + + + CVE-2020-14581 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-14 + 2020-07-14 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14581.html + https://ubuntu.com/security/notices/USN-4433-1 + https://ubuntu.com/security/notices/USN-4453-1 + + + + + + + + + + + + + + + CVE-2020-14583 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-14 + 2020-07-14 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14583.html + https://ubuntu.com/security/notices/USN-4433-1 + https://ubuntu.com/security/notices/USN-4453-1 + + + + + + + + + + + + + + + CVE-2020-14586 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14586.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14591 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14591.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14593 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-14 + 2020-07-14 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14593.html + https://ubuntu.com/security/notices/USN-4433-1 + https://ubuntu.com/security/notices/USN-4453-1 + + + + + + + + + + + + + + + CVE-2020-14597 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14597.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14619 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14619.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14620 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14620.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14621 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-14 + 2020-07-14 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14621.html + https://ubuntu.com/security/notices/USN-4433-1 + https://ubuntu.com/security/notices/USN-4453-1 + + + + + + + + + + + + + + + CVE-2020-14623 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14623.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14624 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14624.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14628 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14628 is applicable to Windows VM only. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14628.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14629 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14629.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14631 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14631.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14632 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14632.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14633 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14633.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14634 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14634.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14641 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14641.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14643 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14643.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14646 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14646.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14647 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14647.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14648 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14648.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14649 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14649.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14650 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14650.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14651 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14651.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14654 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14654.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14656 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14656.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14663 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14663.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14672 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14672.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14673 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14673.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14674 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14674.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14675 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14675.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14676 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14676.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14677 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14677.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14678 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14678.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14680 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14680.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14694 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14694.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14695 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14695.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14697 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14697.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14698 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14698.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14699 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14699.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14700 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14700.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14702 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14702.html + https://www.oracle.com/security-alerts/cpujul2020.html + https://ubuntu.com/security/notices/USN-4441-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2020-14703 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14703.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14704 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14704.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14707 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14707.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14711 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14711 is applicable to macOS host only. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14711.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14712 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14712.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14713 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14713.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14714 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14714.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14715 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14715.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + + + + + + + CVE-2020-14725 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-24 20:15:00 UTC + Yaoguang Chen + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14725.html + https://www.oracle.com/security-alerts/cpujul2020.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. sbeattie> 8.x only + + + + + + + + + + + + CVE-2020-14760 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14760.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 5.7 only + + + + + + + + + + + + CVE-2020-14765 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14765.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14769 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14769.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14771 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14771.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14773 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14773.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.0 only + + + + + + + + + + + + CVE-2020-14775 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14775.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14776 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14776.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14777 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14777.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14779 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14779.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4607-1 + https://ubuntu.com/security/notices/USN-4607-2 + + + + + + + + + + + + + + + + CVE-2020-14781 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14781.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4607-1 + https://ubuntu.com/security/notices/USN-4607-2 + + + + + + + + + + + + + + + + CVE-2020-14782 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14782.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4607-1 + https://ubuntu.com/security/notices/USN-4607-2 + + + + + + + + + + + + + + + + CVE-2020-14785 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14785.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14786 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14786.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14789 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14789.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14790 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14790.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14791 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14791.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14792 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14792.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4607-1 + https://ubuntu.com/security/notices/USN-4607-2 + + + + + + + + + + + + + + + + CVE-2020-14793 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14793.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14794 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14794.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14796 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14796.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4607-1 + https://ubuntu.com/security/notices/USN-4607-2 + + + + + + + + + + + + + + + + CVE-2020-14797 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14797.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4607-1 + https://ubuntu.com/security/notices/USN-4607-2 + + + + + + + + + + + + + + + + CVE-2020-14798 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14798.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4607-1 + https://ubuntu.com/security/notices/USN-4607-2 + + + + + + + + + + + + + + + + CVE-2020-14799 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14799.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14800 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14800.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14803 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14803.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4607-1 + https://ubuntu.com/security/notices/USN-4607-2 + + + + + + + + + + + + + + + + CVE-2020-14804 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14804.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14809 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14809.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14812 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14812.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14814 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14814.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14821 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14821.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14827 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14827.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14828 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14828.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14829 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14829.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14830 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14830.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14836 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14836.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14837 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14837.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14838 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14838.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14839 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14839.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14844 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14844.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14845 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14845.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14846 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14846.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14848 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14848.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14852 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14852.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14853 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14853.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14860 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14860.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14861 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14861.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14866 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14866.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14867 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14867.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14868 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14868.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14869 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14869.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14870 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14870.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14872 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14872.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + + + + + + + + CVE-2020-14873 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14873.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14878 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14878.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14881 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14881.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + + + + + + + + CVE-2020-14884 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14884.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + + + + + + + + CVE-2020-14885 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14885.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + + + + + + + + CVE-2020-14886 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14886.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + + + + + + + + CVE-2020-14888 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14888.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14889 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14889.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + + + + + + + + CVE-2020-14891 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14891.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14892 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14892.html + https://www.oracle.com/security-alerts/cpuoct2020.html + + + + + + + + + + CVE-2020-14893 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 15:15:00 UTC + 2020-10-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14893.html + https://www.oracle.com/security-alerts/cpuoct2020.html + https://ubuntu.com/security/notices/USN-4604-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-14929 on Ubuntu 20.04 (focal) - medium. + Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-19 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963179 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14929.html + http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html + https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab + + + + + + + + + + CVE-2020-14938 on Ubuntu 20.04 (focal) - low. + An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-23 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14938.html + https://bugs.freedroid.org/b/issue951 + https://logicaltrust.net/blog/2020/02/freedroid.html + + + + + + + + + + CVE-2020-14939 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-23 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14939.html + https://bugs.freedroid.org/b/issue953 + https://logicaltrust.net/blog/2020/02/freedroid.html + + + + + + + + + + CVE-2020-14940 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-23 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14940.html + https://logicaltrust.net/blog/2020/06/tuxguitar.html + https://sourceforge.net/p/tuxguitar/bugs/126/ + + + + + + + + + + CVE-2020-14947 on Ubuntu 20.04 (focal) - low. + OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-30 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14947.html + + + + sbeattie> OCS Inventory should only be run in a trusted environment. + + + + + + + + + CVE-2020-14954 on Ubuntu 20.04 (focal) - medium. + Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-21 17:15:00 UTC + 2020-06-21 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14954.html + https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4 + https://gitlab.com/muttmua/mutt/-/issues/248 + https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc + http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html + http://www.mutt.org/ + https://github.com/neomutt/neomutt/releases/tag/20200619 + https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4 + https://ubuntu.com/security/notices/USN-4403-1 + + + + + + + + + + + + + CVE-2020-14983 on Ubuntu 20.04 (focal) - medium. + The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14983.html + https://github.com/chocolate-doom/chocolate-doom/issues/1293 + + + + + + + + + + + + + CVE-2020-15005 on Ubuntu 20.04 (focal) - medium. + In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-24 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15005.html + https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html + https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_31/RELEASE-NOTES-1.31 + https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_33/RELEASE-NOTES-1.33 + https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_34/RELEASE-NOTES-1.34 + https://phabricator.wikimedia.org/T248947 + + + + + + + + + + CVE-2020-15011 on Ubuntu 20.04 (focal) - medium. + GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-24 12:15:00 UTC + 2020-06-24 12:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15011.html + https://bugs.launchpad.net/mailman/+bug/1877379 + https://ubuntu.com/security/notices/USN-4406-1 + + + + + + + + + + CVE-2020-15025 on Ubuntu 20.04 (focal) - medium. + ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-24 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15025.html + https://support.ntp.org/bin/view/Main/NtpBug3661 + https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea + https://bugs.ntp.org/show_bug.cgi?id=3661 + https://bugs.gentoo.org/729458 + + + + + + + + + + CVE-2020-15047 on Ubuntu 20.04 (focal) - medium. + MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-25 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15047.html + https://bugs.kde.org/show_bug.cgi?id=423453 + https://gerrit.vesnicky.cesnet.cz/r/1035 + + + + + + + + + + CVE-2020-15078 on Ubuntu 20.04 (focal) - medium. + OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-26 14:15:00 UTC + 2021-04-26 14:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987380 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15078.html + https://community.openvpn.net/openvpn/wiki/CVE-2020-15078 + https://ubuntu.com/security/notices/USN-4933-1 + + + + + + + + + + CVE-2020-15094 on Ubuntu 20.04 (focal) - medium. + In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-02 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15094.html + https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r + https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78 + https://packagist.org/packages/symfony/http-kernel + https://packagist.org/packages/symfony/symfony + + + + + + + + + + CVE-2020-15095 on Ubuntu 20.04 (focal) - low. + Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-07 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15095.html + https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07 + https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc + https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp + + + + + + + + + + CVE-2020-15103 on Ubuntu 20.04 (focal) - medium. + In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-27 18:15:00 UTC + 2020-07-27 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965979 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15103.html + https://github.com/FreeRDP/FreeRDP/pull/6381 + https://ubuntu.com/security/notices/USN-4481-1 + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-15106 on Ubuntu 20.04 (focal) - medium. + In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-05 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15106.html + https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 + + + + + + + + + + CVE-2020-15112 on Ubuntu 20.04 (focal) - medium. + In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-05 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15112.html + https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 + + + + + + + + + + CVE-2020-15113 on Ubuntu 20.04 (focal) - medium. + In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-05 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15113.html + https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 + + + + + + + + + + CVE-2020-15114 on Ubuntu 20.04 (focal) - medium. + In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-06 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15114.html + https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 + + + + + + + + + + CVE-2020-15115 on Ubuntu 20.04 (focal) - low. + etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15115.html + https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh + + + + + + + + + + CVE-2020-15121 on Ubuntu 20.04 (focal) - medium. + In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-20 18:15:00 UTC + https://bugs.launchpad.net/bugs/1888338 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15121.html + https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 + https://github.com/radareorg/radare2/issues/16945 + https://github.com/radareorg/radare2/pull/16966 + + + + + + + + + + CVE-2020-15133 on Ubuntu 20.04 (focal) - medium. + In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `wss:` connection made using this library is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. For further background information on this issue, please see the referenced GitHub Advisory. Upgrading `faye-websocket` to v0.11.0 is recommended. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-31 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967061 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15133.html + https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv + https://github.com/faye/faye-websocket-ruby/pull/129 + https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ + + + + + + + + + + CVE-2020-15134 on Ubuntu 20.04 (focal) - medium. + Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `https:` or `wss:` connection made using these libraries is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. The first request a Faye client makes is always sent via normal HTTP, but later messages may be sent via WebSocket. Therefore it is vulnerable to the same problem that these underlying libraries are, and we needed both libraries to support TLS verification before Faye could claim to do the same. Your client would still be insecure if its initial HTTPS request was verified, but later WebSocket connections were not. This is fixed in Faye v1.4.0, which enables verification by default. For further background information on this issue, please see the referenced GitHub Advisory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-31 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967063 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15134.html + https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9 + https://github.com/faye/faye/issues/524 + https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ + + + + + + + + + + CVE-2020-15136 on Ubuntu 20.04 (focal) - medium. + In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-06 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15136.html + https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md + https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q + + + + + + + + + + CVE-2020-15138 on Ubuntu 20.04 (focal) - medium. + Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-07 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15138.html + https://github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c + https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9 + https://prismjs.com/plugins/previewers/#disabling-a-previewer + + + + + + + + + + CVE-2020-15166 on Ubuntu 20.04 (focal) - medium. + In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3. It was discovered that ZeroMQ mishandled certain network traffic. An unauthenticated attacker could use this vulnerability to cause a denial-of-service and prevent legitimate clients from communicating with ZeroMQ. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15166.html + https://www.openwall.com/lists/oss-security/2020/09/07/3 + https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m + https://github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09 + + + + + + + + + + CVE-2020-15167 on Ubuntu 20.04 (focal) - medium. + In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-02 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15167.html + https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw + + + + + + + + + + CVE-2020-15168 on Ubuntu 20.04 (focal) - low. + node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-10 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15168.html + https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r + https://www.npmjs.com/package/node-fetch + + + + + + + + + + CVE-2020-15169 on Ubuntu 20.04 (focal) - medium. + In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-11 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15169.html + https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml + https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc?pli=1 + https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2020-15180 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 20:15:00 UTC + 2021-10-12 + https://bugs.launchpad.net/ubuntu/+source/mariadb-10.3/+bug/1899500 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15180.html + https://mariadb.com/kb/en/security/ + https://ubuntu.com/security/notices/USN-4603-1 + + + + + + + + + + CVE-2020-15225 on Ubuntu 20.04 (focal) - medium. + django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a `MaxValueValidator` with a a default `limit_value` of 1e50 to the form field used by `NumberFilter` instances. In addition, `NumberFilter` implements the new `get_max_validator()` which should return a configured validator instance to customise the limit, or else `None` to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15225.html + https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973 + https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b + https://pypi.org/project/django-filter/ + https://github.com/carltongibson/django-filter/releases/tag/2.4.0 + + + + + + + + + + CVE-2020-15240 on Ubuntu 20.04 (focal) - medium. + omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-21 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15240.html + https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm + https://github.com/auth0/omniauth-auth0/commit/fd3a14f4ccdfbc515d1121d6378ff88bf55a7a7a + https://rubygems.org/gems/omniauth-auth0 + + + + + + + + + + CVE-2020-15250 on Ubuntu 20.04 (focal) - medium. + In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-12 18:15:00 UTC + 2020-10-12 18:15:00 UTC + pfsmorigo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972231 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15250.html + https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp + https://github.com/junit-team/junit4/blob/7852b90cfe1cea1e0cdaa19d490c83f0d8684b50/doc/ReleaseNotes4.13.1.md + https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae + https://github.com/junit-team/junit4/issues/1676 + https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html + https://lists.apache.org/thread.html/r500517c23200fb2fdb0b82770a62dd6c88b3521cfb01cfd0c76e3f8b@%3Cdev.creadur.apache.org%3E + https://lists.apache.org/thread.html/r5f8841507576f595bb783ccec6a7cb285ea90d4e6f5043eae0e61a41@%3Cdev.creadur.apache.org%3E + https://lists.apache.org/thread.html/r717877028482c55acf604d7a0106af4ca05da4208c708fb157b53672@%3Ccommits.creadur.apache.org%3E + https://lists.apache.org/thread.html/r95f8ef60c4b3a5284b647bb3132cda08e6fadad888a66b84f49da0b0@%3Ccommits.creadur.apache.org%3E + https://lists.apache.org/thread.html/rb2771949c676ca984e58a5cd5ca79c2634dee1945e0406e48e0f8457@%3Cdev.creadur.apache.org%3E + https://lists.apache.org/thread.html/rbaec90e699bc7c7bd9a053f76707a36fda48b6d558f31dc79147dbf9@%3Cdev.creadur.apache.org%3E + https://lists.apache.org/thread.html/rc49cf1547ef6cac1be4b3c92339b2cae0acacf5acaba13cfa429a872@%3Cdev.creadur.apache.org%3E + https://lists.apache.org/thread.html/rde385b8b53ed046600ef68dd6b4528dea7566aaddb02c3e702cc28bc@%3Ccommits.creadur.apache.org%3E + https://ubuntu.com/security/notices/USN-4731-1 + + + + + + + + + + CVE-2020-15251 on Ubuntu 20.04 (focal) - medium. + In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2 includes 1.0.3 of channelmgnt, and thus is safe from this vulnerability. See referenced GHSA-23pc-4339-95vg. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-13 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15251.html + https://github.com/MirahezeBots/sopel-channelmgnt/pull/3 + https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5 + https://phab.bots.miraheze.wiki/T117 + https://pypi.org/project/sopel-plugins.channelmgnt/ + + + + + + + + + + CVE-2020-15254 on Ubuntu 20.04 (focal) - medium. + Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-10-22 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15254.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15254 + https://ubuntu.com/security/notices/USN-4599-1 + https://ubuntu.com/security/notices/USN-4599-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-15256 on Ubuntu 20.04 (focal) - low. + A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-19 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15256.html + https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w + https://github.com/mariocasciaro/object-path/commit/2be3354c6c46215c7635eb1b76d80f1319403c68 + + + + + + + + + + CVE-2020-15309 on Ubuntu 20.04 (focal) - low. + An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15309.html + https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable + + + + + + + + + + CVE-2020-15365 on Ubuntu 20.04 (focal) - medium. + LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-28 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15365.html + https://github.com/LibRaw/LibRaw/issues/301 + https://github.com/LibRaw/LibRaw/commit/55f0a0c08974b8b79ebfa7762b555a1704b25fb2 + https://github.com/LibRaw/LibRaw/compare/0.20-Beta2...0.20-Beta3 + + + + + + + + + + + + + + + + CVE-2020-15366 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15366.html + https://github.com/ajv-validator/ajv/releases/tag/v6.12.3 + https://github.com/ajv-validator/ajv/tags + https://hackerone.com/bugs?subject=user&report_id=894259 + + + + + + + + + + CVE-2020-15389 on Ubuntu 20.04 (focal) - low. + jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-29 21:15:00 UTC + 2020-06-29 21:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965220 + https://github.com/uclouvain/openjpeg/issues/1261 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15389.html + https://pastebin.com/4sDKQ7U8 + https://ubuntu.com/security/notices/USN-4685-1 + + + + mdeslaur> per upstream bug, this is a read after free, so likely limited mdeslaur> to a denial of service. + + + + + + + + + CVE-2020-15395 on Ubuntu 20.04 (focal) - medium. + In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-30 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15395.html + https://mediaarea.net/en/MediaInfo + https://sourceforge.net/p/mediainfo/bugs/1127/ + + + + + + + + + + CVE-2020-15396 on Ubuntu 20.04 (focal) - low. + In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-30 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964198 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15396.html + https://sourceforge.net/p/hylafax/HylaFAX+/2534/ + + + + + + + + + + CVE-2020-15397 on Ubuntu 20.04 (focal) - low. + HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-30 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964198 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15397.html + https://sourceforge.net/p/hylafax/HylaFAX+/2534/ + + + + + + + + + + CVE-2020-15400 on Ubuntu 20.04 (focal) - medium. + CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-30 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15400.html + https://bakery.cakephp.org/2020/04/18/cakephp_406_released.html + + + + + + + + + + CVE-2020-15437 on Ubuntu 20.04 (focal) - low. + The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. It was discovered that the serial port driver in the Linux kernel did not properly initialize a pointer in some situations. A local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 21:15:00 UTC + 2020-11-23 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15437.html + https://git.kernel.org/linus/f4c23a140d80ef5e6d3d1f8f57007649014b60fa + https://lkml.org/lkml/2020/7/21/80 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-15466 on Ubuntu 20.04 (focal) - low. + In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-05 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15466.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4 + https://www.wireshark.org/security/wnpa-sec-2020-09.html + + + + + + + + + + CVE-2020-15469 on Ubuntu 20.04 (focal) - low. + In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-02 20:15:00 UTC + 2020-07-02 20:15:00 UTC + Lei Sun + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15469.html + https://www.openwall.com/lists/oss-security/2020/07/02/1 + https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html (v3) + https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg02003.html (v4) + https://ubuntu.com/security/notices/USN-5010-1 + + + + mdeslaur> impact is limited, a privileged guest user can only use this mdeslaur> issue to perform a denial of service to their own instance + + + + + + + + + CVE-2020-1547 on Ubuntu 20.04 (focal) - medium. + An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1551. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1547.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-15471 on Ubuntu 20.04 (focal) - medium. + In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-01 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15471.html + https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622 + + + + + + + + + + CVE-2020-15472 on Ubuntu 20.04 (focal) - medium. + In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-01 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15472.html + https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701 + + + + + + + + + + CVE-2020-15473 on Ubuntu 20.04 (focal) - medium. + In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-01 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15473.html + https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e + + + + + + + + + + CVE-2020-15474 on Ubuntu 20.04 (focal) - medium. + In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-01 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15474.html + https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce + + + + + + + + + + CVE-2020-15475 on Ubuntu 20.04 (focal) - medium. + In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-01 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15475.html + https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 + + + + + + + + + + CVE-2020-15476 on Ubuntu 20.04 (focal) - medium. + In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-01 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15476.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780 + https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05 + + + + + + + + + + CVE-2020-15503 on Ubuntu 20.04 (focal) - low. + LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-02 14:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1853477 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964747 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15503.html + https://github.com/LibRaw/LibRaw/compare/0.20-Beta3...0.20-RC1 + https://www.libraw.org/news/libraw-0-20-rc1 + + + + + + + + + + + + + + + + + CVE-2020-15522 on Ubuntu 20.04 (focal) - medium. + Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-20 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15522.html + https://github.com/bcgit/bc-java/wiki/CVE-2020-15522 + https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522 + https://www.bouncycastle.org/releasenotes.html + + + + + + + + + + CVE-2020-15562 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-06 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15562.html + https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82 + https://github.com/roundcube/roundcubemail/releases/tag/1.2.11 + https://github.com/roundcube/roundcubemail/releases/tag/1.3.14 + https://github.com/roundcube/roundcubemail/releases/tag/1.4.7 + + + + + + + + + + CVE-2020-15563 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-07 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15563.html + https://xenbits.xen.org/xsa/advisory-319.html + http://www.openwall.com/lists/oss-security/2020/07/07/3 + http://xenbits.xen.org/xsa/advisory-319.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-15564 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the guest will be correctly aligned. As a result, a malicious guest could cause a hypervisor crash by passing a misaligned address. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). All Xen versions are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-07 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15564.html + https://xenbits.xen.org/xsa/advisory-327.html + http://www.openwall.com/lists/oss-security/2020/07/07/5 + http://xenbits.xen.org/xsa/advisory-327.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-15565 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-07 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15565.html + https://xenbits.xen.org/xsa/advisory-321.html + http://www.openwall.com/lists/oss-security/2020/07/07/4 + http://xenbits.xen.org/xsa/advisory-321.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-15566 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-07 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15566.html + https://xenbits.xen.org/xsa/advisory-317.html + http://www.openwall.com/lists/oss-security/2020/07/07/2 + http://xenbits.xen.org/xsa/advisory-317.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-15567 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-07 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15567.html + https://xenbits.xen.org/xsa/advisory-328.html + http://www.openwall.com/lists/oss-security/2020/07/07/6 + http://xenbits.xen.org/xsa/advisory-328.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-15569 on Ubuntu 20.04 (focal) - medium. + PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-06 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15569.html + https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf + + + + + + + + + + CVE-2020-15586 on Ubuntu 20.04 (focal) - low. + Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-17 16:15:00 UTC + Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon + https://github.com/golang/go/issues/34902 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15586.html + https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + CVE-2020-15598 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial of Service condition. The vendor does not consider this as a security issue because1) there is no default configuration issue here. An attacker would need to know that a rule using a potentially problematic regular expression was in place, 2) the attacker would need to know the basic nature of the regular expression itself to exploit any resource issues. It's well known that regular expression usage can be taxing on system resources regardless of the use case. It is up to the administrator to decide on when it is appropriate to trade resources for potential security benefit. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15598.html + https://bugzilla.redhat.com/show_bug.cgi?id=1879588 + https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/ + https://coreruleset.org/20200914/cve-2020-15598/ + https://github.com/SpiderLabs/ModSecurity/pull/2348 + + + + sbeattie| only affects modsecurity v3 + + + + + + + + + CVE-2020-15648 on Ubuntu 20.04 (focal) - medium. + Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 18:15:00 UTC + chrisccoulson + https://bugzilla.mozilla.org/show_bug.cgi?id=1644076 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15648.html + https://www.mozilla.org/security/advisories/mfsa2020-28/ + https://www.mozilla.org/security/advisories/mfsa2020-29/ + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15652 on Ubuntu 20.04 (focal) - medium. + By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 18:15:00 UTC + 2020-07-29 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15652.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-15652 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15652 + https://ubuntu.com/security/notices/USN-4443-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15653 on Ubuntu 20.04 (focal) - medium. + An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 18:15:00 UTC + 2020-07-29 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15653.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-15653 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15653 + https://ubuntu.com/security/notices/USN-4443-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15654 on Ubuntu 20.04 (focal) - low. + When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 18:15:00 UTC + 2020-07-29 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15654.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-15654 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15654 + https://ubuntu.com/security/notices/USN-4443-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15655 on Ubuntu 20.04 (focal) - medium. + A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 18:15:00 UTC + 2020-07-29 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15655.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-15655 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15655 + https://ubuntu.com/security/notices/USN-4443-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15656 on Ubuntu 20.04 (focal) - medium. + JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 18:15:00 UTC + 2020-07-29 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15656.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-15656 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15656 + https://ubuntu.com/security/notices/USN-4443-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15658 on Ubuntu 20.04 (focal) - low. + The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 18:15:00 UTC + 2020-07-29 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15658.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-15658 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658 + https://ubuntu.com/security/notices/USN-4443-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15659 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 18:15:00 UTC + 2020-07-29 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15659.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-15659 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15659 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15659 + https://ubuntu.com/security/notices/USN-4443-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15664 on Ubuntu 20.04 (focal) - medium. + By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-08-26 04:30:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15664.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15664 + https://rhn.redhat.com/errata/RHSA-2020-3558.html + https://ubuntu.com/security/notices/USN-4474-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15665 on Ubuntu 20.04 (focal) - medium. + Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-08-26 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15665.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665 + https://ubuntu.com/security/notices/USN-4474-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-15666 on Ubuntu 20.04 (focal) - low. + When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-08-26 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15666.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666 + https://ubuntu.com/security/notices/USN-4474-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-15667 on Ubuntu 20.04 (focal) - low. + When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15667.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-15668 on Ubuntu 20.04 (focal) - low. + A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox < 80 and Firefox for Android < 80. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-08-26 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15668.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668 + https://ubuntu.com/security/notices/USN-4474-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-15669 on Ubuntu 20.04 (focal) - medium. + When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15669.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669 + https://rhn.redhat.com/errata/RHSA-2020-3558.html + + + + + + + + + + CVE-2020-15670 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-08-26 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15670.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-41/#CVE-2020-15670 + https://ubuntu.com/security/notices/USN-4474-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15673 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-09-25 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15673.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15673 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15673 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15673 + https://ubuntu.com/security/notices/USN-4546-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15674 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-09-25 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15674.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15674 + https://ubuntu.com/security/notices/USN-4546-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-15675 on Ubuntu 20.04 (focal) - medium. + When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-09-25 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15675.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15675 + https://ubuntu.com/security/notices/USN-4546-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-15676 on Ubuntu 20.04 (focal) - medium. + Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-09-25 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15676.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15673 + https://ubuntu.com/security/notices/USN-4546-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15677 on Ubuntu 20.04 (focal) - medium. + By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-09-25 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15677.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15677 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15677 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15677 + https://ubuntu.com/security/notices/USN-4546-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15678 on Ubuntu 20.04 (focal) - medium. + When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-01 19:15:00 UTC + 2020-09-25 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15678.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15678 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15678 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15678 + https://ubuntu.com/security/notices/USN-4546-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15680 on Ubuntu 20.04 (focal) - medium. + If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + 2020-10-22 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15680.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15680 + https://ubuntu.com/security/notices/USN-4599-1 + https://ubuntu.com/security/notices/USN-4599-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-15681 on Ubuntu 20.04 (focal) - medium. + When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + 2020-10-22 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15681.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15681 + https://ubuntu.com/security/notices/USN-4599-1 + https://ubuntu.com/security/notices/USN-4599-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-15682 on Ubuntu 20.04 (focal) - low. + When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + 2020-10-22 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15682.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15682 + https://ubuntu.com/security/notices/USN-4599-1 + https://ubuntu.com/security/notices/USN-4599-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-15683 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + 2020-10-22 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15683.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15683 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15683 + https://ubuntu.com/security/notices/USN-4599-1 + https://ubuntu.com/security/notices/USN-4599-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15684 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + 2020-10-22 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15684.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684 + https://ubuntu.com/security/notices/USN-4599-1 + https://ubuntu.com/security/notices/USN-4599-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-15685 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-31 00:00:00 UTC + 2020-12-31 00:00:00 UTC + Damian Poddebniak + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15685.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685 + https://ubuntu.com/security/notices/USN-4736-1 + + + + + + + + + + CVE-2020-15690 on Ubuntu 20.04 (focal) - medium. + In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-30 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15690.html + https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/asyncftpclient.nim#L145 + https://github.com/nim-lang/Nim/commit/e71395f5718326d45b6739c931ab6c0d80d79171 + https://github.com/nim-lang/Nim/compare/v1.2.4...v1.2.6 + + + + sbeattie> possibly just causes an assertion, so maybe only DoS + + + + + + + + + CVE-2020-15692 on Ubuntu 20.04 (focal) - medium. + In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-14 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15692.html + https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/browsers.nim#L48 + https://nim-lang.org/blog/2020/07/30/versions-126-and-108-released.html + + + + + + + + + + CVE-2020-15693 on Ubuntu 20.04 (focal) - medium. + In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-14 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15693.html + https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/httpclient.nim#L1023 + https://nim-lang.org/blog/2020/07/30/versions-126-and-108-released.html + + + + + + + + + + CVE-2020-15694 on Ubuntu 20.04 (focal) - medium. + In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-14 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15694.html + https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/httpclient.nim#L241 + https://nim-lang.org/blog/2020/07/30/versions-126-and-108-released.html + + + + + + + + + + CVE-2020-15720 on Ubuntu 20.04 (focal) - medium. + In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-14 14:15:00 UTC + Christian Heimes + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15720.html + https://bugzilla.redhat.com/show_bug.cgi?id=1855273 + https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72 + https://github.com/dogtagpki/pki/compare/v10.9.0-a2...v10.9.0-b1 + + + + avital> The CVE fix changes the API with the potential to break software which avital> calls dogtag-pki under certain circumstances. If the fix is backported, the avital> freeipa package must also be updated silmitaniously with avital> https://github.com/freeipa/freeipa/pull/4820. Additionally, other packages avital> which use dogtag-pki must be investigated and updated if needed. + + + + + + + + + CVE-2020-15802 on Ubuntu 20.04 (focal) - medium. + Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-11 14:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-15802 + https://bugzilla.suse.com/show_bug.cgi?id=1176442 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15802.html + https://www.kb.cert.org/vuls/id/589825/ + https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709 + https://www.kb.cert.org/vuls/id/589825 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-15803 on Ubuntu 20.04 (focal) - medium. + Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. It was discovered that Zabbix did not properly validate input. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-17 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15803.html + https://support.zabbix.com/browse/ZBX-18057 + + + + + + + + + + CVE-2020-15859 on Ubuntu 20.04 (focal) - medium. + QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-21 16:15:00 UTC + 2020-07-21 16:15:00 UTC + Alexander Bulekov + https://bugs.launchpad.net/qemu/+bug/1886362 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965978 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15859.html + https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html + https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05304.html + https://www.openwall.com/lists/oss-security/2020/07/21/3 + https://ubuntu.com/security/notices/USN-4725-1 + + + + + + + + + + CVE-2020-15863 on Ubuntu 20.04 (focal) - low. + hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-28 16:15:00 UTC + 2020-07-28 16:15:00 UTC + mdeslaur + Ziming Zhang + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15863.html + https://www.openwall.com/lists/oss-security/2020/07/22/1 + https://ubuntu.com/security/notices/USN-4467-1 + + + + + + + + + + CVE-2020-15866 on Ubuntu 20.04 (focal) - low. + mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15866.html + https://github.com/mruby/mruby/issues/5042 + https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b + + + + + + + + + + CVE-2020-15890 on Ubuntu 20.04 (focal) - low. + LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-21 22:15:00 UTC + 2020-07-21 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966148 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15890.html + https://github.com/LuaJIT/LuaJIT/issues/601 + https://ubuntu.com/security/notices/USN-4501-1 + + + + + + + + + + CVE-2020-15917 on Ubuntu 20.04 (focal) - low. + common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-23 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15917.html + https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5 + https://git.claws-mail.org/?p=claws.git;a=blob;f=RELEASE_NOTES + + + + + + + + + + CVE-2020-15953 on Ubuntu 20.04 (focal) - medium. + LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-27 07:15:00 UTC + 2020-07-27 07:15:00 UTC + https://github.com/dinhvh/libetpan/issues/386 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15953.html + https://security.gentoo.org/glsa/202007-55 + https://ubuntu.com/security/notices/USN-4598-1 + + + + + + + + + + CVE-2020-15954 on Ubuntu 20.04 (focal) - medium. + KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-27 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15954.html + https://bugs.kde.org/show_bug.cgi?id=423426 + + + + + + + + + + + + + CVE-2020-15969 on Ubuntu 20.04 (focal) - medium. + Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-03 03:15:00 UTC + 2020-10-07 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15969.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15969 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15969 + https://ubuntu.com/security/notices/USN-4599-1 + https://ubuntu.com/security/notices/USN-4599-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + amurray> The Debian chromium source package is called chromium-browser in Ubuntu mdeslaur> starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-15999 on Ubuntu 20.04 (focal) - high. + Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-11-03 03:15:00 UTC + 2020-10-20 + Sergei Glazunov + https://savannah.nongnu.org/bugs/?59308 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15999.html + https://bugs.chromium.org/p/project-zero/issues/detail?id=2103 + https://ubuntu.com/security/notices/USN-4593-1 + https://ubuntu.com/security/notices/USN-4593-2 + https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-15999 + + + + + + + + + + CVE-2020-16012 on Ubuntu 20.04 (focal) - medium. + Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-08 19:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16012.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-16012 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-16042 on Ubuntu 20.04 (focal) - medium. + Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-08 19:15:00 UTC + 2020-12-15 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16042.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-16042 + https://ubuntu.com/security/notices/USN-4671-1 + https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html + https://ubuntu.com/security/notices/USN-4701-1 + + + + amurray> The Debian chromium source package is called chromium-browser in Ubuntu mdeslaur> starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap + + + + + + + + + + + + CVE-2020-16044 on Ubuntu 20.04 (focal) - medium. + Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-09 14:15:00 UTC + 2021-01-08 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16044.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044 + https://ubuntu.com/security/notices/USN-4687-1 + https://ubuntu.com/security/notices/USN-4701-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-16093 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-08 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16093.html + + + + + + + + + + CVE-2020-16094 on Ubuntu 20.04 (focal) - low. + In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-28 19:15:00 UTC + https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16094.html + + + + + + + + + + CVE-2020-16116 on Ubuntu 20.04 (focal) - medium. + In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. Dominik Penner discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this to construct a malicious zip archive that, when opened, would create files outside the extraction directory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-03 20:15:00 UTC + 2020-08-03 20:15:00 UTC + Dominik Penner + https://bugs.launchpad.net/ubuntu/focal/+source/ark/+bug/1889672 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16116.html + https://kde.org/info/security/advisory-20200730-1.txt + https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f + https://github.com/KDE/ark/commits/master + https://www.debian.org/security/2020/dsa-4738 + https://ubuntu.com/security/notices/USN-4461-1 + + + + + + + + + + CVE-2020-16117 on Ubuntu 20.04 (focal) - low. + In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-29 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16117.html + https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 + https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7 + https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189 + + + + + + + + + + CVE-2020-16118 on Ubuntu 20.04 (focal) - low. + In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-29 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16118.html + https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5 + https://gitlab.gnome.org/GNOME/balsa/-/issues/23 + + + + + + + + + + CVE-2020-16124 on Ubuntu 20.04 (focal) - medium. + Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. Fixed in https://github.com/ros/ros_comm/pull/2065. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-13 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16124.html + https://github.com/ros/ros_comm/pull/2065 + + + + + + + + + + CVE-2020-16125 on Ubuntu 20.04 (focal) - medium. + gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-10 05:15:00 UTC + 2020-11-03 + mdeslaur + Kevin Backhouse + 2020-11-03 + https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1900314 + https://gitlab.gnome.org/GNOME/gdm/-/issues/642 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16125.html + https://ubuntu.com/security/notices/USN-4614-1 + + + + + + + + + + CVE-2020-16150 on Ubuntu 20.04 (focal) - medium. + A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-02 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16150.html + https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1 + https://tls.mbed.org/tech-updates/security-advisories + + + + + + + + + + CVE-2020-16166 on Ubuntu 20.04 (focal) - medium. + The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. It was discovered that the state of network RNG in the Linux kernel was potentially observable. A remote attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-30 21:15:00 UTC + 2020-07-30 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16166.html + https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4 + https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 + https://ubuntu.com/security/notices/USN-4525-1 + https://ubuntu.com/security/notices/USN-4526-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-16248 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-09 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16248.html + https://github.com/prometheus/blackbox_exporter/issues/669 + https://www.openwall.com/lists/oss-security/2020/08/08/12 + https://www.openwall.com/lists/oss-security/2020/08/08/3 + https://prometheus.io/docs/operating/security/#exporters + https://seclists.org/oss-sec/2020/q3/94 + + + + + + + + + + CVE-2020-16269 on Ubuntu 20.04 (focal) - low. + radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16269.html + https://github.com/radareorg/radare2/issues/17383 + + + + + + + + + + CVE-2020-16592 on Ubuntu 20.04 (focal) - low. + A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 21:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25823 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16592.html + + + + + + + + + + CVE-2020-16600 on Ubuntu 20.04 (focal) - medium. + A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16600.html + https://bugs.ghostscript.com/show_bug.cgi?id=702253 + http://git.ghostscript.com/?p=mupdf.git;h=96751b25462f83d6e16a9afaf8980b0c3f979c8b + + + + + + + + + + CVE-2020-16845 on Ubuntu 20.04 (focal) - low. + Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-06 18:15:00 UTC + Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon + https://github.com/golang/go/issues/40618 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16845.html + https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q + https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + CVE-2020-1695 on Ubuntu 20.04 (focal) - untriaged. + A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1695.html + https://bugzilla.redhat.com/show_bug.cgi?id=1730462 + + + + + + + + + + + + + CVE-2020-1696 on Ubuntu 20.04 (focal) - low. + A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-20 15:15:00 UTC + Pritam Singh + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1696.html + https://bugzilla.redhat.com/show_bug.cgi?id=1780707 + + + + + + + + + + CVE-2020-1711 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-11 20:15:00 UTC + 2020-02-11 20:15:00 UTC + Felipe Franciosi, Raphael Norwitz, Peter Turschmid + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949731 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1711.html + https://www.openwall.com/lists/oss-security/2020/01/23/3 + https://ubuntu.com/security/notices/USN-4283-1 + + + + + + + + + + CVE-2020-1712 on Ubuntu 20.04 (focal) - medium. + A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-31 17:15:00 UTC + 2020-02-05 09:00:00 UTC + mdeslaur + Tavis Ormandy + 2020-02-05 09:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1712.html + https://ubuntu.com/security/notices/USN-4269-1 + + + + + + + + + + CVE-2020-1721 on Ubuntu 20.04 (focal) - low. + A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-30 12:15:00 UTC + Pritam Singh + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1721.html + https://bugzilla.redhat.com/show_bug.cgi?id=1777579 + + + + + + + + + + CVE-2020-1722 on Ubuntu 20.04 (focal) - medium. + A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1722.html + https://pagure.io/freeipa/issue/8268 + https://bugzilla.redhat.com/show_bug.cgi?id=1793071 + https://access.redhat.com/security/cve/CVE-2020-1722 + + + + + + + + + + CVE-2020-1733 on Ubuntu 20.04 (focal) - medium. + A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-11 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1733.html + https://bugzilla.redhat.com/show_bug.cgi?id=1801735 + + + + + + + + + + CVE-2020-1734 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-03 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1734.html + https://bugzilla.redhat.com/show_bug.cgi?id=1801804 + + + + + + + + + + CVE-2020-1735 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-16 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1735.html + https://bugzilla.redhat.com/show_bug.cgi?id=1802085 + + + + + + + + + + CVE-2020-17353 on Ubuntu 20.04 (focal) - medium. + scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-05 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17353.html + http://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commit;h=b84ea4740f3279516905c5db05f4074e777c16ff + + + + + + + + + + CVE-2020-1736 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-16 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1736.html + https://bugzilla.redhat.com/show_bug.cgi?id=1802124 + + + + + + + + + + CVE-2020-17367 on Ubuntu 20.04 (focal) - medium. + Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-11 16:15:00 UTC + Tim Starling + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17367.html + https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37 + + + + + + + + + + CVE-2020-17368 on Ubuntu 20.04 (focal) - medium. + Firejail through 0.9.62 mishandles shell metacharacters during use of the + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-11 16:15:00 UTC + Tim Starling + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17368.html + https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b + + + + + + + + + + CVE-2020-1737 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-09 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1737.html + https://bugzilla.redhat.com/show_bug.cgi?id=1802154 + + + + + + + + + + CVE-2020-17376 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-26 19:15:00 UTC + Tadayoshi Hosoya and Lee Yarwood + https://launchpad.net/bugs/1890501 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17376.html + https://www.openwall.com/lists/oss-security/2020/08/25/4 + + + + mdeslaur> This is only an issue when libvirt is 1.3.4 and later. On mdeslaur> Xenial, libvirt is 1.3.1 and is not vulnerable. + + + + + + + + + CVE-2020-1738 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-16 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1738.html + https://bugzilla.redhat.com/show_bug.cgi?id=1802164 + + + + + + + + + + CVE-2020-17380 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-30 06:15:00 UTC + 2020-08-14 00:00:00 UTC + mdeslaur + Alexander Bulekov + https://bugzilla.redhat.com/show_bug.cgi?id=1862167 + https://bugs.launchpad.net/qemu/+bug/1892960 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17380.html + https://ubuntu.com/security/notices/USN-4650-1 + + + + mdeslaur> see if there are other relevant commits + + + + + + + + + CVE-2020-1739 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-12 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1739.html + https://bugzilla.redhat.com/show_bug.cgi?id=1802178 + + + + + + + + + + CVE-2020-1740 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-16 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1740.html + https://bugzilla.redhat.com/show_bug.cgi?id=1802193 + + + + + + + + + + CVE-2020-17437 on Ubuntu 20.04 (focal) - low. + An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 23:15:00 UTC + Amine Amri and Stanislav Dashevskyi + 2020-12-01 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17437.html + https://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp + https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/ + + + + sbeattie> aka FSCT-2020-0018 sbeattie> issue in embedded copy of uIP mdeslaur> per upstream "iscsiuio only uses uip for network "services", mdeslaur> such as DHCP, ARP, etc, and not for normal TCP/IP mdeslaur> communications" + + + + + + + + + CVE-2020-17446 on Ubuntu 20.04 (focal) - medium. + asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-12 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17446.html + https://github.com/MagicStack/asyncpg/releases/tag/v0.21.0 + + + + + + + + + + CVE-2020-17448 on Ubuntu 20.04 (focal) - low. + Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-11 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17448.html + + + + + + + + + + CVE-2020-1745 on Ubuntu 20.04 (focal) - medium. + A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-28 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1745.html + https://bugzilla.redhat.com/show_bug.cgi?id=1807305 + https://access.redhat.com/security/cve/CVE-2020-1938 + + + + + + + + + + CVE-2020-1746 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-12 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1746.html + https://bugzilla.redhat.com/show_bug.cgi?id=1805491 + https://github.com/ansible/ansible/pull/67866 + + + + + + + + + + CVE-2020-17480 on Ubuntu 20.04 (focal) - medium. + TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17480.html + https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95 + https://www.tiny.cloud/docs/release-notes/release-notes514/#securityfixes + + + + + + + + + + CVE-2020-17482 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 09:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970737 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17482.html + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html + + + + + + + + + + CVE-2020-17487 on Ubuntu 20.04 (focal) - medium. + radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-11 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17487.html + https://github.com/radareorg/radare2/issues/17431 + + + + + + + + + + CVE-2020-17495 on Ubuntu 20.04 (focal) - medium. + django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-11 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968305 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17495.html + https://github.com/celery/django-celery-results/issues/142 + + + + + + + + + + CVE-2020-17497 on Ubuntu 20.04 (focal) - low. + eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-12 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968996 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17497.html + https://lists.01.org/hyperkitty/list/iwd@lists.01.org/thread/4GUXL4Z6KZWWZINATGHNJVAEUTS3I7PG/ + https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=f22ba5aebb569ca54521afd2babdc1f67e3904ea + + + + + + + + + + CVE-2020-17498 on Ubuntu 20.04 (focal) - medium. + In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17498.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b + https://www.wireshark.org/security/wnpa-sec-2020-10.html + + + + + + + + + + CVE-2020-17507 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-12 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968444 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17507.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/ + + + + + + + + + + CVE-2020-17508 on Ubuntu 20.04 (focal) - low. + The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17508.html + https://github.com/apache/trafficserver/pull/7358 + https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E + + + + msalvatore> vulnerable code in xenial is included in "experimental plugins", which are built. + + + + + + + + + CVE-2020-17509 on Ubuntu 20.04 (focal) - low. + ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17509.html + https://github.com/apache/trafficserver/pull/7359 + https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E + + + + + + + + + + CVE-2020-17510 on Ubuntu 20.04 (focal) - medium. + Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-05 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17510.html + https://www.openwall.com/lists/oss-security/2020/11/04/7 + https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E + + + + + + + + + + CVE-2020-1752 on Ubuntu 20.04 (focal) - low. + A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-30 17:15:00 UTC + 2020-04-30 17:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25414 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1752.html + https://ubuntu.com/security/notices/USN-4416-1 + + + + + + + + + + CVE-2020-17521 on Ubuntu 20.04 (focal) - low. + Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-07 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17521.html + https://issues.apache.org/jira/browse/GROOVY-9824 + https://www.openwall.com/lists/oss-security/2020/12/06/1 + https://github.com/apache/groovy/commit/4e418d4a34c973a7ec1e822552103043ac13780e (GROOVY_2_4_21) + https://groovy-lang.org/security.html#CVE-2020-17521 + https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E + + + + + + + + + + CVE-2020-17523 on Ubuntu 20.04 (focal) - medium. + Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-03 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17523.html + https://www.openwall.com/lists/oss-security/2021/02/01/3 + https://issues.apache.org/jira/browse/SHIRO-797 + https://lists.apache.org/thread.html/rce5943430a6136d37a1f2fc201d245fe094e2727a0bc27e3b2d43a39%40%3Cdev.shiro.apache.org%3E + + + + + + + + + + CVE-2020-17525 on Ubuntu 20.04 (focal) - medium. + Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-17 10:15:00 UTC + Thomas Åkesson + 2021-02-10 12:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1915698 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17525.html + + + + + + + + + + CVE-2020-17527 on Ubuntu 20.04 (focal) - medium. + While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17527.html + https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40) + https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29 (8.5.60) + http://www.openwall.com/lists/oss-security/2020/12/03/3 + https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13fe7fe68ac59c679c@%3Cdev.tomcat.apache.org%3E + https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178119a86a4801cc53@%3Cdev.tomcat.apache.org%3E + https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.apache.org%3E + https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5@%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9aba5389df1ae6ca@%3Cusers.tomcat.apache.org%3E + + + + + + + + + + CVE-2020-1753 on Ubuntu 20.04 (focal) - medium. + A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-16 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1753.html + https://bugzilla.redhat.com/show_bug.cgi?id=1811008 + + + + + + + + + + CVE-2020-17534 on Ubuntu 20.04 (focal) - medium. + There exists a race condition between the deletion of the temporary file and the creation of the temporary directory in `webkit` subproject of HTML/Java API version 1.7. A similar vulnerability has recently been disclosed in other Java projects and the fix in HTML/Java API version 1.7.1 follows theirs: To avoid local privilege escalation version 1.7.1 creates the temporary directory atomically without dealing with the temporary file: https://github.com/apache/netbeans-html4j/commit/fa70e507e5555e1adb4f6518479fc408a7abd0e6 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17534.html + https://lists.apache.org/thread.html/ra6119c0cdfccf051a846fa11b61364f5df9e7db93c310706a947f86a%40%3Cdev.netbeans.apache.org%3E + + + + + + + + + + CVE-2020-17541 on Ubuntu 20.04 (focal) - low. + Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 15:15:00 UTC + https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17541.html + + + + mdeslaur> probably not exploitable, if it is, it's a DoS only mdeslaur> https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392#issuecomment-562332507 + + + + + + + + + CVE-2020-1757 on Ubuntu 20.04 (focal) - medium. + A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-21 17:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1752770 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1757.html + + + + + + + + + + CVE-2020-1760 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-23 15:15:00 UTC + 2020-04-23 15:15:00 UTC + mdeslaur + Robin H. Johnson + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956142 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1760.html + https://www.openwall.com/lists/oss-security/2020/04/07/1 + https://ubuntu.com/security/notices/USN-4528-1 + + + + + + + + + + CVE-2020-1763 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-12 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960458 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1763.html + https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt + https://bugzilla.redhat.com/show_bug.cgi?id=1813329 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763 + https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 + + + + + + + + + + CVE-2020-1765 on Ubuntu 20.04 (focal) - medium. + An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-10 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1765.html + https://otrs.com/release-notes/otrs-security-advisory-2020-01/ + + + + + + + + + + CVE-2020-1766 on Ubuntu 20.04 (focal) - medium. + Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-10 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1766.html + https://otrs.com/release-notes/otrs-security-advisory-2020-02/ + + + + + + + + + + CVE-2020-1767 on Ubuntu 20.04 (focal) - medium. + Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-10 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1767.html + https://otrs.com/release-notes/otrs-security-advisory-2020-03/ + + + + + + + + + + CVE-2020-1768 on Ubuntu 20.04 (focal) - low. + The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-07 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1768.html + https://community.otrs.com/security-advisory-2020-04/ + https://otrs.com/release-notes/otrs-security-advisory-2020-04/ + + + + + + + + + + CVE-2020-1769 on Ubuntu 20.04 (focal) - low. + In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-27 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1769.html + https://otrs.com/release-notes/otrs-security-advisory-2020-06/ + + + + + + + + + + CVE-2020-1770 on Ubuntu 20.04 (focal) - medium. + Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-27 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1770.html + https://otrs.com/release-notes/otrs-security-advisory-2020-07/ + + + + + + + + + + CVE-2020-1771 on Ubuntu 20.04 (focal) - medium. + Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-27 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1771.html + https://otrs.com/release-notes/otrs-security-advisory-2020-08/ + + + + sbeattie> probably does not affect otrs v5 + + + + + + + + + CVE-2020-1772 on Ubuntu 20.04 (focal) - medium. + It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-27 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1772.html + https://otrs.com/release-notes/otrs-security-advisory-2020-09/ + + + + + + + + + + CVE-2020-1773 on Ubuntu 20.04 (focal) - medium. + An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-27 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1773.html + https://otrs.com/release-notes/otrs-security-advisory-2020-10/ + + + + + + + + + + CVE-2020-1774 on Ubuntu 20.04 (focal) - low. + When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-28 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1774.html + https://otrs.com/release-notes/otrs-security-advisory-2020-11/ + + + + + + + + + + CVE-2020-1776 on Ubuntu 20.04 (focal) - low. + When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-20 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1776.html + https://otrs.com/release-notes/otrs-security-advisory-2020-13/ + + + + + + + + + + CVE-2020-1778 on Ubuntu 20.04 (focal) - untriaged. + When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1778.html + https://otrs.com/release-notes/otrs-security-advisory-2020-16/ + + + + + + + + + + CVE-2020-1779 on Ubuntu 20.04 (focal) - medium. + When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version 6.0.40 and prior versions; 7.0.x version 7.0.29 and prior versions; 8.0.x version 8.0.3 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1779.html + https://otrs.com/release-notes/otrs-security-advisory-2020-17/ + + + + + + + + + + CVE-2020-18032 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-18032.html + https://gitlab.com/graphviz/graphviz/-/issues/1700 + + + + + + + + + + CVE-2020-18184 on Ubuntu 20.04 (focal) - medium. + In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-18184.html + https://github.com/pluxml/PluXml/issues/320 + + + + seth-arnold> I've asked if this is an intentional feature or not; the documentation suggests to me that it is intentional for the administrator to be able to execute arbitrary code. + + + + + + + + + CVE-2020-18185 on Ubuntu 20.04 (focal) - medium. + class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-18185.html + https://github.com/pluxml/PluXml/issues/321 + + + + + + + + + + CVE-2020-18442 on Ubuntu 20.04 (focal) - low. + Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-18 15:15:00 UTC + https://github.com/gdraheim/zziplib/issues/68 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-18442.html + + + + + + + + + + CVE-2020-18670 on Ubuntu 20.04 (focal) - medium. + Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-18670.html + https://lorexxar.cn/2020/06/10/roundcube-mail-xss/#Store-Xss-in-installer-test-php + https://github.com/roundcube/roundcubemail/issues/7406 + https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12 + + + + + + + + + + CVE-2020-18671 on Ubuntu 20.04 (focal) - medium. + Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-18671.html + https://lorexxar.cn/2020/06/10/roundcube-mail-xss/#store-xss-in-smtp-config + https://github.com/roundcube/roundcubemail/issues/7406 + https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12 + + + + + + + + + + CVE-2020-1927 on Ubuntu 20.04 (focal) - low. + In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-02 00:15:00 UTC + 2020-04-02 00:15:00 UTC + mdeslaur + Fabrice Perez + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1927.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927 + https://httpd.apache.org/security/vulnerabilities_24.html + https://ubuntu.com/security/notices/USN-4458-1 + + + + + + + + + + CVE-2020-1934 on Ubuntu 20.04 (focal) - low. + In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 20:15:00 UTC + 2020-04-01 20:15:00 UTC + mdeslaur + Chamal De Silva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1934.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1934 + https://httpd.apache.org/security/vulnerabilities_24.html + https://ubuntu.com/security/notices/USN-4458-1 + + + + + + + + + + CVE-2020-1935 on Ubuntu 20.04 (focal) - low. + In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-24 22:15:00 UTC + 2020-02-24 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1935.html + https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E + https://ubuntu.com/security/notices/USN-4448-1 + + + + mdeslaur> backport to 8.0 available in 8.0.14-1+deb8u17 + + + + + + + + + CVE-2020-1938 on Ubuntu 20.04 (focal) - low. + When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-24 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952437 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952438 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952436 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959747 (apache support) + https://bugs.launchpad.net/bugs/1865904 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1938.html + https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487 + https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3E + https://security.netapp.com/advisory/ntap-20200226-0002/ + + + + mdeslaur> In Ubuntu packages, the AJP connector is disabled by default, mdeslaur> so unless specifically enabled by an admin, deployments made mdeslaur> using the package are not vulnerable to this issue. mdeslaur> mdeslaur> One of the upstream fixes for this issue renames the mdeslaur> requiredSecret parameter to secret and adds a secretRequired mdeslaur> parameter that defaults to "true". Adding this change to stable mdeslaur> releases will result in servers failing to start until the mdeslaur> administrator either changes secretRequired to "false", or mdeslaur> configures an adequate secret. Apache starting supporting a mdeslaur> secret in mod_proxy_ajp starting with 2.4.42, which means to mdeslaur> enable a secret we will have to issue Apache updates with mdeslaur> the backported secret support. + + + + + + + + + CVE-2020-1941 on Ubuntu 20.04 (focal) - medium. + In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-14 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1941.html + http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt + + + + + + + + + + CVE-2020-1944 on Ubuntu 20.04 (focal) - medium. + There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1944.html + https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E + + + + + + + + + + CVE-2020-1945 on Ubuntu 20.04 (focal) - medium. + Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-14 16:15:00 UTC + 2020-05-14 16:15:00 UTC + msalvatore + Mike Salvatore + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1945.html + https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E + https://ubuntu.com/security/notices/USN-4380-1 + + + + msalvatore> There are two potential mitigations for this vulnerability. msalvatore> 1) Set your umask to 077. msalvatore> 2) Set your JVM's java.io.tmpdir system property to a directory msalvatore> only readable and writable by the current user running Ant. msalvatore> The fix for this CVE is incomplete. CVE-2020-11979 finishes resolving the issue. + + + + + + + + + CVE-2020-1950 on Ubuntu 20.04 (focal) - medium. + A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-23 14:15:00 UTC + 2020-03-23 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954303 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1950.html + https://www.openwall.com/lists/oss-security/2020/03/18/3 + https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E + https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html + https://ubuntu.com/security/notices/USN-4564-1 + https://ubuntu.com/security/notices/USN-4564-1 + + + + + + + + + + CVE-2020-1951 on Ubuntu 20.04 (focal) - low. + A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-23 14:15:00 UTC + 2020-03-23 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954302 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1951.html + https://www.openwall.com/lists/oss-security/2020/03/18/4 + https://lists.apache.org/thread.html/rd8c1b42bd0e31870d804890b3f00b13d837c528f7ebaf77031323172%40%3Cdev.tika.apache.org%3E + https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html + https://ubuntu.com/security/notices/USN-4564-1 + https://ubuntu.com/security/notices/USN-4564-1 + + + + + + + + + + CVE-2020-1953 on Ubuntu 20.04 (focal) - medium. + Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-13 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1953.html + https://www.openwall.com/lists/oss-security/2020/03/13/1 + https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/rde2186ad6ac0d6ed8d51af7509244adcf1ce0f9a3b7e1d1dd3b64676@%3Ccommits.camel.apache.org%3E + + + + + + + + + + CVE-2020-1957 on Ubuntu 20.04 (focal) - medium. + Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 16:15:00 UTC + 2020-03-25 16:15:00 UTC + pfsmorigo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955018 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1957.html + https://www.openwall.com/lists/oss-security/2020/03/23/2 + https://lists.apache.org/thread.html/r17f371fc89d34df2d0c8131473fbc68154290e1be238895648f5a1e6%40%3Cdev.shiro.apache.org%3E + https://lists.apache.org/thread.html/rc64fb2336683feff3580c3c3a8b28e80525077621089641f2f386b63@%3Ccommits.camel.apache.org%3E + https://github.com/apache/shiro/pull/203#issuecomment-605442534 + https://ubuntu.com/security/notices/USN-4740-1 + + + + + + + + + + CVE-2020-19667 on Ubuntu 20.04 (focal) - low. + Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-20 16:15:00 UTC + 2020-11-20 16:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1895 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-19667.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-19668 on Ubuntu 20.04 (focal) - untriaged. + Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-20 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-19668.html + https://github.com/saitoha/libsixel/issues/136 + + + + + + + + + + CVE-2020-1968 on Ubuntu 20.04 (focal) - low. + The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-09 14:15:00 UTC + 2020-09-09 + Robert Merget, Marcus Brinkmann, Nimrod Aviram, Juraj Somorovsky + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1968.html + https://www.openssl.org/news/secadv/20200909.txt + https://ubuntu.com/security/notices/USN-4504-1 + + + + + + + + + + CVE-2020-19715 on Ubuntu 20.04 (focal) - medium. + An integer overflow vulnerability in the getUShort function of Exiv2 0.27.1 results in segmentation faults within the application, leading to a denial of service (DOS). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-13 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-19715.html + https://github.com/Exiv2/exiv2/issues/979 + + + + + + + + + + CVE-2020-19716 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-13 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-19716.html + https://github.com/Exiv2/exiv2/issues/980 + + + + + + + + + + CVE-2020-1983 on Ubuntu 20.04 (focal) - medium. + A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-22 20:15:00 UTC + 2020-04-22 20:15:00 UTC + mdeslaur + Aviv Sasson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1983.html + https://ubuntu.com/security/notices/USN-4372-1 + + + + + + + + + + + + + CVE-2020-20445 on Ubuntu 20.04 (focal) - low. + FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-20445.html + https://trac.ffmpeg.org/ticket/7996 + + + + + + + + + + CVE-2020-20446 on Ubuntu 20.04 (focal) - low. + FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-20446.html + https://trac.ffmpeg.org/ticket/7995 + + + + + + + + + + CVE-2020-20448 on Ubuntu 20.04 (focal) - low. + FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-20448.html + https://trac.ffmpeg.org/ticket/7990 + + + + + + + + + + CVE-2020-20450 on Ubuntu 20.04 (focal) - low. + FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-20450.html + https://trac.ffmpeg.org/ticket/7993 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5400e4a50c61e53e1bc50b3e77201649bbe9c510 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3865b1952e5cf993b016d83ba78fe1deb63bbfad (4.3) + + + + + + + + + + CVE-2020-20451 on Ubuntu 20.04 (focal) - negligible. + Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-20451.html + https://trac.ffmpeg.org/ticket/8094 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21265f42ecb265debe9fec1dbfd0cb7de5a8aefb + + + + + + + + + + CVE-2020-20453 on Ubuntu 20.04 (focal) - low. + FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-20453.html + https://trac.ffmpeg.org/ticket/8003 + + + + + + + + + + CVE-2020-20739 on Ubuntu 20.04 (focal) - untriaged. + im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-20 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-20739.html + https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a (v8.9.0-alpha1) + https://github.com/libvips/libvips/issues/1419 + https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a + + + + + + + + + + CVE-2020-20740 on Ubuntu 20.04 (focal) - untriaged. + PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-20 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-20740.html + https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 (v0.21) + https://github.com/enferex/pdfresurrect/issues/14 + https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 + + + + + + + + + + CVE-2020-21041 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-21041.html + https://trac.ffmpeg.org/ticket/7989 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba + + + + + + + + + + CVE-2020-22015 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22015.html + https://trac.ffmpeg.org/ticket/8190 + + + + + + + + + + CVE-2020-22016 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22016.html + https://trac.ffmpeg.org/ticket/8183 + + + + + + + + + + CVE-2020-22017 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22017.html + https://trac.ffmpeg.org/ticket/8309 + + + + + + + + + + CVE-2020-22019 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22019.html + https://trac.ffmpeg.org/ticket/8241 + + + + + + + + + + CVE-2020-22020 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22020.html + https://trac.ffmpeg.org/ticket/8239 + http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765 + + + + + + + + + + CVE-2020-22021 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22021.html + https://trac.ffmpeg.org/ticket/8240 + + + + + + + + + + CVE-2020-22022 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22022.html + https://trac.ffmpeg.org/ticket/8264 + + + + + + + + + + CVE-2020-22023 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22023.html + https://trac.ffmpeg.org/ticket/8244 + + + + + + + + + + CVE-2020-22024 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22024.html + https://trac.ffmpeg.org/ticket/8310 + + + + + + + + + + CVE-2020-22025 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22025.html + https://trac.ffmpeg.org/ticket/8260 + + + + + + + + + + CVE-2020-22026 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22026.html + https://trac.ffmpeg.org/ticket/8317 + + + + + + + + + + CVE-2020-22027 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22027.html + https://trac.ffmpeg.org/attachment/ticket/8242/gdb-vf_neighbor_191 + https://trac.ffmpeg.org/ticket/8242 + + + + + + + + + + CVE-2020-22028 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22028.html + https://trac.ffmpeg.org/ticket/8274 + + + + + + + + + + CVE-2020-22029 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22029.html + http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae + https://trac.ffmpeg.org/ticket/8250 + + + + + + + + + + CVE-2020-22030 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22030.html + https://trac.ffmpeg.org/ticket/8276 + + + + + + + + + + CVE-2020-22031 on Ubuntu 20.04 (focal) - medium. + A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22031.html + https://trac.ffmpeg.org/attachment/ticket/8243/gdb-vf_w3fdif_191 + https://trac.ffmpeg.org/ticket/8243 + + + + + + + + + + CVE-2020-22032 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22032.html + https://trac.ffmpeg.org/ticket/8275 + + + + + + + + + + CVE-2020-22033 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22033.html + https://trac.ffmpeg.org/ticket/8246 + + + + + + + + + + CVE-2020-22034 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22034.html + https://trac.ffmpeg.org/ticket/8236 + + + + + + + + + + CVE-2020-22035 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22035.html + https://trac.ffmpeg.org/ticket/8262 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054 + + + + + + + + + + CVE-2020-22036 on Ubuntu 20.04 (focal) - medium. + A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22036.html + https://trac.ffmpeg.org/ticket/8261 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606 + + + + + + + + + + CVE-2020-22037 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22037.html + https://trac.ffmpeg.org/ticket/8281 + + + + + + + + + + CVE-2020-22038 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22038.html + https://trac.ffmpeg.org/ticket/8285 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013 + + + + + + + + + + CVE-2020-22039 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22039.html + https://trac.ffmpeg.org/ticket/8302 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a581bb66ea5eb981e2e498ca301df7d1ef15a6a3 + + + + + + + + + + CVE-2020-22040 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22040.html + https://trac.ffmpeg.org/ticket/8283 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1a0c584abc9709b1d11dbafef05d22e0937d7d19 + + + + + + + + + + CVE-2020-22041 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22041.html + https://trac.ffmpeg.org/ticket/8296 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3488e0977c671568731afa12b811adce9d4d807f + + + + + + + + + + CVE-2020-22042 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22042.html + https://trac.ffmpeg.org/ticket/8267 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=426c16d61a9b5056a157a1a2a057a4e4d13eef84 + + + + + + + + + + CVE-2020-22043 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22043.html + https://trac.ffmpeg.org/ticket/8284 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590 + + + + + + + + + + CVE-2020-22044 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22044.html + https://trac.ffmpeg.org/ticket/8295 + https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1d479300cbe0522c233b7d51148aea2b29bd29ad + + + + + + + + + + CVE-2020-22046 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22046.html + https://trac.ffmpeg.org/ticket/8294 + + + + + + + + + + CVE-2020-22048 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22048.html + https://trac.ffmpeg.org/ticket/8303 + + + + + + + + + + CVE-2020-22051 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22051.html + https://trac.ffmpeg.org/ticket/8313 + http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=673fce6d40d9a594fb7a0ea17d296b7d3d9ea856 + + + + + + + + + + CVE-2020-22056 on Ubuntu 20.04 (focal) - medium. + A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22056.html + https://trac.ffmpeg.org/ticket/8304 + + + + + + + + + + CVE-2020-22083 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-17 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22083.html + https://gist.github.com/j0lt-github/bb543e77a1a10c33cb56cf23d0837874 + https://github.com/j0lt-github/python-deserialization-attack-payload-generator + https://github.com/jsonpickle/jsonpickle/issues/332 + https://versprite.com/blog/application-security/into-the-jar-jsonpickle-exploitation/ + + + + + + + + + + CVE-2020-22278 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-04 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22278.html + https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22278.pdf + https://mega.nz/file/ySQnlQSR#vXzY46mgf0CE2ysYpWpbE4O6T_g37--rtaL8pqdHcQs + + + + + + + + + + CVE-2020-22425 on Ubuntu 20.04 (focal) - medium. + Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-15 18:15:00 UTC + Cody Sixteen + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22425.html + https://code610.blogspot.com/2020/04/postauth-sqli-in-centreon-1910-1el7.html + https://github.com/c610/free/ + https://github.com/c610/free/blob/master/Postauth%20SQLi%20in%20Centreon%2019.10-3.el7.pdf + + + + + + + + + + CVE-2020-22650 on Ubuntu 20.04 (focal) - medium. + A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-22650.html + https://github.com/jpalanco/alienvault-ossim/issues/4 + + + + + + + + + + CVE-2020-23856 on Ubuntu 20.04 (focal) - medium. + Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-23856.html + https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html + https://github.com/yangjiageng/PoC/blob/master/PoC_cflow_uaf_parser_line1284 + + + + + + + + + + CVE-2020-23922 on Ubuntu 20.04 (focal) - low. + An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 18:15:00 UTC + https://sourceforge.net/p/giflib/bugs/151/ + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-23922.html + + + + + + + + + + CVE-2020-23928 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-23928.html + https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3 + https://github.com/gpac/gpac/issues/1568 + https://github.com/gpac/gpac/issues/1569 + + + + + + + + + + CVE-2020-23930 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-23930.html + https://github.com/gpac/gpac/commit/9eeac00b38348c664dfeae2525bba0cf1bc32349 + https://github.com/gpac/gpac/issues/1565 + + + + + + + + + + CVE-2020-23931 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-23931.html + https://github.com/gpac/gpac/commit/093283e727f396130651280609e687cd4778e0d1 + https://github.com/gpac/gpac/issues/1564 + https://github.com/gpac/gpac/issues/1567 + + + + + + + + + + CVE-2020-23932 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-23932.html + https://github.com/gpac/gpac/commit/ce01bd15f711d4575b7424b54b3a395ec64c1784 + https://github.com/gpac/gpac/issues/1566 + + + + + + + + + + CVE-2020-24020 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24020.html + https://trac.ffmpeg.org/ticket/8718 + http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb + + + + + + + + + + CVE-2020-24025 on Ubuntu 20.04 (focal) - medium. + Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24025.html + https://github.com/sass/node-sass/pull/567#issuecomment-656609236 + + + + + + + + + + CVE-2020-24027 on Ubuntu 20.04 (focal) - medium. + In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24027.html + http://lists.live555.com/pipermail/live-devel/2020-July/021662.html + http://www.live555.com/liveMedia/public/changelog.txt + + + + + + + + + + CVE-2020-24119 on Ubuntu 20.04 (focal) - low. + A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-14 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24119.html + https://github.com/upx/upx/issues/388 + https://github.com/upx/upx/commit/87b73e5cfdc12da94c251b2cd83bb01c7d9f616c + + + + + + + + + + CVE-2020-24240 on Ubuntu 20.04 (focal) - low. + GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-25 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24240.html + https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html + + + + + + + + + + CVE-2020-24241 on Ubuntu 20.04 (focal) - medium. + In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-25 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24241.html + https://bugzilla.nasm.us/show_bug.cgi?id=3392707 + https://github.com/netwide-assembler/nasm/commit/6ac6ac57e3d01ea8ed4ea47706eb724b59176461 + https://github.com/netwide-assembler/nasm/commit/78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c + + + + + + + + + + CVE-2020-24242 on Ubuntu 20.04 (focal) - low. + In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-25 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24242.html + https://bugzilla.nasm.us/show_bug.cgi?id=3392708 + https://github.com/netwide-assembler/nasm/commit/6299a3114ce0f3acd55d07de201a8ca2f0a83059 + + + + + + + + + + CVE-2020-24265 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-19 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24265.html + https://github.com/appneta/tcpreplay/issues/616 + + + + + + + + + + CVE-2020-24266 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-19 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24266.html + https://github.com/appneta/tcpreplay/issues/617 + + + + + + + + + + CVE-2020-24330 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 17:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1164472 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24330.html + http://www.openwall.com/lists/oss-security/2020/08/14/1 + https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch + https://sourceforge.net/p/trousers/mailman/message/37015817/ + + + + mdeslaur> the Debian/Ubuntu package starts tcsd as the tss user, not as mdeslaur> root, so this issue doesn't affect default configurations + + + + + + + + + CVE-2020-24331 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 17:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1164472 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24331.html + http://www.openwall.com/lists/oss-security/2020/08/14/1 + https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch + https://sourceforge.net/p/trousers/mailman/message/37015817/ + + + + mdeslaur> the Debian/Ubuntu package starts tcsd as the tss user, not as mdeslaur> root, so this issue doesn't affect default configurations + + + + + + + + + CVE-2020-24332 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 17:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1164472 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24332.html + http://www.openwall.com/lists/oss-security/2020/08/14/1 + https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch + https://sourceforge.net/p/trousers/mailman/message/37015817/ + + + + mdeslaur> the Debian/Ubuntu package starts tcsd as the tss user, not as mdeslaur> root, so this issue doesn't affect default configurations + + + + + + + + + CVE-2020-24352 on Ubuntu 20.04 (focal) - low. + An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 06:15:00 UTC + Yi Ren + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968820 + https://bugzilla.redhat.com/show_bug.cgi?id=1847584 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24352.html + https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg05483.html + https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg05720.html + + + + mdeslaur> introduced in qemu 4.0 mdeslaur> as of 2021-07-08, there is no upstream fix available for this mdeslaur> issue. Possibly a dupe of CVE-2020-11869, see msg05720 url mdeslaur> listed above. + + + + + + + + + CVE-2020-24361 on Ubuntu 20.04 (focal) - medium. + SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-16 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24361.html + http://www.snmptt.org/changelog.shtml + + + + + + + + + + CVE-2020-24372 on Ubuntu 20.04 (focal) - medium. + LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-17 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24372.html + https://github.com/LuaJIT/LuaJIT/issues/603 + + + + + + + + + + CVE-2020-24379 on Ubuntu 20.04 (focal) - medium. + WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity (XXE) injection attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-09 19:15:00 UTC + 2020-09-09 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24379.html + https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c + https://github.com/vulnbe/poc-yaws-dav-xxe + https://ubuntu.com/security/notices/USN-4569-1 + + + + + + + + + + CVE-2020-24392 on Ubuntu 20.04 (focal) - low. + In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-19 23:15:00 UTC + Agustin Gianni + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24392.html + https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream + + + + + + + + + + CVE-2020-24489 on Ubuntu 20.04 (focal) - high. + Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O (VT-d). This may allow a local user to perform a privilege escalation attack. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 20:15:00 UTC + 2021-06-08 + amurray + 2021-06-08 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24489.html + https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608 + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html + https://ubuntu.com/security/notices/USN-4985-1 + + + + sbeattie> INTEL-TA-00442 sbeattie> does not appear to be kernel/qemu aspect to this issue + + + + + + + + + CVE-2020-24504 on Ubuntu 20.04 (focal) - medium. + Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 14:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1182404 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24504.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html + + + + sbeattie> these are intel out-of-tree drivers. sbeattie> according to suse bug, the in-tree drivers are fixed via b126bd6bcd6710aa984104e979a5c930f44561b4 sbeattie> possibly introduced in 334cb0626de1 ("ice: Implement VSI replay framework") + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-24511 on Ubuntu 20.04 (focal) - medium. + Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Joseph Nuzman discovered that some Intel processors may not properly apply EIBRS mitigations (originally developed for CVE-2017-5715) and hence may allow unauthorized memory reads via sidechannel attacks. A local attacker could use this to expose sensitive information, including kernel memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 19:15:00 UTC + 2021-06-08 + amurray + Joseph Nuzman + 2021-06-08 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24511.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html + https://ubuntu.com/security/notices/USN-4985-1 + + + + sbeattie> INTEL-TA-00464 sbeattie> no kernel component to this MCU update + + + + + + + + + CVE-2020-24512 on Ubuntu 20.04 (focal) - medium. + Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Travis Downs discovered that some Intel processors did not properly flush cache-lines for trivial-data values. This may allow an unauthorized user to infer the presence of these trivial-data-cache-lines via timing sidechannel attacks. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 19:15:00 UTC + 2021-06-08 + amurray + Travis Downs + 2021-06-08 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24512.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html + https://ubuntu.com/security/notices/USN-4985-1 + + + + sbeattie> INTEL-TA-00464 sbeattie> no kernel component to this MCU update + + + + + + + + + CVE-2020-24513 on Ubuntu 20.04 (focal) - medium. + Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. It was discovered that certain Intel Atom processors could expose memory contents stored in microarchitectural buffers. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 19:15:00 UTC + 2021-06-08 + amurray + 2021-06-08 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24513.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html + https://ubuntu.com/security/notices/USN-4985-1 + + + + sbeattie> INTEL-TA-00465 sbeattie> no kernel component to this issue + + + + + + + + + CVE-2020-24553 on Ubuntu 20.04 (focal) - low. + Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-02 17:15:00 UTC + 2020-09-02 17:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372 + https://github.com/golang/go/issues/40928 + https://github.com/golang/go/issues/41164 (1.14 backport) + https://github.com/golang/go/issues/41165 (1.15 backport) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24553.html + https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs + https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting + http://packetstormsecurity.com/files/159049/Go-CGI-FastCGI-Transport-Cross-Site-Scripting.html + http://seclists.org/fulldisclosure/2020/Sep/5 + https://ubuntu.com/security/notices/USN-4758-1 + + + + + + + + + + + + + CVE-2020-24585 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24585.html + https://github.com/wolfSSL/wolfssl/pull/3219 + https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable + + + + + + + + + + CVE-2020-24586 on Ubuntu 20.04 (focal) - medium. + The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + 2021-05-11 18:00:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24586.html + https://papers.mathyvanhoef.com/usenix2021.pdf + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + https://ubuntu.com/security/notices/USN-5018-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-24587 on Ubuntu 20.04 (focal) - medium. + The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + 2021-05-11 18:00:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24587.html + https://papers.mathyvanhoef.com/usenix2021.pdf + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + https://ubuntu.com/security/notices/USN-5018-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-24588 on Ubuntu 20.04 (focal) - medium. + The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled certain malformed frames. If a user were tricked into connecting to a malicious server, a physically proximate attacker could use this issue to inject packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + 2021-05-11 18:00:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24588.html + https://papers.mathyvanhoef.com/usenix2021.pdf + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-24612 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-24 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24612.html + https://bugzilla.redhat.com/show_bug.cgi?id=1860888 + https://github.com/fedora-selinux/selinux-policy/commit/71e1989028802c7875d3436fd3966c587fa383fb + + + + + + + + + + CVE-2020-24613 on Ubuntu 20.04 (focal) - medium. + wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-24 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24613.html + https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/ + + + + + + + + + + CVE-2020-24614 on Ubuntu 20.04 (focal) - medium. + Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-25 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24614.html + https://www.openwall.com/lists/oss-security/2020/08/20/1 + https://fossil-scm.org/forum/info/a05ae3ce7760daf6 + https://fossil-scm.org/fossil/vdiff?branch=sec2020-2.12-patch&diff=1&w + http://www.openwall.com/lists/oss-security/2020/08/25/1 + + + + + + + + + + CVE-2020-24616 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-25 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24616.html + + + + + + + + + + CVE-2020-24619 on Ubuntu 20.04 (focal) - medium. + In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-22 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24619.html + https://github.com/mltframework/shotcut/commit/f008adc039642307f6ee3378d378cdb842e52c1d + https://shotcut.org/blog/new-release-200913/ + + + + sbeattie| upgrade check should probably be disabled in debian/ubuntu packaging + + + + + + + + + CVE-2020-24660 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-14 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24660.html + https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290 + + + + + + + + + + CVE-2020-24661 on Ubuntu 20.04 (focal) - medium. + GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-26 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24661.html + https://gitlab.gnome.org/GNOME/geary/-/issues/866 + https://gitlab.gnome.org/GNOME/geary/-/commit/0fc8c7c62e8af5734f3ad17f158e5bed7f05fc18 (merge) + + + + + + + + + + CVE-2020-24696 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in PowerDNS Authoritative through 4.3.0 when can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24696.html + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html + + + + sbeattie| likely unaffected due to Debian packages not built with experimental GSS-TSIG support + + + + + + + + + CVE-2020-24697 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in PowerDNS Authoritative through 4.3.0 when can cause a denial of service by sending crafted queries with a GSS-TSIG signature. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24697.html + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html + + + + sbeattie| likely unaffected due to Debian packages not built with experimental GSS-TSIG support + + + + + + + + + CVE-2020-24698 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in PowerDNS Authoritative through 4.3.0 when might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24698.html + https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html + + + + sbeattie| likely unaffected due to debian packages being built without experimental GSS-TSIG support + + + + + + + + + CVE-2020-24750 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24750.html + https://github.com/FasterXML/jackson-databind/issues/2798 + + + + sbeattie| according to debian, mitigated in 2.10 series (focal) and newer as Safe Default Typing is enabled by default but still an issue when Default Typing is enabled. + + + + + + + + + CVE-2020-24870 on Ubuntu 20.04 (focal) - medium. + Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 16:15:00 UTC + https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24870.html + + + + + + + + + + + + + + + + CVE-2020-24916 on Ubuntu 20.04 (focal) - medium. + CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this vulnerability to execute arbitrary commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-09 19:15:00 UTC + 2020-09-09 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24916.html + https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1 + https://github.com/vulnbe/poc-yaws-cgi-shell-injection + https://ubuntu.com/security/notices/USN-4569-1 + + + + + + + + + + CVE-2020-24972 on Ubuntu 20.04 (focal) - medium. + The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-29 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24972.html + https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b + https://dev.gnupg.org/source/kleo/browse/master/CMakeLists.txt + + + + + + + + + + CVE-2020-24977 on Ubuntu 20.04 (focal) - low. + GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-04 00:15:00 UTC + 2020-09-04 00:15:00 UTC + avital + https://bugs.launchpad.net/bugs/1895839 + https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24977.html + https://ubuntu.com/security/notices/USN-4991-1 + + + + mdeslaur> only affects xmllint mdeslaur> contrary to description, not fixed in 8e7c20a1 + + + + + + + + + CVE-2020-24978 on Ubuntu 20.04 (focal) - medium. + In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-04 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24978.html + https://bugzilla.nasm.us/show_bug.cgi?id=3392712 + + + + + + + + + + CVE-2020-24994 on Ubuntu 20.04 (focal) - medium. + Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24994.html + https://github.com/libass/libass/issues/422 + https://github.com/libass/libass/issues/423 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4892 + + + + + + + + + + CVE-2020-24995 on Ubuntu 20.04 (focal) - medium. + Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24995.html + http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f + https://trac.ffmpeg.org/ticket/8845 + https://trac.ffmpeg.org/ticket/8859 + https://trac.ffmpeg.org/ticket/8860 + + + + + + + + + + CVE-2020-24996 on Ubuntu 20.04 (focal) - medium. + There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-03 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24996.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> Doesn't look like the same issue is in poppler, there is no mdeslaur> Catalog.PageLabels + + + + + + + + + CVE-2020-24999 on Ubuntu 20.04 (focal) - medium. + There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-03 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24999.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> reproducer doesn't seem to work on poppler, marking as mdeslaur> not-affected + + + + + + + + + CVE-2020-25031 on Ubuntu 20.04 (focal) - medium. + checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-31 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25031.html + https://bugs.launchpad.net/ubuntu/+source/checkinstall/+bug/1861281 + + + + + + + + + + CVE-2020-25032 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-31 04:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969362 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25032.html + https://github.com/corydolphin/flask-cors/commit/67c4b2cc98ae87cf1fa7df4f97fd81b40c79b895 + + + + + + + + + + CVE-2020-25073 on Ubuntu 20.04 (focal) - medium. + FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-02 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25073.html + https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935 + + + + + + + + + + CVE-2020-25084 on Ubuntu 20.04 (focal) - low. + QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-25 05:15:00 UTC + 2020-09-25 05:15:00 UTC + mdeslaur + Sergej Schumilo, Cornelius Aschermann, Simon Wrner + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970539 + https://bugs.launchpad.net/qemu/+bug/1891341 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25084.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html + https://www.openwall.com/lists/oss-security/2020/09/16/5 + https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fxhci_uaf_2 + http://www.openwall.com/lists/oss-security/2020/09/16/5 + https://ubuntu.com/security/notices/USN-4650-1 + + + + + + + + + + CVE-2020-25085 on Ubuntu 20.04 (focal) - medium. + QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-25 05:15:00 UTC + 2020-09-25 05:15:00 UTC + mdeslaur + Sergej Schumilo, Cornelius Aschermann, Simon Wrner + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970540 + https://bugs.launchpad.net/qemu/+bug/1892960 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25085.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html + https://www.openwall.com/lists/oss-security/2020/09/16/6 + http://www.openwall.com/lists/oss-security/2020/09/16/6 + https://ubuntu.com/security/notices/USN-4650-1 + + + + mdeslaur> same fix as CVE-2020-17380 + + + + + + + + + CVE-2020-25201 on Ubuntu 20.04 (focal) - medium. + HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-04 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25201.html + https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020 + https://www.hashicorp.com/blog/category/consul + + + + + + + + + + CVE-2020-25211 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-09 16:15:00 UTC + 2020-09-09 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25211.html + https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 + https://twitter.com/grsecurity/status/1303646421158109185 + https://lore.kernel.org/stable/20200727190731.4035744-2-willmcvicker@google.com/ + https://ubuntu.com/security/notices/USN-4657-1 + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4660-1 + + + + sbeattie| fixed in 5.4 somewhere; proposed fix only going to stable trees + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25212 on Ubuntu 20.04 (focal) - medium. + A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-09 16:15:00 UTC + 2020-09-09 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25212.html + https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.3 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b4487b93545214a9db8cbf32e86411677b0cca21 + https://twitter.com/grsecurity/status/1303370421958578179 + https://ubuntu.com/security/notices/USN-4525-1 + https://ubuntu.com/security/notices/USN-4527-1 + https://ubuntu.com/security/notices/USN-4578-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25265 on Ubuntu 20.04 (focal) - medium. + AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-02 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25265.html + https://github.com/refi64/CVE-2020-25265-25266 + + + + + + + + + + CVE-2020-25266 on Ubuntu 20.04 (focal) - medium. + AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-02 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25266.html + + + + + + + + + + CVE-2020-25269 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-11 05:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960650 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25269.html + https://docs.inspircd.org/security/2020-01/ + + + + + + + + + + CVE-2020-25284 on Ubuntu 20.04 (focal) - medium. + The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-13 18:15:00 UTC + 2020-09-13 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25284.html + https://git.kernel.org/linus/f44d04e696feaf13d192d942c4f14ad2e117065a + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f44d04e696feaf13d192d942c4f14ad2e117065a + https://twitter.com/grsecurity/status/1304537507560919041 + https://ubuntu.com/security/notices/USN-4657-1 + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4660-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25285 on Ubuntu 20.04 (focal) - low. + A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. It was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-13 18:15:00 UTC + 2020-09-13 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25285.html + https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467 + https://twitter.com/grsecurity/status/1303749848898904067 + https://ubuntu.com/security/notices/USN-4579-1 + https://ubuntu.com/security/notices/USN-4576-1 + https://ubuntu.com/security/notices/USN-4660-1 + https://ubuntu.com/security/notices/USN-4912-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25286 on Ubuntu 20.04 (focal) - medium. + In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-13 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25286.html + https://core.trac.wordpress.org/changeset/47984 + https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-25340 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-16 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25340.html + https://github.com/ntop/nDPI/issues/994 + + + + + + + + + + CVE-2020-25412 on Ubuntu 20.04 (focal) - low. + com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25412.html + https://sourceforge.net/p/gnuplot/bugs/2303/ + + + + + + + + + + CVE-2020-25467 on Ubuntu 20.04 (focal) - low. + A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25467.html + https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641 + https://github.com/ckolivas/lrzip/issues/163 + + + + + + + + + + CVE-2020-25559 on Ubuntu 20.04 (focal) - low. + gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25559.html + https://sourceforge.net/p/gnuplot/bugs/2312/ + + + + + + + + + + CVE-2020-25595 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25595.html + https://xenbits.xen.org/xsa/advisory-337.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-25596 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25596.html + https://xenbits.xen.org/xsa/advisory-339.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-25597 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25597.html + https://xenbits.xen.org/xsa/advisory-338.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-25598 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25598.html + https://xenbits.xen.org/xsa/advisory-334.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-25599 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25599.html + https://xenbits.xen.org/xsa/advisory-343.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/ + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-25600 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25600.html + https://xenbits.xen.org/xsa/advisory-342.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/ + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-25601 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25601.html + https://xenbits.xen.org/xsa/advisory-344.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/ + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-25602 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25602.html + https://xenbits.xen.org/xsa/advisory-333.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/ + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-25603 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25603.html + https://xenbits.xen.org/xsa/advisory-340.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/ + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-25604 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25604.html + https://xenbits.xen.org/xsa/advisory-336.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/ + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-25624 on Ubuntu 20.04 (focal) - low. + hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-30 07:15:00 UTC + 2020-09-25 00:00:00 UTC + mdeslaur + Gaoning Pan, Yongkang Jia, Yi Ren + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970541 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25624.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html + https://ubuntu.com/security/notices/USN-4650-1 + + + + + + + + + + CVE-2020-25625 on Ubuntu 20.04 (focal) - low. + hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-25 05:15:00 UTC + 2020-09-25 05:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970542 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25625.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html + https://www.openwall.com/lists/oss-security/2020/09/17/1 + http://www.openwall.com/lists/oss-security/2020/09/17/1 + https://ubuntu.com/security/notices/USN-4650-1 + + + + + + + + + + CVE-2020-25626 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25626.html + https://bugzilla.redhat.com/show_bug.cgi?id=1878635 + + + + + + + + + + CVE-2020-25632 on Ubuntu 20.04 (focal) - medium. + A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Chris Coulson discovered that the rmmod command in GRUB 2 contained a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 17:15:00 UTC + 2021-03-02 18:00:00 UTC + Chris Coulson + 2021-03-02 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25632.html + https://ubuntu.com/security/notices/USN-4992-1 + + + + amurray| CVE title: "grub2: use-after-free in rmmod command" sbeattie| grub2-unsigned will contain fixes and supersede grub2, which will contain only BIOS grub bits. + + + + + + + + + + + + CVE-2020-25633 on Ubuntu 20.04 (focal) - medium. + A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-18 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970585 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25633.html + https://bugzilla.redhat.com/show_bug.cgi?id=1879042 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633 + + + + + + + + + + + + + CVE-2020-25635 on Ubuntu 20.04 (focal) - low. + A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-05 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25635.html + https://github.com/ansible-collections/community.aws/issues/222 + + + + + + + + + + CVE-2020-25636 on Ubuntu 20.04 (focal) - low. + A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-05 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25636.html + https://github.com/ansible-collections/community.aws/issues/221 + + + + + + + + + + CVE-2020-25637 on Ubuntu 20.04 (focal) - low. + A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25637.html + + + + mdeslaur> Read-only clients can't exploit this flaw. mdeslaur> Clients connecting to the read-write socket can exploit this to mdeslaur> crash libvirt or possibly execute code, but on Ubuntu, mdeslaur> access to the read-write socket already grants root-equivalent mdeslaur> permissions, so this flaw has limited impact. Setting priority mdeslaur> to low. + + + + + + + + + CVE-2020-25638 on Ubuntu 20.04 (focal) - medium. + A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-02 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25638.html + https://bugzilla.redhat.com/show_bug.cgi?id=1881353 + + + + + + + + + + CVE-2020-25639 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-04 22:15:00 UTC + 2021-03-04 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25639.html + https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html + https://ubuntu.com/security/notices/USN-4911-1 + https://ubuntu.com/security/notices/USN-4945-1 + https://ubuntu.com/security/notices/USN-4949-1 + https://ubuntu.com/security/notices/USN-4945-2 + + + + sbeattie| reproducer in freedesktop report sbeattie| no upstream progress as of 2020/11/24 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25641 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. It was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 14:15:00 UTC + 2020-10-06 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25641.html + https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124 + https://ubuntu.com/security/notices/USN-4576-1 + https://ubuntu.com/security/notices/USN-4660-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25643 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 14:15:00 UTC + 2020-10-06 14:15:00 UTC + ChenNan + https://bugs.launchpad.net/bugs/1898742 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25643.html + https://git.kernel.org/linus/66d42ed8b25b64eb63111a2b8582c5afc8bf1105 + https://ubuntu.com/security/notices/USN-4657-1 + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4660-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25645 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. It was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-13 20:15:00 UTC + 2020-10-13 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25645.html + https://git.kernel.org/linus/34beb21594519ce64a55a498c2fe7d567bc1ca20 + https://ubuntu.com/security/notices/USN-4657-1 + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4660-1 + https://ubuntu.com/security/notices/USN-4912-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25646 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-29 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25646.html + https://github.com/ansible-collections/community.crypto/commit/233d1afc296f6770e905a1785ee2f35af7605e43 + + + + + + + + + + CVE-2020-25648 on Ubuntu 20.04 (focal) - low. + A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-20 22:15:00 UTC + https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25648.html + https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes + + + + leosilva> From SUSE and Rhel: This issue affects servers which are compiled against the NSS library. leosilva> Other consumers of NSS like firefox etc are not leosilva> affected by this flaw. + + + + + + + + + CVE-2020-25649 on Ubuntu 20.04 (focal) - medium. + A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25649.html + https://github.com/FasterXML/jackson-databind/issues/2589 + https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1) + + + + + + + + + + CVE-2020-25650 on Ubuntu 20.04 (focal) - low. + A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-25 15:15:00 UTC + 2020-11-03 + mdeslaur + Matthias Gerstner + 2020-11-03 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25650.html + https://www.openwall.com/lists/oss-security/2020/11/04/1 + https://ubuntu.com/security/notices/USN-4617-1 + + + + + + + + + + CVE-2020-25651 on Ubuntu 20.04 (focal) - low. + A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-26 02:15:00 UTC + 2020-11-03 + mdeslaur + Matthias Gerstner + 2020-11-03 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25651.html + https://www.openwall.com/lists/oss-security/2020/11/04/1 + https://ubuntu.com/security/notices/USN-4617-1 + + + + + + + + + + CVE-2020-25652 on Ubuntu 20.04 (focal) - low. + A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-26 02:15:00 UTC + 2020-11-03 + mdeslaur + Matthias Gerstner + 2020-11-03 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25652.html + https://www.openwall.com/lists/oss-security/2020/11/04/1 + https://ubuntu.com/security/notices/USN-4617-1 + + + + + + + + + + CVE-2020-25653 on Ubuntu 20.04 (focal) - low. + A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-26 02:15:00 UTC + 2020-11-03 + mdeslaur + Matthias Gerstner + 2020-11-03 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25653.html + https://www.openwall.com/lists/oss-security/2020/11/04/1 + https://ubuntu.com/security/notices/USN-4617-1 + + + + + + + + + + CVE-2020-25656 on Ubuntu 20.04 (focal) - low. + A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-02 01:15:00 UTC + 2020-12-02 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25656.html + https://www.openwall.com/lists/oss-security/2020/10/16/1 + https://ubuntu.com/security/notices/USN-4679-1 + https://ubuntu.com/security/notices/USN-4680-1 + https://ubuntu.com/security/notices/USN-4681-1 + https://ubuntu.com/security/notices/USN-4751-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25657 on Ubuntu 20.04 (focal) - low. + A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-12 15:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1889823 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25657.html + https://bugzilla.redhat.com/show_bug.cgi?id=1889823 + + + + + + + + + + CVE-2020-25658 on Ubuntu 20.04 (focal) - medium. + It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-12 14:15:00 UTC + Hubert Kario + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25658.html + https://github.com/sybrenstuvel/python-rsa/issues/165 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 + + + + + + + + + + CVE-2020-25664 on Ubuntu 20.04 (focal) - medium. + In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 21:15:00 UTC + Suhwan Song + https://github.com/ImageMagick/ImageMagick/issues/1716 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25664.html + + + + mdeslaur> fix attempt was reverted mdeslaur> unclear what the fix for this issue is as of 2021-06-10 + + + + + + + + + CVE-2020-25665 on Ubuntu 20.04 (focal) - low. + The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 21:15:00 UTC + 2020-12-08 21:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1714 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25665.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-25666 on Ubuntu 20.04 (focal) - low. + There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 21:15:00 UTC + 2020-12-08 21:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1750 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25666.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-25668 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 12:15:00 UTC + 2020-11-02 00:00:00 UTC + Minh Yuan + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25668.html + https://www.openwall.com/lists/oss-security/2020/10/30/1 + https://ubuntu.com/security/notices/USN-4679-1 + https://ubuntu.com/security/notices/USN-4680-1 + https://ubuntu.com/security/notices/USN-4681-1 + https://ubuntu.com/security/notices/USN-4751-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25669 on Ubuntu 20.04 (focal) - low. + A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 12:15:00 UTC + 2020-11-05 00:00:00 UTC + Bodong Zhao + 2020-11-05 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25669.html + https://www.openwall.com/lists/oss-security/2020/11/05/2 + https://ubuntu.com/security/notices/USN-4709-1 + https://ubuntu.com/security/notices/USN-4708-1 + https://ubuntu.com/security/notices/USN-4749-1 + https://ubuntu.com/security/notices/USN-4750-1 + https://ubuntu.com/security/notices/USN-4751-1 + https://ubuntu.com/security/notices/USN-4912-1 + + + + sbeattie> issue is specific to the sun4/sun5 keyboard driver. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25670 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 11:15:00 UTC + 2020-11-02 00:00:00 UTC + Kiyin (尹亮) + https://bugzilla.suse.com/show_bug.cgi?id=1178181 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25670.html + https://www.openwall.com/lists/oss-security/2020/11/01/1 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4977-1 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4999-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25671 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 11:15:00 UTC + 2020-11-02 00:00:00 UTC + Kiyin (尹亮) + https://bugzilla.suse.com/show_bug.cgi?id=1178181 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25671.html + https://www.openwall.com/lists/oss-security/2020/11/01/1 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4977-1 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4999-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25672 on Ubuntu 20.04 (focal) - medium. + A memory leak vulnerability was found in Linux kernel in llcp_sock_connect Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 20:15:00 UTC + 2020-11-02 00:00:00 UTC + Kiyin (尹亮) + https://bugzilla.suse.com/show_bug.cgi?id=1178181 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25672.html + https://www.openwall.com/lists/oss-security/2020/11/01/1 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4977-1 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4999-1 + + + + sbeattie| asserted by the reporter that the issue is similar to the issue fixed in a0c2dc1fe63e2869b, just in llcp_sock_connect() instead. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25673 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 11:15:00 UTC + 2020-11-02 00:00:00 UTC + Kiyin (尹亮) + https://bugzilla.suse.com/show_bug.cgi?id=1178181 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25673.html + https://www.openwall.com/lists/oss-security/2020/11/01/1 + https://ubuntu.com/security/notices/USN-4977-1 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4999-1 + + + + sbeattie> unfixed upstream as of 2021-03-16 sbeattie> possibly addressed by 4b5db93e7f2afbdfe3b78e37879a85290187e6f1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25674 on Ubuntu 20.04 (focal) - low. + WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1715 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25674.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-25675 on Ubuntu 20.04 (focal) - low. + In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1731 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25675.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-25676 on Ubuntu 20.04 (focal) - low. + In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1732 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25676.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-25678 on Ubuntu 20.04 (focal) - low. + A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-08 18:15:00 UTC + 2021-01-08 18:15:00 UTC + https://tracker.ceph.com/issues/37503 + https://tracker.ceph.com/issues/48615 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25678.html + https://access.redhat.com/security/cve/CVE-2020-25678 + https://github.com/ceph/ceph/pull/38479 (16.1) + https://github.com/ceph/ceph/pull/38620 (bp) + https://ubuntu.com/security/notices/USN-4998-1 + + + + mdeslaur> this is fixed in 15.2.8 in focal-updates and groovy-updates but mdeslaur> has not been pushed to the security pocket + + + + + + + + + CVE-2020-25681 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 17:15:00 UTC + 2021-01-19 + mdeslaur + Moshe Kol and Shlomi Oberman + 2021-01-19 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25681.html + https://www.jsof-tech.com/disclosures/dnspooq/ + http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html + https://ubuntu.com/security/notices/USN-4698-1 + + + + + + + + + + CVE-2020-25682 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 17:15:00 UTC + 2021-01-19 + mdeslaur + Moshe Kol and Shlomi Oberman + 2021-01-19 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25682.html + https://www.jsof-tech.com/disclosures/dnspooq/ + http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html + https://ubuntu.com/security/notices/USN-4698-1 + + + + + + + + + + CVE-2020-25683 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 16:15:00 UTC + 2021-01-19 + mdeslaur + Moshe Kol and Shlomi Oberman + 2021-01-19 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25683.html + https://www.jsof-tech.com/disclosures/dnspooq/ + http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html + https://ubuntu.com/security/notices/USN-4698-1 + + + + + + + + + + CVE-2020-25684 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 16:15:00 UTC + 2021-01-19 + mdeslaur + Moshe Kol and Shlomi Oberman + 2021-01-19 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25684.html + https://www.jsof-tech.com/disclosures/dnspooq/ + http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html + https://ubuntu.com/security/notices/USN-4698-1 + + + + + + + + + + CVE-2020-25685 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 16:15:00 UTC + 2021-01-19 + mdeslaur + Moshe Kol and Shlomi Oberman + 2021-01-19 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25685.html + https://www.jsof-tech.com/disclosures/dnspooq/ + http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html + https://ubuntu.com/security/notices/USN-4698-1 + + + + + + + + + + CVE-2020-25686 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 17:15:00 UTC + 2021-01-19 + mdeslaur + Moshe Kol and Shlomi Oberman + 2021-01-19 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25686.html + https://www.jsof-tech.com/disclosures/dnspooq/ + http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html + https://ubuntu.com/security/notices/USN-4698-1 + + + + + + + + + + CVE-2020-25687 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 17:15:00 UTC + 2021-01-19 + mdeslaur + Moshe Kol and Shlomi Oberman + 2021-01-19 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25687.html + https://www.jsof-tech.com/disclosures/dnspooq/ + http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html + https://ubuntu.com/security/notices/USN-4698-1 + + + + + + + + + + CVE-2020-25690 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25690.html + https://bugzilla.redhat.com/show_bug.cgi?id=1893188 + + + + amurray| This is a Red Hat specific CVE due to an insufficient backport of the upstream patch in CVE-2020-5395. Since that CVE is not yet patched in Ubuntu, I am adding this CVE to be tracked so we don't make the same mistake. + + + + + + + + + CVE-2020-25693 on Ubuntu 20.04 (focal) - medium. + A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973770 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25693.html + https://github.com/dtschump/CImg/pull/295 + + + + + + + + + + CVE-2020-25694 on Ubuntu 20.04 (focal) - medium. + A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-16 01:15:00 UTC + 2020-11-13 00:00:00 UTC + mdeslaur + Peter Eisentraut + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25694.html + https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ + https://ubuntu.com/security/notices/USN-4633-1 + + + + leosilva> PostgreSQL 9.1 is end of life upstream, and no updates are leosilva> are available. Marking as ignored in precise. leosilva> PostgreSQL 9.3 is end of life upstream, and no updates are leosilva> are available. Marking as deferred in -esm-main releases. + + + + + + + + + CVE-2020-25695 on Ubuntu 20.04 (focal) - medium. + A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-16 01:15:00 UTC + 2020-11-13 00:00:00 UTC + mdeslaur + Etienne Stalmans + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25695.html + https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ + https://ubuntu.com/security/notices/USN-4633-1 + + + + leosilva> PostgreSQL 9.1 is end of life upstream, and no updates are leosilva> are available. Marking as ignored in precise. leosilva> PostgreSQL 9.3 is end of life upstream, and no updates are leosilva> are available. Marking as deferred in -esm-main releases. + + + + + + + + + CVE-2020-25696 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 22:15:00 UTC + 2020-11-13 00:00:00 UTC + mdeslaur + Nick Cleaton + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25696.html + https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ + https://ubuntu.com/security/notices/USN-4633-1 + + + + leosilva> PostgreSQL 9.1 is end of life upstream, and no updates are leosilva> are available. Marking as ignored in precise. leosilva> PostgreSQL 9.3 is end of life upstream, and no updates are leosilva> are available. Marking as deferred in -esm-main releases. + + + + + + + + + CVE-2020-25697 on Ubuntu 20.04 (focal) - low. + A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 13:15:00 UTC + Demi M. Obenour + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25697.html + https://www.openwall.com/lists/oss-security/2020/11/09/3 + + + + mdeslaur> as of 2021-05-19, there is no upstream fix for this issue. This mdeslaur> is a long-standing X11 design limitation and is difficult to mdeslaur> exploit. We will not be releasing updates for this issue. + + + + + + + + + CVE-2020-2570 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2570.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + CVE-2020-25704 on Ubuntu 20.04 (focal) - medium. + A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-02 01:15:00 UTC + 2020-12-02 01:15:00 UTC + kiyin(尹亮) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25704.html + https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00 + https://www.openwall.com/lists/oss-security/2020/11/09/1 + https://ubuntu.com/security/notices/USN-4679-1 + https://ubuntu.com/security/notices/USN-4711-1 + https://ubuntu.com/security/notices/USN-4710-1 + https://ubuntu.com/security/notices/USN-4751-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25705 on Ubuntu 20.04 (focal) - medium. + A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version Keyu Man discovered that the ICMP global rate limiter in the Linux kernel could be used to assist in scanning open UDP ports. A remote attacker could use to facilitate attacks on UDP based services that depend on source port randomization. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-17 02:15:00 UTC + 2020-11-17 02:15:00 UTC + Keyu Man + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25705.html + https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5 + https://www.saddns.net/ + https://ubuntu.com/security/notices/USN-4657-1 + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4659-1 + https://ubuntu.com/security/notices/USN-4680-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25706 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-12 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25706.html + https://github.com/Cacti/cacti/issues/3723 + https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25706 + + + + + + + + + + CVE-2020-25708 on Ubuntu 20.04 (focal) - medium. + A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-27 18:15:00 UTC + 2020-11-13 00:00:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25708.html + https://github.com/LibVNC/libvncserver/issues/409 + https://ubuntu.com/security/notices/USN-4636-1 + + + + leosilva> vino ships libvncserver source in server/libvncserver + + + + + + + + + + + + + + + CVE-2020-25713 on Ubuntu 20.04 (focal) - low. + A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 15:15:00 UTC + https://bugs.librdf.org/mantis/view.php?id=650 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974664 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25713.html + + + + + + + + + + CVE-2020-25715 on Ubuntu 20.04 (focal) - medium. + A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 11:15:00 UTC + https://github.com/dogtagpki/pki/pull/3471 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25715.html + https://bugzilla.redhat.com/show_bug.cgi?id=1891016 + + + + + + + + + + CVE-2020-2572 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2572.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + CVE-2020-25723 on Ubuntu 20.04 (focal) - medium. + A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-02 01:15:00 UTC + 2020-11-18 08:28:00 UTC + mdeslaur + Cheolwoo Myung + https://bugzilla.redhat.com/show_bug.cgi?id=1898579 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25723.html + https://access.redhat.com/security/cve/CVE-2020-25723 + https://ubuntu.com/security/notices/USN-4650-1 + + + + + + + + + + CVE-2020-25724 on Ubuntu 20.04 (focal) - untriaged. + A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25724.html + https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM) + + + + + + + + + + + + + CVE-2020-25725 on Ubuntu 20.04 (focal) - medium. + In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-21 06:15:00 UTC + Mike Zhang + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725 + https://forum.xpdfreader.com/viewtopic.php?f=3&t=41915 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25725.html + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication this also affects poppler, marking as not-affected + + + + + + + + + CVE-2020-25729 on Ubuntu 20.04 (focal) - low. + ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25729.html + https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413 + https://forums.zoneminder.com/viewforum.php?f=1 + https://github.com/ZoneMinder/zoneminder/releases/tag/1.34.21 + + + + + + + + + + CVE-2020-2573 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2573.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + CVE-2020-25739 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson. It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-23 14:15:00 UTC + 2020-09-23 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25739.html + https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7 + https://ubuntu.com/security/notices/USN-4560-1 + + + + + + + + + + CVE-2020-2574 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2574.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + https://ubuntu.com/security/notices/USN-4250-2 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-25741 on Ubuntu 20.04 (focal) - low. + fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 09:15:00 UTC + Sergej Schumilo, Cornelius Aschermann, Simon Wrner + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25741.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html + https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1 + + + + mdeslaur> as of 2021-07-08, the proposed patch has not been commited mdeslaur> upstream + + + + + + + + + CVE-2020-25742 on Ubuntu 20.04 (focal) - low. + pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971390 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25742.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html + https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1 + + + + mdeslaur> as of 2021-07-08, the proposed patch has not been commited mdeslaur> upstream + + + + + + + + + CVE-2020-25743 on Ubuntu 20.04 (focal) - low. + hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 15:15:00 UTC + Sergej Schumilo, Cornelius Aschermann, Simon Wrner + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25743.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html + https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1b + + + + mdeslaur> as of 2021-07-08, the proposed patch has not been commited mdeslaur> upstream + + + + + + + + + CVE-2020-2575 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-29 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2575.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://www.zerodayinitiative.com/advisories/ZDI-20-582/ + + + + + + + + + + CVE-2020-2577 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2577.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + CVE-2020-2579 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2579.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + CVE-2020-2580 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2580.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.0 only + + + + + + + + + CVE-2020-25812 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-27 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25812.html + https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html + https://phabricator.wikimedia.org/T255918 + https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592 + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html + + + + + + + + + + CVE-2020-25813 on Ubuntu 20.04 (focal) - medium. + In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-27 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25813.html + https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html + https://phabricator.wikimedia.org/T232568 + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html + https://meta.wikimedia.org/wiki/Special:UserRights + + + + + + + + + + CVE-2020-25814 on Ubuntu 20.04 (focal) - medium. + In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-27 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25814.html + https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html + https://phabricator.wikimedia.org/T86738 + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html + https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg + + + + + + + + + + CVE-2020-25815 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text(). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-27 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25815.html + https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html + https://phabricator.wikimedia.org/T256171 + https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214 + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html + + + + + + + + + + CVE-2020-25827 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-27 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25827.html + https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html + https://phabricator.wikimedia.org/T251661 + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html + + + + + + + + + + CVE-2020-25828 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-27 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25828.html + https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html + https://phabricator.wikimedia.org/T115888 + https://lists.wikimedia.org/pipermail/mediawiki-announce + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html + https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html + + + + + + + + + + CVE-2020-25829 on Ubuntu 20.04 (focal) - medium. + An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 06:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25829.html + https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html + + + + + + + + + + CVE-2020-2583 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-2583 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2583.html + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4257-1 + + + + + + + + + + + + + + + CVE-2020-2584 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2584.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + CVE-2020-2585 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2585.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-25860 on Ubuntu 20.04 (focal) - medium. + The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-21 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25860.html + https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv + https://www.vdoo.com/blog/cve-2020-25860-significant-vulnerability-discovered-rauc-embedded-firmware-update-framework + + + + + + + + + + CVE-2020-25862 on Ubuntu 20.04 (focal) - medium. + In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25862.html + https://www.wireshark.org/security/wnpa-sec-2020-12.html + https://gitlab.com/wireshark/wireshark/-/issues/16816 + + + + + + + + + + CVE-2020-25863 on Ubuntu 20.04 (focal) - medium. + In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25863.html + https://www.wireshark.org/security/wnpa-sec-2020-11.html + https://gitlab.com/wireshark/wireshark/-/issues/16741 + + + + + + + + + + CVE-2020-25864 on Ubuntu 20.04 (focal) - medium. + HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-20 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25864.html + https://bugzilla.redhat.com/show_bug.cgi?id=1950275 + https://github.com/hashicorp/consul/pull/10023 + + + + + + + + + + CVE-2020-25866 on Ubuntu 20.04 (focal) - medium. + In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25866.html + https://www.wireshark.org/security/wnpa-sec-2020-13.html + https://gitlab.com/wireshark/wireshark/-/issues/16866 + + + + + + + + + + CVE-2020-2588 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2588.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.0.x only + + + + + + + + + CVE-2020-2589 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2589.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + CVE-2020-2590 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An unauthenticated remote attacker with network access via Kerberos could possibly use this issue to insert, modify or obtain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-2590 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2590.html + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4257-1 + + + + + + + + + + + + + + + CVE-2020-2593 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). It was discovered that OpenJDK incorrectly validated URLs. An attacker could possibly use this issue to insert, edit or obtain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-2593 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2593.html + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4257-1 + + + + + + + + + + + + + + + CVE-2020-2601 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). It was discovered that OpenJDK Security component still used MD5 algorithm. A remote attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-2601 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2601.html + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4257-1 + + + + + + + + + + + + + + + CVE-2020-2604 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). It was discovered that OpenJDK incorrectly handled serialization filter. An attacker could possibly use this issue to bypass the intended filter during serialization. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-27 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-2604 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2604.html + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4257-1 + + + + + + + + + + + + + + CVE-2020-26088 on Ubuntu 20.04 (focal) - medium. + A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. It was discovered that the NFC implementation in the Linux kernel did not properly perform permissions checks when opening raw sockets. A local attacker could use this to create or listen to NFC traffic. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-24 15:15:00 UTC + 2020-09-24 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26088.html + https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2 + https://github.com/torvalds/linux/commit/26896f01467a28651f7a536143fe5ac8449d4041 + https://ubuntu.com/security/notices/USN-4578-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26116 on Ubuntu 20.04 (focal) - medium. + http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-27 04:15:00 UTC + 2020-09-27 04:15:00 UTC + leosilva + https://bugs.python.org/issue39603 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26116.html + https://python-security.readthedocs.io/vuln/http-header-injection-method.html + https://ubuntu.com/security/notices/USN-4581-1 + https://ubuntu.com/security/notices/USN-4754-3 + + + + + + + + + + + + + CVE-2020-26117 on Ubuntu 20.04 (focal) - medium. + In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-27 04:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971272 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26117.html + https://bugzilla.opensuse.org/show_bug.cgi?id=1176733 + https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb (v1.11.0) + https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b (v1.11.0) + https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba (master) + https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e (master) + https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb + https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b + https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba + https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e + https://github.com/TigerVNC/tigervnc/releases/tag/v1.11.0 + + + + + + + + + + CVE-2020-26137 on Ubuntu 20.04 (focal) - medium. + urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 18:15:00 UTC + 2020-09-30 00:00:00 UTC + mdeslaur + https://bugs.python.org/issue39603 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26137.html + https://github.com/urllib3/urllib3/pull/1800 + https://ubuntu.com/security/notices/USN-4570-1 + + + + mdeslaur> the python-pip package bundles python-urllib3 binaries mdeslaur> when built. After updating python-urllib3, a no-change mdeslaur> rebuild of python-pip is required. + + + + + + + + + + + + CVE-2020-26139 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + 2021-05-11 18:00:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26139.html + https://papers.mathyvanhoef.com/usenix2021.pdf + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + https://ubuntu.com/security/notices/USN-5018-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26140 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26140.html + https://papers.mathyvanhoef.com/usenix2021.pdf + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26141 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + 2021-05-11 18:00:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26141.html + https://papers.mathyvanhoef.com/usenix2021.pdf + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26142 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26142.html + https://papers.mathyvanhoef.com/usenix2021.pdf + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26143 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26143.html + https://papers.mathyvanhoef.com/usenix2021.pdf + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26144 on Ubuntu 20.04 (focal) - medium. + An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26144.html + https://papers.mathyvanhoef.com/usenix2021.pdf + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26145 on Ubuntu 20.04 (focal) - medium. + An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation accepted plaintext fragments in certain situations. A physically proximate attacker could use this issue to inject packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + 2021-05-11 18:00:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26145.html + https://papers.mathyvanhoef.com/usenix2021.pdf + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26146 on Ubuntu 20.04 (focal) - medium. + An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26146.html + https://papers.mathyvanhoef.com/usenix2021.pdf + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26147 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 20:15:00 UTC + 2021-05-11 18:00:00 UTC + Mathy Vanhoef + 2021-05-11 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26147.html + https://papers.mathyvanhoef.com/usenix2021.pdf + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + https://ubuntu.com/security/notices/USN-5018-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26148 on Ubuntu 20.04 (focal) - untriaged. + md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971396 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26148.html + https://github.com/mity/md4c/issues/130 + https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0 + + + + + + + + + + CVE-2020-26160 on Ubuntu 20.04 (focal) - medium. + jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 18:15:00 UTC + https://github.com/dgrijalva/jwt-go/issues/422 + https://github.com/dgrijalva/jwt-go/issues/428 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971556 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26160.html + https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515 + + + + mdeslaur> as of 2020-10-02, the proposed patches have not been accepted mdeslaur> into the upstream tree. mdeslaur> mdeslaur> juju-core doesn't use jwt-go in a way that exposes the mdeslaur> vulnerability + + + + + + + + + CVE-2020-26164 on Ubuntu 20.04 (focal) - medium. + In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-07 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971736 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26164.html + https://kde.org/info/security/advisory-20201002-1.txt + https://invent.kde.org/network/kdeconnect-kde/-/commit/f183b5447bad47655c21af87214579f03bf3a163 + https://invent.kde.org/network/kdeconnect-kde/-/commit/b279c52101d3f7cc30a26086d58de0b5f1c547fa + https://invent.kde.org/network/kdeconnect-kde/-/commit/d35b88c1b25fe13715f9170f18674d476ca9acdc + https://invent.kde.org/network/kdeconnect-kde/-/commit/b496e66899e5bc9547b6537a7f44ab44dd0aaf38 + https://invent.kde.org/network/kdeconnect-kde/-/commit/5310eae85dbdf92fba30375238a2481f2e34943e + https://invent.kde.org/network/kdeconnect-kde/-/commit/721ba9faafb79aac73973410ee1dd3624ded97a5 + https://invent.kde.org/network/kdeconnect-kde/-/commit/ae58b9dec49c809b85b5404cee17946116f8a706 + https://invent.kde.org/network/kdeconnect-kde/-/commit/66c768aa9e7fba30b119c8b801efd49ed1270b0a + https://invent.kde.org/network/kdeconnect-kde/-/commit/85b691e40f525e22ca5cc4ebe79c361d71d7dc05 + https://invent.kde.org/network/kdeconnect-kde/-/commit/48180b46552d40729a36b7431e97bbe2b5379306 + https://bugzilla.suse.com/show_bug.cgi?id=1176268 + https://github.com/KDE/kdeconnect-kde/commit/024e5f23db8d8ad3449714b906b46094baaffb89 + https://github.com/KDE/kdeconnect-kde/commit/4fbd01a3d44a0bcca888c49a77ec7cfd10e113d7 + https://github.com/KDE/kdeconnect-kde/commit/542d94a70c56aa386c8d4d793481ce181b0422e8 + https://github.com/KDE/kdeconnect-kde/commit/613899be24b6e2a6b3e5cc719efce8ae8a122991 + https://github.com/KDE/kdeconnect-kde/commit/8112729eb0f13e6947984416118531078e65580d + https://github.com/KDE/kdeconnect-kde/commit/ce0f00fc2d3eccb51d0af4eba61a4f60de086a59 + https://github.com/KDE/kdeconnect-kde/releases + https://kdeconnect.kde.org/official/ + https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00014.html + + + + + + + + + + CVE-2020-26215 on Ubuntu 20.04 (focal) - medium. + Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-18 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26215.html + https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh + https://github.com/jupyter/notebook/commit/2e1c56b0c4a903606d4a2eb13e32409296b9799d + https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74 + + + + + + + + + + CVE-2020-26217 on Ubuntu 20.04 (focal) - medium. + XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-16 21:15:00 UTC + 2020-11-16 21:15:00 UTC + Zhihong Tian and Hui Lu + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26217.html + https://x-stream.github.io/CVE-2020-26217.html + https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2 + https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a + https://ubuntu.com/security/notices/USN-4714-1 + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2020-26237 on Ubuntu 20.04 (focal) - medium. + Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable. The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector. If your website or application does not render user provided data it should be unaffected. Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-24 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26237.html + https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0 + https://github.com/highlightjs/highlight.js/pull/2636 + https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx + https://www.npmjs.com/package/highlight.js + + + + + + + + + + CVE-2020-26243 on Ubuntu 20.04 (focal) - medium. + Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-25 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975838 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26243.html + https://github.com/nanopb/nanopb/security/advisories/GHSA-85rr-4rh9-hhwh + https://github.com/nanopb/nanopb/commit/edf6dcbffee4d614ac0c2c1b258ab95185bdb6e9 (0.4.4) + https://github.com/nanopb/nanopb/issues/615 + https://github.com/nanopb/nanopb/blob/2b48a361786dfb1f63d229840217a93aae064667/CHANGELOG.txt + https://github.com/nanopb/nanopb/commit/4fe23595732b6f1254cfc11a9b8d6da900b55b0c + + + + + + + + + + CVE-2020-26247 on Ubuntu 20.04 (focal) - medium. + Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-30 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26247.html + https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m + https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b (v1.11.0.rc4) + https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b + https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4 + https://hackerone.com/reports/747489 + https://rubygems.org/gems/nokogiri + + + + + + + + + + CVE-2020-26257 on Ubuntu 20.04 (focal) - medium. + Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26257.html + https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm + https://github.com/matrix-org/synapse/pull/8776 + https://github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b + https://github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09 + + + + + + + + + + CVE-2020-26258 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-16 01:15:00 UTC + 2020-12-16 01:15:00 UTC + pfsmorigo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977625 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26258.html + https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28 + https://x-stream.github.io/CVE-2020-26258.html + https://ubuntu.com/security/notices/USN-4714-1 + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2020-26259 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-16 01:15:00 UTC + 2020-12-16 01:15:00 UTC + pfsmorigo + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977624 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26259.html + https://github.com/x-stream/xstream/security/advisories/GHSA-jfvx-7wrx-43fh + https://x-stream.github.io/CVE-2020-26259.html + https://ubuntu.com/security/notices/USN-4714-1 + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2020-2627 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2627.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.0.x only + + + + + + + + + CVE-2020-26284 on Ubuntu 20.04 (focal) - medium. + Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%PATH%` on Windows. In Hugo before version 0.79.1, if a malicious file with the same name (`exe` or `bat`) is found in the current working directory at the time of running `hugo`, the malicious command will be invoked instead of the system one. Windows users who run `hugo` inside untrusted Hugo sites are affected. Users should upgrade to Hugo v0.79.1. Other than avoiding untrusted Hugo sites, there is no workaround. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-21 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26284.html + https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq + https://github.com/golang/go/issues/38736 + + + + + + + + + + CVE-2020-26418 on Ubuntu 20.04 (focal) - medium. + Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26418.html + https://gitlab.com/wireshark/wireshark/-/issues/16739 + https://www.wireshark.org/security/wnpa-sec-2020-16.html + https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json + https://gitlab.com/wireshark/wireshark/-/merge_requests/1100/diffs?commit_id=f4374967bbf9c12746b8ec3cd54dddada9dd353e + + + + + + + + + + CVE-2020-26420 on Ubuntu 20.04 (focal) - medium. + Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26420.html + https://gitlab.com/wireshark/wireshark/-/issues/16994 + https://www.wireshark.org/security/wnpa-sec-2020-18.html + https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json + https://gitlab.com/wireshark/wireshark/-/commit/53682b53da7f0d51effc042cc8613b47d2d65819 + + + + + + + + + + CVE-2020-26421 on Ubuntu 20.04 (focal) - medium. + Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26421.html + https://gitlab.com/wireshark/wireshark/-/issues/16958 + https://www.wireshark.org/security/wnpa-sec-2020-17.html + https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json + https://gitlab.com/wireshark/wireshark/-/commit/61f17d3c2112f5a9da40a33417b778bf66a10aee + + + + + + + + + + CVE-2020-26422 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-21 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26422.html + https://gitlab.com/wireshark/wireshark/-/issues/17073 + https://www.wireshark.org/security/wnpa-sec-2020-20.html + https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json + + + + + + + + + + CVE-2020-26519 on Ubuntu 20.04 (focal) - untriaged. + Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 06:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971595 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26519.html + http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8 + https://bugs.ghostscript.com/show_bug.cgi?id=702937 + + + + + + + + + + CVE-2020-2654 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Bo Zhang and Long Kuan discovered that OpenJDK incorrectly handled X.509 certificates. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + Bo Zhang and Long Kuan + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-2654 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2654.html + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4257-1 + + + + + + + + + + + + + + + CVE-2020-26541 on Ubuntu 20.04 (focal) - medium. + The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 19:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1918960 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26541.html + https://lkml.org/lkml/2020/9/15/1871 + https://lore.kernel.org/lkml/20200916004927.64276-1-eric.snowberg@oracle.com/ + https://lore.kernel.org/lkml/20210122181054.32635-1-eric.snowberg@oracle.com/ + https://lore.kernel.org/lkml/161428671215.677100.6372209948022011988.stgit@warthog.procyon.org.uk/ + https://lore.kernel.org/lkml/1884195.1615482306@warthog.procyon.org.uk/ + + + + sbeattie> as of 2021-03-11, patches are in linux-next and have been submitted to linus for merging, but seems to have stalled there. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26555 on Ubuntu 20.04 (focal) - medium. + Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26555.html + https://kb.cert.org/vuls/id/799380 + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-pin-pairing/ + https://bugzilla.redhat.com/show_bug.cgi?id=1918601 + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26556 on Ubuntu 20.04 (focal) - medium. + Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26556.html + https://kb.cert.org/vuls/id/799380 + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/ + https://bugzilla.redhat.com/show_bug.cgi?id=1960012 + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26557 on Ubuntu 20.04 (focal) - medium. + Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26557.html + https://kb.cert.org/vuls/id/799380 + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/ + https://bugzilla.redhat.com/show_bug.cgi?id=1960009 + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26558 on Ubuntu 20.04 (focal) - medium. + Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 18:15:00 UTC + 2021-06-08 17:00:00 UTC + mdeslaur + 2021-06-08 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26558.html + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-entry/ + https://kb.cert.org/vuls/id/799380 + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html + https://ubuntu.com/security/notices/USN-4989-1 + https://ubuntu.com/security/notices/USN-4989-2 + https://ubuntu.com/security/notices/USN-5018-1 + https://ubuntu.com/security/notices/USN-5017-1 + + + + amurray| Affects bluez versions prior to 5.57 and 5.58 mdeslaur> There is a kernel fix, and a userspace fix + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26559 on Ubuntu 20.04 (focal) - medium. + Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26559.html + https://kb.cert.org/vuls/id/799380 + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/ + https://bugzilla.redhat.com/show_bug.cgi?id=1960011 + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26560 on Ubuntu 20.04 (focal) - medium. + Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26560.html + https://kb.cert.org/vuls/id/799380 + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/ + https://bugzilla.redhat.com/show_bug.cgi?id=1959994 + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-26566 on Ubuntu 20.04 (focal) - medium. + A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-26 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972986 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26566.html + https://github.com/Motion-Project/motion/security/advisories/GHSA-6f7x-grw7-fw24 + https://github.com/Motion-Project/motion/issues/1227#issuecomment-715927776 + https://github.com/Motion-Project/motion/pull/1232 + https://github.com/Motion-Project/motion/releases + https://motion-project.github.io/index.html + + + + + + + + + + CVE-2020-26570 on Ubuntu 20.04 (focal) - medium. + The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26570.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316 + https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e + + + + + + + + + + CVE-2020-26571 on Ubuntu 20.04 (focal) - medium. + The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26571.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612 + + + + + + + + + + CVE-2020-26572 on Ubuntu 20.04 (focal) - medium. + The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26572.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 + https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 + + + + + + + + + + CVE-2020-26575 on Ubuntu 20.04 (focal) - medium. + In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26575.html + https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab + https://gitlab.com/wireshark/wireshark/-/issues/16887 + https://gitlab.com/wireshark/wireshark/-/merge_requests/467 + https://gitlab.com/wireshark/wireshark/-/merge_requests/471 + https://gitlab.com/wireshark/wireshark/-/merge_requests/472 + https://gitlab.com/wireshark/wireshark/-/merge_requests/473 + + + + + + + + + + CVE-2020-2660 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2660.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + CVE-2020-26664 on Ubuntu 20.04 (focal) - medium. + A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-08 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979676 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26664.html + https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c (3.0.12) + https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt + http://videolan.com + http://vlc.com + + + + + + + + + + CVE-2020-26682 on Ubuntu 20.04 (focal) - medium. + In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26682.html + https://github.com/libass/libass/issues/431 + https://github.com/libass/libass/pull/432 + + + + + + + + + + CVE-2020-2674 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2674.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2678 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2678.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2679 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2679.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.0.x only + + + + + + + + + CVE-2020-26797 on Ubuntu 20.04 (focal) - medium. + Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-18 20:15:00 UTC + https://sourceforge.net/p/mediainfo/bugs/1154/ + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26797.html + https://sourceforge.net/p/mediainfo/bugs/1154/ + + + + + + + + + + CVE-2020-2681 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2681.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2682 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2682.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2686 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2686.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.0.x only + + + + + + + + + CVE-2020-26880 on Ubuntu 20.04 (focal) - medium. + Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-07 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26880.html + https://github.com/sympa-community/sympa/issues/1009 + https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420 + https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235 + + + + + + + + + + CVE-2020-2689 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2689.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-26890 on Ubuntu 20.04 (focal) - medium. + Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-24 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26890.html + https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f + + + + + + + + + + CVE-2020-26891 on Ubuntu 20.04 (focal) - medium. + AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26891.html + https://github.com/matrix-org/synapse/pull/8444 + https://github.com/matrix-org/synapse/releases + https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory + + + + + + + + + + CVE-2020-2690 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2690.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2691 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2691.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2692 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2692.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2693 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2693.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-26932 on Ubuntu 20.04 (focal) - medium. + debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-10 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971904 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26932.html + https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 + https://bugs.debian.org/971904 + + + + + + + + + + CVE-2020-26934 on Ubuntu 20.04 (focal) - medium. + phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. It was discovered that phpMyAdmin was vulnerable to an XSS attack. If a victim were to click on a crafted link, an attacker could run malicious JavaScript on the victim's system. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-10 19:15:00 UTC + 2020-10-10 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971999 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26934.html + https://www.phpmyadmin.net/security/PMASA-2020-5/ + https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523 + https://ubuntu.com/security/notices/USN-4639-1 + + + + mdeslaur> vulerability was introduced in 2.5.0. File where issue is mdeslaur> is different in bionic and earlier. + + + + + + + + + CVE-2020-26935 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. It was discovered that phpMyAdmin did not properly handler certain SQL statements in the search feature. An attacker could use this vulnerability to inject malicious SQL into a query. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-10 19:15:00 UTC + 2020-10-10 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972000 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26935.html + https://www.phpmyadmin.net/security/PMASA-2020-6/ + https://github.com/phpmyadmin/phpmyadmin/commit/d09ab9bc9d634ad08b866d42bb8c4109869d38d2 + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2020-26939 on Ubuntu 20.04 (focal) - low. + In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26939.html + https://github.com/bcgit/bc-java/wiki/CVE-2020-26939 + https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1 (r1rv61) + + + + + + + + + + CVE-2020-2694 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2694.html + https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4250-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.0.x only + + + + + + + + + CVE-2020-26950 on Ubuntu 20.04 (focal) - high. + In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26950.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950 + https://ubuntu.com/security/notices/USN-4625-1 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26951 on Ubuntu 20.04 (focal) - medium. + A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26951.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26951 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26951 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26952 on Ubuntu 20.04 (focal) - medium. + Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26952.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-26953 on Ubuntu 20.04 (focal) - medium. + It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26953.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26953 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26953 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26954 on Ubuntu 20.04 (focal) - medium. + When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26954.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26954 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-26955 on Ubuntu 20.04 (focal) - medium. + When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26955.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26955 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-26956 on Ubuntu 20.04 (focal) - medium. + In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26956.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26956 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26956 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26957 on Ubuntu 20.04 (focal) - medium. + OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26957.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26957 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-26958 on Ubuntu 20.04 (focal) - medium. + Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26958.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26958 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26958 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26959 on Ubuntu 20.04 (focal) - medium. + During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26959.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26959 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26959 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26960 on Ubuntu 20.04 (focal) - medium. + If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26960.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26960 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26960 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26961 on Ubuntu 20.04 (focal) - medium. + When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26961.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26961 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26961 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26962 on Ubuntu 20.04 (focal) - low. + Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26962.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-26963 on Ubuntu 20.04 (focal) - low. + Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26963.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26963 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-26964 on Ubuntu 20.04 (focal) - low. + If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26964.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26964 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-26965 on Ubuntu 20.04 (focal) - low. + Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26965.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26965 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26965 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26966 on Ubuntu 20.04 (focal) - low. + Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26966.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26966 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-26967 on Ubuntu 20.04 (focal) - low. + When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26967.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26967 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-26968 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26968.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26968 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26968 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + https://ubuntu.com/security/notices/USN-4647-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26969 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-11-17 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26969.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969 + https://ubuntu.com/security/notices/USN-4637-1 + https://ubuntu.com/security/notices/USN-4637-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-26970 on Ubuntu 20.04 (focal) - medium. + When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 01:15:00 UTC + 2020-12-09 01:15:00 UTC + Chiaki Ishikawa + https://bugs.launchpad.net/bugs/1906609 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26970.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970 + https://bugzilla.mozilla.org/show_bug.cgi?id=1677338 + https://ubuntu.com/security/notices/USN-4701-1 + + + + + + + + + + CVE-2020-26971 on Ubuntu 20.04 (focal) - medium. + Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + 2020-12-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26971.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26971 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26971 + https://ubuntu.com/security/notices/USN-4671-1 + https://ubuntu.com/security/notices/USN-4701-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26972 on Ubuntu 20.04 (focal) - medium. + The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + 2020-12-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26972.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26972 + https://ubuntu.com/security/notices/USN-4671-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-26973 on Ubuntu 20.04 (focal) - medium. + Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + 2020-12-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26973.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973 + https://ubuntu.com/security/notices/USN-4671-1 + https://ubuntu.com/security/notices/USN-4701-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26974 on Ubuntu 20.04 (focal) - medium. + When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + 2020-12-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26974.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26974 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974 + https://ubuntu.com/security/notices/USN-4671-1 + https://ubuntu.com/security/notices/USN-4701-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26976 on Ubuntu 20.04 (focal) - medium. + When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + 2020-12-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26976.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26976 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-26976 + https://ubuntu.com/security/notices/USN-4671-1 + https://ubuntu.com/security/notices/USN-4736-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26978 on Ubuntu 20.04 (focal) - medium. + Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + 2020-12-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26978.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26978 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26978 + https://ubuntu.com/security/notices/USN-4671-1 + https://ubuntu.com/security/notices/USN-4701-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-26979 on Ubuntu 20.04 (focal) - low. + When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox < 84. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + 2020-12-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26979.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979 + https://ubuntu.com/security/notices/USN-4671-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-2698 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2698.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2701 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2701.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2702 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + Lucas Leong + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2702.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2703 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36 and prior to 6.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + Davide Berardi + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2703.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2704 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2704.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2705 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2705.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-27153 on Ubuntu 20.04 (focal) - low. + In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-15 03:15:00 UTC + 2020-10-15 03:15:00 UTC + mdeslaur + Jay LV + https://bugzilla.redhat.com/show_bug.cgi?id=1884817 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27153.html + https://github.com/bluez/bluez/commit/5a180f2ec9edfacafd95e5fed20d36fe8e077f07 + https://ubuntu.com/security/notices/USN-4989-1 + https://ubuntu.com/security/notices/USN-4989-2 + + + + mdeslaur> per Red Hat, there is currently no known path to code execution mdeslaur> as there is a small time window between the two calls to free() mdeslaur> as such, marking as low priority. + + + + + + + + + CVE-2020-27170 on Ubuntu 20.04 (focal) - high. + An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-03-20 22:15:00 UTC + 2021-03-18 22:00:00 UTC + cascardo + Piotr Krysiuk + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27170.html + https://www.openwall.com/lists/oss-security/2021/03/19/2 + https://ubuntu.com/security/notices/USN-4887-1 + https://ubuntu.com/security/notices/USN-4890-1 + + + + amurray> According to the upstream advisory, f232326f6966cf2a1d1db7bc917a4ce5f9f55f76 is the minimal fix but the whole series should be applied together sbeattie> kernels before 4.15 are not affected by this. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27171 on Ubuntu 20.04 (focal) - high. + An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-03-20 22:15:00 UTC + 2021-03-18 22:00:00 UTC + cascardo + Piotr Krysiuk + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27171.html + https://www.openwall.com/lists/oss-security/2021/03/19/3 + https://ubuntu.com/security/notices/USN-4887-1 + https://ubuntu.com/security/notices/USN-4890-1 + + + + amurray| According to the upstream advisory, 10d2bb2e6b1d8c4576c56a748f697dbeb8388899 is the minimal fix but the whole series should be applied together + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27187 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-26 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27187.html + https://kde.org/info/security/advisory-20201017-1.txt + https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed (fix) + https://invent.kde.org/system/kpmcore/-/commit/7ec4b611dcf822439b081613cca4184689266454 (removes KF5 5.73 dependency) + https://bugzilla.redhat.com/show_bug.cgi?id=1890199 + + + + + + + + + + CVE-2020-27195 on Ubuntu 20.04 (focal) - low. + HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27195.html + https://github.com/hashicorp/nomad/commit/a8ea7c5f421297db434b45046fca7a9deef6df85 (0.12.6) + https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020 + https://www.nomadproject.io/downloads + + + + + + + + + + CVE-2020-27207 on Ubuntu 20.04 (focal) - medium. + Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-26 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27207.html + + + + + + + + + + CVE-2020-27216 on Ubuntu 20.04 (focal) - medium. + In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-23 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27216.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921 + https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb + https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f + https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6 + https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053 + + + + + + + + + + CVE-2020-27223 on Ubuntu 20.04 (focal) - medium. + In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27223.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128 + https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7 + + + + + + + + + + CVE-2020-2725 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + Zhongcheng Li + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2725.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2726 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2726.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2727 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2727.html + https://www.oracle.com/security-alerts/cpujan2020.html + + + + + + + + + + CVE-2020-2741 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2741.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2742 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2742.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2743 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2743.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2748 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2748.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-27511 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 version 1.6 and below where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-21 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27511.html + http://prototypejs.org/ + https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md + https://github.com/prototypejs/prototype/blob/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283 + + + + + + + + + + CVE-2020-2752 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2752.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4603-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-2758 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2758.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2759 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2759.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2760 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2760.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + https://ubuntu.com/security/notices/USN-4603-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-2761 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2761.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-27617 on Ubuntu 20.04 (focal) - low. + eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 08:15:00 UTC + 2020-11-06 08:15:00 UTC + mdeslaur + Gaoning Pan + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973324 + https://bugs.launchpad.net/qemu/+bug/1878067 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27617.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html + https://www.openwall.com/lists/oss-security/2020/11/02/1 + https://ubuntu.com/security/notices/USN-4650-1 + + + + + + + + + + CVE-2020-27618 on Ubuntu 20.04 (focal) - low. + The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 23:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=26224 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27618.html + + + + + + + + + + CVE-2020-27619 on Ubuntu 20.04 (focal) - low. + In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 03:16:00 UTC + 2020-10-22 03:16:00 UTC + https://bugs.python.org/issue41944 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27619.html + https://ubuntu.com/security/notices/USN-4754-1 + https://ubuntu.com/security/notices/USN-4754-3 + + + + + + + + + + + + + CVE-2020-2762 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2762.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2763 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2763.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-27637 on Ubuntu 20.04 (focal) - medium. + The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-12 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27637.html + https://labs.bishopfox.com/advisories/cran-version-4.0.2 + https://www.r-project.org/foundation/ + + + + + + + + + + CVE-2020-2765 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2765.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-27670 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27670.html + https://xenbits.xen.org/xsa/advisory-347.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-27671 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27671.html + https://xenbits.xen.org/xsa/advisory-346.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-27672 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27672.html + https://xenbits.xen.org/xsa/advisory-345.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-27673 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. Julien Grall discovered that the Xen dom0 event handler in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + 2020-10-22 21:15:00 UTC + Julien Grall + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27673.html + https://xenbits.xen.org/xsa/advisory-332.html + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e99502f76271d6bc4e374fe368c50c67a1fd3070 + https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd3070 + https://ubuntu.com/security/notices/USN-4751-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27674 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27674.html + https://xenbits.xen.org/xsa/advisory-286.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-27675 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. An attacker in guest could possibly use this to cause a denial of service (dom0 crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 21:15:00 UTC + 2020-10-22 21:15:00 UTC + Jinoh Kang + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27675.html + https://xenbits.xen.org/xsa/advisory-331.html + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073d0552ead5bfc7a3a9c01de590e924f11b5dd2 + https://github.com/torvalds/linux/commit/073d0552ead5bfc7a3a9c01de590e924f11b5dd2 + https://ubuntu.com/security/notices/USN-4679-1 + https://ubuntu.com/security/notices/USN-4680-1 + https://ubuntu.com/security/notices/USN-4681-1 + https://ubuntu.com/security/notices/USN-4751-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-2770 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2770.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-27739 on Ubuntu 20.04 (focal) - medium. + A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-28 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973385 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27739.html + http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834 + https://www.citadel.org/ + + + + + + + + + + CVE-2020-2774 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2774.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-27740 on Ubuntu 20.04 (focal) - medium. + Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-28 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973385 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27740.html + http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834 + https://www.citadel.org/ + + + + + + + + + + CVE-2020-27741 on Ubuntu 20.04 (focal) - medium. + Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-28 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973385 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27741.html + http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834 + https://www.citadel.org/ + + + + + + + + + + CVE-2020-27742 on Ubuntu 20.04 (focal) - medium. + An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-28 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973385 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27742.html + http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834 + https://www.citadel.org/ + + + + + + + + + + CVE-2020-27743 on Ubuntu 20.04 (focal) - medium. + libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-26 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973250 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27743.html + https://github.com/kravietz/pam_tacplus/pull/163 + https://tools.ietf.org/html/rfc8907 + + + + + + + + + + CVE-2020-27745 on Ubuntu 20.04 (focal) - medium. + Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-27 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974721 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27745.html + https://www.schedmd.com/news.php?id=240 + https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html + https://github.com/SchedMD/slurm/commit/c3142dd87e06621ff148791c3d2f298b5c0b3a81 + + + + + + + + + + CVE-2020-27746 on Ubuntu 20.04 (focal) - medium. + Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-27 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974722 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27746.html + https://www.schedmd.com/news.php?id=240 + https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html + + + + + + + + + + CVE-2020-27749 on Ubuntu 20.04 (focal) - medium. + A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Chris Coulson discovered that a buffer overflow existed in the command line parser in GRUB 2. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 17:15:00 UTC + 2021-03-02 18:00:00 UTC + Chris Coulson + 2021-03-02 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27749.html + https://ubuntu.com/security/notices/USN-4992-1 + + + + sbeattie| grub2-unsigned will contain fixes and supersede grub2, which will contain only BIOS grub bits. + + + + + + + + + + + + CVE-2020-27750 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1711 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27750.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27751 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1727 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27751.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27752 on Ubuntu 20.04 (focal) - medium. + A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1752 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27752.html + + + + mdeslaur> need to clarify exact patch, see Debian comment on upstream bug + + + + + + + + + CVE-2020-27753 on Ubuntu 20.04 (focal) - low. + There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1757 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27753.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27754 on Ubuntu 20.04 (focal) - low. + In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1754 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27754.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27755 on Ubuntu 20.04 (focal) - low. + in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1756 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27755.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27756 on Ubuntu 20.04 (focal) - low. + In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1725 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27756.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27757 on Ubuntu 20.04 (focal) - low. + A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1712 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27757.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27758 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1719 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27758.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27759 on Ubuntu 20.04 (focal) - low. + In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + 2020-12-03 17:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1720 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27759.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27760 on Ubuntu 20.04 (focal) - low. + In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + 2020-12-03 17:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1717 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27760.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27761 on Ubuntu 20.04 (focal) - low. + WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + 2020-12-03 17:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1726 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27761.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27762 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + 2020-12-03 17:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1713 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27762.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27763 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + 2020-12-03 17:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1718 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27763.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27764 on Ubuntu 20.04 (focal) - low. + In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + 2020-12-03 17:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1735 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27764.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27765 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 15:15:00 UTC + 2020-12-04 15:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1730 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27765.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27766 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 15:15:00 UTC + 2020-12-04 15:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1734 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27766.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + mdeslaur> Same fix as CVE-2020-27774 + + + + + + + + + CVE-2020-27767 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 15:15:00 UTC + 2020-12-04 15:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1741 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27767.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27768 on Ubuntu 20.04 (focal) - low. + In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 04:15:00 UTC + 2021-02-23 04:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1751 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27768.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27769 on Ubuntu 20.04 (focal) - low. + In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-14 20:15:00 UTC + 2021-05-14 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27769.html + https://github.com/ImageMagick/ImageMagick/issues/1740 + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27770 on Ubuntu 20.04 (focal) - low. + Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 15:15:00 UTC + 2020-12-04 15:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1721 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27770.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27771 on Ubuntu 20.04 (focal) - low. + In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 15:15:00 UTC + 2020-12-04 15:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1753 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27771.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27772 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 22:15:00 UTC + 2020-12-04 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1749 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27772.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27773 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 22:15:00 UTC + 2020-12-04 22:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1739 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27773.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27774 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 21:15:00 UTC + 2020-12-04 21:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1743 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27774.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + mdeslaur> same fix as CVE-2020-27766 + + + + + + + + + CVE-2020-27775 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 21:15:00 UTC + 2020-12-04 21:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1737 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27775.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2020-27776 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 21:15:00 UTC + 2020-12-04 21:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1736 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27776.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + mdeslaur> same fix as CVE-2020-27764 + + + + + + + + + CVE-2020-27779 on Ubuntu 20.04 (focal) - medium. + A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that the cutmem command in GRUB 2 did not honor secure boot locking. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 17:15:00 UTC + 2021-03-02 18:00:00 UTC + 2021-03-02 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27779.html + https://ubuntu.com/security/notices/USN-4992-1 + + + + sbeattie| grub2-unsigned will contain fixes and supersede grub2, which will contain only BIOS grub bits. + + + + + + + + + + + + CVE-2020-27781 on Ubuntu 20.04 (focal) - medium. + User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0. Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to resources. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-18 21:15:00 UTC + 2020-12-18 21:15:00 UTC + Goutham Pacha Ravi, Jahson Babel, John Garbutt + https://bugs.launchpad.net/manila/+bug/1904015 + https://bugzilla.redhat.com/show_bug.cgi?id=1900109 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27781.html + https://ubuntu.com/security/notices/USN-4998-1 + + + + mdeslaur> this is fixed in 15.2.8 in focal-updates and groovy-updates but mdeslaur> has not been pushed to the security pocket + + + + + + + + + CVE-2020-27782 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 19:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1901304 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27782.html + + + + + + + + + + CVE-2020-2779 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2779.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2780 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2780.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-27814 on Ubuntu 20.04 (focal) - medium. + A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2020-11-30 00:00:00 UTC + https://github.com/uclouvain/openjpeg/issues/1283 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27814.html + https://ubuntu.com/security/notices/USN-4685-1 + https://ubuntu.com/security/notices/USN-4686-1 + https://ubuntu.com/security/notices/USN-4880-1 + + + + mdeslaur> check bug to see if there are more commits before fixing + + + + + + + + + + + + CVE-2020-27815 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 13:15:00 UTC + 2020-11-30 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27815.html + https://www.openwall.com/lists/oss-security/2020/11/30/5 + https://ubuntu.com/security/notices/USN-4748-1 + https://ubuntu.com/security/notices/USN-4749-1 + https://ubuntu.com/security/notices/USN-4750-1 + https://ubuntu.com/security/notices/USN-4751-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27818 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27818.html + https://bugzilla.redhat.com/show_bug.cgi?id=1902011 + + + + + + + + + + CVE-2020-27819 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27819.html + https://github.com/libxls/libxls/issues/84 + + + + + + + + + + CVE-2020-27820 on Ubuntu 20.04 (focal) - low. + [use-after-free in nouveau kernel module] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 00:00:00 UTC + Jeremy Cline + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-27820 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27820.html + https://lore.kernel.org/dri-devel/20201125202648.5220-1-jcline@redhat.com/ + + + + sbeattie| as of 2021-03-16, does not appear to have made progress upstream. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27823 on Ubuntu 20.04 (focal) - medium. + A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 15:15:00 UTC + 2020-12-09 00:00:00 UTC + https://github.com/uclouvain/openjpeg/issues/1284 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27823.html + https://ubuntu.com/security/notices/USN-4685-1 + https://ubuntu.com/security/notices/USN-4880-1 + + + + + + + + + + + + + + + + CVE-2020-27824 on Ubuntu 20.04 (focal) - medium. + A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 14:15:00 UTC + 2020-12-10 + https://github.com/uclouvain/openjpeg/issues/1286 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27824.html + https://ubuntu.com/security/notices/USN-4685-1 + https://ubuntu.com/security/notices/USN-4686-1 + https://ubuntu.com/security/notices/USN-4880-1 + + + + + + + + + + + + + + + + CVE-2020-27830 on Ubuntu 20.04 (focal) - low. + A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash. Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 15:15:00 UTC + 2020-12-07 00:00:00 UTC + Shisong Qin and Bodong Zhao + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27830.html + https://www.openwall.com/lists/oss-security/2020/12/07/1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f0992098cadb4c9c6a00703b66cafe604e178fea + https://ubuntu.com/security/notices/USN-4749-1 + https://ubuntu.com/security/notices/USN-4750-1 + https://ubuntu.com/security/notices/USN-4751-1 + https://ubuntu.com/security/notices/USN-4912-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27834 on Ubuntu 20.04 (focal) - medium. + [attacker can send the same request over and over again without changing the CSRF token] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27834.html + https://bugzilla.redhat.com/show_bug.cgi?id=1907497 + http://almorabea.net/cves/zabbix.txt + + + + + + + + + + CVE-2020-27835 on Ubuntu 20.04 (focal) - medium. + A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system. It was discovered that a use-after-free vulnerability existed in the infiniband hfi1 device driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 18:15:00 UTC + 2021-01-07 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27835.html + https://git.kernel.org/linus/3d2a9d642512c21a12d19b9250e7a835dcb41a79 + https://ubuntu.com/security/notices/USN-4751-1 + + + + sbeattie| commit references two commits that introduced the issue. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27837 on Ubuntu 20.04 (focal) - low. + A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-28 19:15:00 UTC + https://gitlab.gnome.org/GNOME/gdm/-/issues/660 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27837.html + + + + mdeslaur> unlikely scenario, requires autologin to be enabled and for a mdeslaur> session to crash but then still work. Setting priority to "low" + + + + + + + + + CVE-2020-27839 on Ubuntu 20.04 (focal) - medium. + A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored by the frontend application in the browser’s localStorage which is potentially vulnerable to attackers via XSS attacks. The highest threat from this vulnerability is to data confidentiality and integrity. It was discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + 2021-05-26 22:15:00 UTC + https://tracker.ceph.com/issues/44591 + https://tracker.ceph.com/issues/48739 (bp) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27839.html + https://github.com/ceph/ceph/pull/38259 + https://ubuntu.com/security/notices/USN-4998-1 + + + + mdeslaur> this is fixed in 15.2.11 in focal-updates and groovy-updates but mdeslaur> has not been pushed to the security pocket + + + + + + + + + CVE-2020-27841 on Ubuntu 20.04 (focal) - low. + There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-05 18:15:00 UTC + 2021-01-05 18:15:00 UTC + https://github.com/uclouvain/openjpeg/issues/1293 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27841.html + https://ubuntu.com/security/notices/USN-4685-1 + https://ubuntu.com/security/notices/USN-4686-1 + https://ubuntu.com/security/notices/USN-4880-1 + + + + + + + + + + + + + CVE-2020-27842 on Ubuntu 20.04 (focal) - medium. + There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-05 18:15:00 UTC + 2021-01-05 18:15:00 UTC + https://github.com/uclouvain/openjpeg/issues/1294 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27842.html + https://ubuntu.com/security/notices/USN-4685-1 + https://ubuntu.com/security/notices/USN-4686-1 + + + + + + + + + + + + + + + + CVE-2020-27843 on Ubuntu 20.04 (focal) - low. + A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-05 18:15:00 UTC + 2021-01-05 18:15:00 UTC + https://github.com/uclouvain/openjpeg/issues/1297 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27843.html + https://ubuntu.com/security/notices/USN-4685-1 + https://ubuntu.com/security/notices/USN-4686-1 + + + + + + + + + + + + + + + + CVE-2020-27844 on Ubuntu 20.04 (focal) - medium. + A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-05 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27844.html + https://github.com/uclouvain/openjpeg/issues/1299 + https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296 + + + + ebarretto> The fix for this CVE was not applied in 2.1.2-1.1+deb9u6 even though ebarretto> it was mentioned in the changelog and the patch is also in ebarretto> debian/patches/ + + + + + + + + + CVE-2020-27845 on Ubuntu 20.04 (focal) - medium. + There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-05 18:15:00 UTC + 2021-01-05 18:15:00 UTC + https://github.com/uclouvain/openjpeg/issues/1302 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27845.html + https://ubuntu.com/security/notices/USN-4685-1 + https://ubuntu.com/security/notices/USN-4686-1 + https://ubuntu.com/security/notices/USN-4880-1 + + + + + + + + + + + + + + + CVE-2020-2790 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2790.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 5.7 only + + + + + + + + + CVE-2020-27918 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2021-03-26 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27918.html + https://ubuntu.com/security/notices/USN-4894-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-28007 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28007.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28008 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28008.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28009 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28009.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28010 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28010.html + https://ubuntu.com/security/notices/USN-4934-1 + + + + + + + + + + CVE-2020-28011 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28011.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28012 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28012.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28013 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28013.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28014 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28014.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28015 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28015.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28017 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28017.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28018 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28018.html + https://ubuntu.com/security/notices/USN-4934-1 + + + + + + + + + + CVE-2020-28019 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28019.html + https://ubuntu.com/security/notices/USN-4934-1 + + + + + + + + + + CVE-2020-28020 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28020.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28021 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28021.html + https://ubuntu.com/security/notices/USN-4934-1 + + + + + + + + + + CVE-2020-28022 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28022.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28023 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28023.html + https://ubuntu.com/security/notices/USN-4934-1 + + + + + + + + + + CVE-2020-28024 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28024.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28025 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28025.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28026 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28026.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2020-28030 on Ubuntu 20.04 (focal) - medium. + In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28030.html + https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b + https://gitlab.com/wireshark/wireshark/-/issues/16887 + https://www.wireshark.org/security/wnpa-sec-2020-15.html + + + + + + + + + + CVE-2020-28032 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28032.html + https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3 + https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + https://wpscan.com/vulnerability/10446 + + + + + + + + + + CVE-2020-28033 on Ubuntu 20.04 (focal) - low. + WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28033.html + https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-28034 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.5.2 allows XSS associated with global variables. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28034.html + https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-28035 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28035.html + https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-28036 on Ubuntu 20.04 (focal) - low. + wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28036.html + https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32 + https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + https://wpscan.com/vulnerability/10449 + + + + + + + + + + CVE-2020-28037 on Ubuntu 20.04 (focal) - medium. + is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28037.html + https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c + https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + https://wpscan.com/vulnerability/10450 + + + + + + + + + + CVE-2020-28038 on Ubuntu 20.04 (focal) - medium. + WordPress before 5.5.2 allows stored XSS via post slugs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28038.html + https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-28039 on Ubuntu 20.04 (focal) - medium. + is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28039.html + https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad + https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + https://wpscan.com/vulnerability/10452 + + + + + + + + + + CVE-2020-2804 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2804.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-28040 on Ubuntu 20.04 (focal) - low. + WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28040.html + https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html + https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-28049 on Ubuntu 20.04 (focal) - low. + An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-04 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973748 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28049.html + https://www.openwall.com/lists/oss-security/2020/11/04/2 + https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222 + https://bugzilla.suse.com/show_bug.cgi?id=1177201 + https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-28049 + https://github.com/sddm/sddm/blob/v0.19.0/ChangeLog + https://github.com/sddm/sddm/releases + + + + + + + + + + CVE-2020-28052 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-18 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28052.html + https://github.com/bcgit/bc-java/wiki/CVE-2020-28052 + https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/ + + + + + + + + + + CVE-2020-28053 on Ubuntu 20.04 (focal) - untriaged. + HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28053.html + https://github.com/hashicorp/consul/issues/9240 + https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020 + https://www.hashicorp.com/blog/category/consul + + + + + + + + + + CVE-2020-2806 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2806.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 5.7 only + + + + + + + + + CVE-2020-28086 on Ubuntu 20.04 (focal) - low. + pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn't correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28086.html + https://lists.zx2c4.com/pipermail/password-store/2014-March/000498.html + + + + + + + + + + CVE-2020-28097 on Ubuntu 20.04 (focal) - medium. + The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28097.html + https://www.openwall.com/lists/oss-security/2020/09/16/1 + https://github.com/torvalds/linux/commit/973c096f6a85e5b5f2a295126ba6928d9a6afd45 + https://seclists.org/oss-sec/2020/q3/176 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=973c096f6a85e5b5f2a295126ba6928d9a6afd45 + + + + sbeattie> out-of-bounds reading in vgacon_scrolldelta. This BUG is caused by "soff" being negative after VT_RESIZE. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-2812 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2812.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + https://ubuntu.com/security/notices/USN-4603-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-2814 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2814.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4603-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-28168 on Ubuntu 20.04 (focal) - medium. + Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 20:15:00 UTC + Dima Ryskin + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28168.html + https://github.com/axios/axios/issues/3369 + + + + + + + + + + CVE-2020-28200 on Ubuntu 20.04 (focal) - low. + The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-28 13:15:00 UTC + Innokentii Sennovskii from BI.ZONE + 2021-06-21 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28200.html + + + + mdeslaur> per upstream, fixing this is a massive change that cannot be mdeslaur> backported to earlier releases + + + + + + + + + CVE-2020-28241 on Ubuntu 20.04 (focal) - medium. + libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 05:15:00 UTC + 2020-11-06 05:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973878 + https://github.com/maxmind/libmaxminddb/issues/236 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28241.html + https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3 + https://ubuntu.com/security/notices/USN-4631-1 + + + + + + + + + + CVE-2020-28242 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 06:15:00 UTC + Sebastian Damm, Ruslan Lazin + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28242.html + http://downloads.asterisk.org/pub/security/AST-2020-002.html + + + + + + + + + + CVE-2020-28327 on Ubuntu 20.04 (focal) - low. + A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28327.html + http://downloads.asterisk.org/pub/security/AST-2020-001.html + https://www.openwall.com/lists/oss-security/2020/11/06/1 + + + + + + + + + + CVE-2020-28361 on Ubuntu 20.04 (focal) - untriaged. + Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-18 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28361.html + https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html + https://support.sippysoft.com/support/discussions/topics/3000179616 + + + + + + + + + + CVE-2020-28362 on Ubuntu 20.04 (focal) - medium. + Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-18 17:15:00 UTC + https://github.com/golang/go/issues/42552 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28362.html + https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. mdeslaur> mdeslaur> vulnerable code introduced in 1.14 + + + + + + + + + CVE-2020-28366 on Ubuntu 20.04 (focal) - medium. + Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-18 17:15:00 UTC + Chris Brown and Tempus Ex + https://github.com/golang/go/issues/42559 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28366.html + https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + CVE-2020-28367 on Ubuntu 20.04 (focal) - medium. + Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-18 17:15:00 UTC + Imre Read + https://github.com/golang/go/issues/42556 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28367.html + https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + CVE-2020-28368 on Ubuntu 20.04 (focal) - medium. + Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-10 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28368.html + https://xenbits.xen.org/xsa/advisory-351.html + https://platypusattack.com + https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/ + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-28463 on Ubuntu 20.04 (focal) - low. + All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-18 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28463.html + https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145 + + + + + + + + + + CVE-2020-28473 on Ubuntu 20.04 (focal) - medium. + The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-18 12:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28473.html + https://snyk.io/vuln/SNYK-PYTHON-BOTTLE-1017108 + https://github.com/bottlepy/bottle + https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ + + + + + + + + + + CVE-2020-28491 on Ubuntu 20.04 (focal) - medium. + This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-18 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28491.html + https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6 + https://github.com/FasterXML/jackson-dataformats-binary/issues/186 + https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329 + + + + + + + + + + CVE-2020-28493 on Ubuntu 20.04 (focal) - low. + This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-01 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28493.html + https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20 + https://github.com/pallets/jinja/pull/1343 + https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994 + + + + sbeattie> regular expression DoS + + + + + + + + + CVE-2020-28496 on Ubuntu 20.04 (focal) - medium. + This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+" ms") + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-18 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28496.html + https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e + https://github.com/mrdoob/three.js/issues/21132 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1065972 + https://snyk.io/vuln/SNYK-JS-THREE-1064931 + + + + + + + + + + CVE-2020-28498 on Ubuntu 20.04 (focal) - medium. + The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-02 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28498.html + https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md + https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836 + https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899 + + + + + + + + + + CVE-2020-28500 on Ubuntu 20.04 (focal) - medium. + Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-15 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28500.html + https://snyk.io/vuln/SNYK-JS-LODASH-1018905 + https://github.com/lodash/lodash/blob/npm/trimEnd.js#L8 + https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893 + + + + + + + + + + CVE-2020-28502 on Ubuntu 20.04 (focal) - medium. + This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-05 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28502.html + https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935 + https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936 + https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938 + + + + + + + + + + + + + CVE-2020-2853 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2853.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.0 only + + + + + + + + + + + + CVE-2020-28588 on Ubuntu 20.04 (focal) - medium. + An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents. It was discovered that an information leak existed in the syscall implementation in the Linux kernel on 32 bit systems. A local attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-10 19:15:00 UTC + 2020-12-04 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28588.html + https://git.kernel.org/linus/4f134b89a24b965991e7c345b9a4591821f7c2a6 + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211 + https://ubuntu.com/security/notices/USN-4750-1 + https://ubuntu.com/security/notices/USN-4751-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-28590 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-13 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28590.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1213 + + + + + + + + + + CVE-2020-28591 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28591.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1215 + + + + + + + + + + CVE-2020-28595 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28595.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219 + + + + + + + + + + CVE-2020-28596 on Ubuntu 20.04 (focal) - medium. + A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28596.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1220 + + + + + + + + + + CVE-2020-28599 on Ubuntu 20.04 (focal) - medium. + A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-24 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28599.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1223 + https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874 + + + + + + + + + + CVE-2020-28600 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-10 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28600.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1224 + + + + + + + + + + CVE-2020-28601 on Ubuntu 20.04 (focal) - medium. + A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-04 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28601.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 + https://github.com/CGAL/cgal/issues/5345 + https://github.com/CGAL/cgal/pull/5371 + https://github.com/CGAL/cgal/issues/5514 + + + + sbeattie> possible regression introduced by fix, see GH issue 5514 + + + + + + + + + CVE-2020-28636 on Ubuntu 20.04 (focal) - medium. + A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-04 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28636.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 + https://github.com/CGAL/cgal/issues/5345 + https://github.com/CGAL/cgal/pull/5371 + https://github.com/CGAL/cgal/issues/5514 + + + + sbeattie> possible regression introduced by fix, see GH issue 5514 + + + + + + + + + CVE-2020-28638 on Ubuntu 20.04 (focal) - medium. + ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-13 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974719 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28638.html + https://github.com/dyne/Tomb/issues/385 + https://github.com/dyne/Tomb/pull/386 + + + + sbeattie> Introduced by: https://github.com/dyne/Tomb/commit/bbe9a49ec3f6c709478b1f7873b567e3f36d84a1 (v2.0) + + + + + + + + + CVE-2020-28713 on Ubuntu 20.04 (focal) - low. + Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28713.html + + + + + + + + + + CVE-2020-28851 on Ubuntu 20.04 (focal) - low. + In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-02 06:15:00 UTC + https://github.com/golang/go/issues/42535 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980001 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28851.html + + + + amurray| google-guest-agent contains a vendored copy of golang-golang-x-text + + + + + + + + + CVE-2020-28852 on Ubuntu 20.04 (focal) - low. + In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-02 06:15:00 UTC + https://github.com/golang/go/issues/42536 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980002 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28852.html + + + + amurray| google-guest-agent contains a vendored copy of golang-golang-x-text + + + + + + + + + CVE-2020-28896 on Ubuntu 20.04 (focal) - medium. + Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 19:15:00 UTC + 2020-11-23 19:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28896.html + https://github.com/neomutt/neomutt/releases/tag/20201120 + https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f + https://ubuntu.com/security/notices/USN-4645-1 + + + + + + + + + + + + + CVE-2020-28915 on Ubuntu 20.04 (focal) - medium. + A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-18 08:15:00 UTC + 2020-11-18 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28915.html + https://bugzilla.suse.com/show_bug.cgi?id=1178886 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.15 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6735b4632def0640dbdf4eb9f99816aca18c4f16 + https://syzkaller.appspot.com/bug?id=08b8be45afea11888776f897895aef9ad1c3ecfd + https://ubuntu.com/security/notices/USN-4657-1 + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4659-1 + https://ubuntu.com/security/notices/USN-4660-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + sbeattie| This patch depends on patch "fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h". + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-2892 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2892.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-28924 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-19 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975324 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28924.html + https://github.com/rclone/rclone/issues/4783 + https://rclone.org/downloads/ + + + + + + + + + + CVE-2020-28928 on Ubuntu 20.04 (focal) - untriaged. + In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-24 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975365 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28928.html + https://www.openwall.com/lists/oss-security/2020/11/20/4 + + + + + + + + + + CVE-2020-2893 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2893.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-28935 on Ubuntu 20.04 (focal) - low. + NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-07 22:15:00 UTC + 2020-12-07 22:15:00 UTC + mdeslaur + Mason Loring Bliss + https://github.com/NLnetLabs/unbound/issues/303 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28935.html + https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt + https://ubuntu.com/security/notices/USN-4938-1 + + + + + + + + + + CVE-2020-2894 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2894.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-28941 on Ubuntu 20.04 (focal) - low. + An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in the Linux kernel did not correctly handle setting line discipline in some situations. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-19 19:15:00 UTC + 2020-11-19 19:15:00 UTC + Shisong Qin and Bodong Zhao + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28941.html + https://www.openwall.com/lists/oss-security/2020/11/19/3 + http://www.openwall.com/lists/oss-security/2020/11/19/5 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4122754442799187d5d537a9c039a49a67e57f1 + https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=d4122754442799187d5d537a9c039a49a67e57f1 + https://github.com/torvalds/linux/commit/d4122754442799187d5d537a9c039a49a67e57f1 + https://ubuntu.com/security/notices/USN-4749-1 + https://ubuntu.com/security/notices/USN-4750-1 + https://ubuntu.com/security/notices/USN-4751-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-28948 on Ubuntu 20.04 (focal) - medium. + Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-19 19:15:00 UTC + 2020-11-19 19:15:00 UTC + mdeslaur + https://github.com/pear/Archive_Tar/issues/33 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28948.html + https://ubuntu.com/security/notices/USN-4654-1 + + + + + + + + + + CVE-2020-28949 on Ubuntu 20.04 (focal) - medium. + Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-19 19:15:00 UTC + 2020-11-19 19:15:00 UTC + mdeslaur + https://github.com/pear/Archive_Tar/issues/33 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28949.html + https://ubuntu.com/security/notices/USN-4654-1 + + + + mdeslaur> same commit as CVE-2020-28948 + + + + + + + + + CVE-2020-2895 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2895.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2896 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2896.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2897 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2897.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-28974 on Ubuntu 20.04 (focal) - medium. + A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-20 18:15:00 UTC + 2020-11-20 18:15:00 UTC + Minh Yuan + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28974.html + https://git.kernel.org/linus/3c4e0dff2095c579b142d5a0693257f1c58b4804 + https://www.openwall.com/lists/oss-security/2020/11/09/2 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.7 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c4e0dff2095c579b142d5a0693257f1c58b4804 + https://seclists.org/oss-sec/2020/q4/104 + https://ubuntu.com/security/notices/USN-4679-1 + https://ubuntu.com/security/notices/USN-4680-1 + https://ubuntu.com/security/notices/USN-4681-1 + https://ubuntu.com/security/notices/USN-4683-1 + https://ubuntu.com/security/notices/USN-4751-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-28975 on Ubuntu 20.04 (focal) - untriaged. + ** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-21 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28975.html + https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501 + https://github.com/scikit-learn/scikit-learn/issues/18891 + + + + + + + + + + CVE-2020-2898 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2898.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-28984 on Ubuntu 20.04 (focal) - untriaged. + prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28984.html + https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8 + https://git.spip.net/spip/spip/compare/v3.2.7...v3.2.8 + + + + + + + + + + CVE-2020-29002 on Ubuntu 20.04 (focal) - untriaged. + includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-24 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29002.html + https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0 + https://phabricator.wikimedia.org/T267278 + + + + + + + + + + CVE-2020-29003 on Ubuntu 20.04 (focal) - untriaged. + The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-24 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29003.html + https://phabricator.wikimedia.org/T266508 + + + + + + + + + + CVE-2020-2901 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2901.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2902 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2902.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2903 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2903.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2904 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2904.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-29040 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-11-24 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29040.html + https://xenbits.xen.org/xsa/advisory-355.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-2905 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2905.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2907 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2907.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-29074 on Ubuntu 20.04 (focal) - medium. + scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-25 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975875 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29074.html + https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a + https://www.debian.org/security/2020/dsa-4799 + + + + + + + + + + CVE-2020-2908 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2908.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2909 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2909.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2910 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2910.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2911 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2911.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-29129 on Ubuntu 20.04 (focal) - low. + ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-26 20:15:00 UTC + 2020-11-26 20:15:00 UTC + mdeslaur + Qiuhao Li + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29129.html + https://lists.freedesktop.org/archives/slirp/2020-November/000115.html + http://www.openwall.com/lists/oss-security/2020/11/27/1 + https://ubuntu.com/security/notices/USN-5009-1 + + + + + + + + + + CVE-2020-2913 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2913.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-29130 on Ubuntu 20.04 (focal) - low. + slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-26 20:15:00 UTC + 2020-11-26 20:15:00 UTC + mdeslaur + Qiuhao Li + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29130.html + https://lists.freedesktop.org/archives/slirp/2020-November/000115.html + http://www.openwall.com/lists/oss-security/2020/11/27/1 + https://ubuntu.com/security/notices/USN-5009-1 + + + + + + + + + + CVE-2020-2914 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2914.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2921 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2921.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2922 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2922.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2020-2923 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2923.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2924 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2924.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2925 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2925.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2926 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2926.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2928 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2928.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-2929 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2929.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2930 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2930.html + https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + https://ubuntu.com/security/notices/USN-4350-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> MySQL 8.x only + + + + + + + + + + + + CVE-2020-29362 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-16 14:15:00 UTC + 2020-12-16 14:15:00 UTC + mdeslaur + David Cook + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29362.html + https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html + https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc + https://ubuntu.com/security/notices/USN-4677-1 + + + + + + + + + + CVE-2020-29369 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. Jann Horn discovered that the mmap implementation in the Linux kernel contained a race condition when handling munmap() operations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-28 07:15:00 UTC + 2020-11-28 07:15:00 UTC + Jann Horn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29369.html + https://git.kernel.org/linus/246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c + https://bugs.chromium.org/p/project-zero/issues/detail?id=2056 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29371 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. Jann Horn discovered that the romfs file system in the Linux kernel did not properly validate file system meta-data, leading to an out-of-bounds read. An attacker could use this to construct a malicious romfs image that, when mounted, exposed sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-28 07:15:00 UTC + 2020-11-28 07:15:00 UTC + Jann Horn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29371.html + https://git.kernel.org/linus/bcf85fcedfdd17911982a3e3564fcfec7b01eebd + https://bugs.chromium.org/p/project-zero/issues/detail?id=2077 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.4 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2935e0a3cec1ffa558eea90db6279cff83aa3592 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcf85fcedfdd17911982a3e3564fcfec7b01eebd + https://ubuntu.com/security/notices/USN-4752-1 + + + + sbeattie> according to Jann Horn's post, the sample exploit does not work at least in 20.04/focal due to heap zeroing being enabled. The concern about udisks2 is real, however. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29394 on Ubuntu 20.04 (focal) - medium. + A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-30 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976228 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29394.html + https://github.com/GENIVI/dlt-daemon/issues/274 + https://github.com/GENIVI/dlt-daemon/pull/275 + https://github.com/GENIVI/dlt-daemon/commit/ff4f44c159df6f44b48bd38c9d2f104eb360be11 + + + + + + + + + + CVE-2020-29443 on Ubuntu 20.04 (focal) - low. + ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + Wenxiang Qian + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29443.html + https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04255.html + https://www.openwall.com/lists/oss-security/2021/01/18/2 + https://ubuntu.com/security/notices/USN-4725-1 + https://ubuntu.com/security/notices/USN-5010-1 + + + + mdeslaur> second patch is needed in hirsute + + + + + + + + + CVE-2020-29479 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29479.html + https://xenbits.xen.org/xsa/advisory-353.html + https://xenbits.xen.org/xsa/xsa353.patch + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29480 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest administrator can also use the special watches, which will cause a notification every time a domain is created and destroyed. Data may include: number, type, and domids of other VMs; existence and domids of driver domains; numbers of virtual interfaces, block devices, vcpus; existence of virtual framebuffers and their backend style (e.g., existence of VNC service); Xen VM UUIDs for other domains; timing information about domain creation and device setup; and some hints at the backend provisioning of VMs and their devices. The watch events do not contain values stored in xenstore, only key names. A guest administrator can observe non-sensitive domain and device lifecycle events relating to other guests. This information allows some insight into overall system configuration (including the number and general nature of other guests), and configuration of other guests (including the number and general nature of other guests' devices). This information might be commercially interesting or might make other attacks easier. There is not believed to be exposure of sensitive data. Specifically, there is no exposure of VNC passwords, port numbers, pathnames in host and guest filesystems, cryptographic keys, or within-guest data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29480.html + https://xenbits.xen.org/xsa/advisory-115.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29481 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. For example, a newly created guest domain might be able to read sensitive information that had belonged to a previously existing guest domain. Both Xenstore implementations (C and Ocaml) are vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29481.html + https://xenbits.xen.org/xsa/advisory-322.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29482 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored imposes a pathname limit that is applied solely to the relative or absolute path specified by the client. Therefore, a guest can create paths in its own namespace which are too long for management tools to access. Depending on the toolstack in use, a malicious guest administrator might cause some management tools and debugging operations to fail. For example, a guest administrator can cause "xenstore-ls -r" to fail. However, a guest administrator cannot prevent the host administrator from tearing down the domain. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29482.html + https://xenbits.xen.org/xsa/advisory-323.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29483 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's internal management, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. @releaseDomain events do not say that the guest has been removed. All watchers of this event must look at the states of all guests to find the guest that has been removed. When an @releaseDomain is generated due to a domain xenstored protocol violation, because the guest is still running, the watchers will not react. Later, when the guest is actually destroyed, xenstored will no longer have it stored in its internal data base, so no further @releaseDomain event will be sent. This can lead to a zombie domain; memory mappings of that guest's memory will not be removed, due to the missing event. This zombie domain will be cleaned up only after another domain is destroyed, as that will trigger another @releaseDomain event. If the device model of the guest that violated the Xenstore protocol is running in a stub-domain, a use-after-free case could happen in xenstored, after having removed the guest from its internal data base, possibly resulting in a crash of xenstored. A malicious guest can block resources of the host for a period after its own death. Guests with a stub domain device model can eventually crash xenstored, resulting in a more serious denial of service (the prevention of any further domain management operations). Only the C variant of Xenstore is affected; the Ocaml variant is not affected. Only HVM guests with a stubdom device model can cause a serious DoS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29483.html + https://xenbits.xen.org/xsa/advisory-325.html + https://xenbits.xen.org/xsa/xsa325-4.14.patch + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29484 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with a payload longer than 4096 bytes will result in an error. When registering a watch, the payload length limit applies to the combined length of the watched path and the specified tag. Because watches for a specific path are also triggered for all nodes below that path, the payload of a watch event message can be longer than the payload needed to register the watch. A malicious guest that registers a watch using a very large tag (i.e., with a registration operation payload length close to the 4096 byte limit) can cause the generation of watch events with a payload length larger than 4096 bytes, by writing to Xenstore entries below the watched path. This will result in an error condition in xenstored. This error can result in a NULL pointer dereference, leading to a crash of xenstored. A malicious guest administrator can cause xenstored to crash, leading to a denial of service. Following a xenstored crash, domains may continue to run, but management operations will be impossible. Only C xenstored is affected, oxenstored is not affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29484.html + https://xenbits.xen.org/xsa/advisory-324.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29485 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerable. Systems using the C Xenstored implementation are not vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29485.html + https://xenbits.xen.org/xsa/advisory-330.html + https://www.debian.org/security/2020/dsa-4812 + https://xenbits.xenproject.org/xsa/advisory-330.txt + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29486 on Ubuntu 20.04 (focal) - untriaged. + An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29486.html + https://xenbits.xen.org/xsa/advisory-352.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29509 on Ubuntu 20.04 (focal) - medium. + The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 20:15:00 UTC + https://github.com/golang/go/issues/43168 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29509.html + https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ + https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. mdeslaur> mdeslaur> as of 2021-02-04, this doesn't appear to be fixed upstream + + + + + + + + + + + + CVE-2020-2951 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2951.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-29510 on Ubuntu 20.04 (focal) - medium. + The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 20:15:00 UTC + https://github.com/golang/go/issues/43168 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29510.html + https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. mdeslaur> mdeslaur> as of 2021-02-04, this doesn't appear to be fixed upstream + + + + + + + + + + + + CVE-2020-29511 on Ubuntu 20.04 (focal) - medium. + The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 20:15:00 UTC + https://github.com/golang/go/issues/43168 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29511.html + https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. mdeslaur> mdeslaur> as of 2021-02-04, this doesn't appear to be fixed upstream + + + + + + + + + + + + CVE-2020-29534 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94. Jann Horn discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations. A local attacker could use this to expose sensitive information or possibly escalate privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 20:15:00 UTC + 2020-12-03 20:15:00 UTC + Jann Horn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29534.html + https://bugs.chromium.org/p/project-zero/issues/detail?id=2089 + https://git.kernel.org/linus/0f2122045b946241a9e549c2a76cea54fa58a7ff + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.3 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f2122045b946241a9e549c2a76cea54fa58a7ff + https://ubuntu.com/security/notices/USN-4678-1 + + + + sbeattie> likely also want f26c08b444df833b19c00838a530d93963ce9cd0 and ca6484cd308a671811bf39f3119e81966eb476e3 sbeattie> introducing commit may be newer than 2b188cc1bb857a9d4701ae59aa7768b5124e262e + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29562 on Ubuntu 20.04 (focal) - low. + The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 07:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=26923 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976391 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29562.html + https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html + + + + mdeslaur> introduced in 2.30 + + + + + + + + + CVE-2020-29566 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29566.html + https://xenbits.xen.org/xsa/advisory-348.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29567 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29567.html + https://xenbits.xen.org/xsa/advisory-356.html + https://xenbits.xen.org/xsa/xsa356.patch + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29568 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event processing backend in the Linux kernel did not properly limit the number of events queued. An attacker in a guest VM could use this to cause a denial of service in the host OS. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + 2020-12-15 17:15:00 UTC + Michael Kurth and Pawel Wieczorkiewicz + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29568.html + https://xenbits.xen.org/xsa/advisory-349.html + https://ubuntu.com/security/notices/USN-4748-1 + https://ubuntu.com/security/notices/USN-4749-1 + https://ubuntu.com/security/notices/USN-4750-1 + https://ubuntu.com/security/notices/USN-4751-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29569 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + 2020-12-15 17:15:00 UTC + Olivier Benjamin and Pawel Wieczorkiewicz + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29569.html + https://xenbits.xen.org/xsa/advisory-350.html + https://ubuntu.com/security/notices/USN-4749-1 + https://ubuntu.com/security/notices/USN-4750-1 + https://ubuntu.com/security/notices/USN-4751-1 + https://ubuntu.com/security/notices/USN-4876-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29570 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29570.html + https://xenbits.xen.org/xsa/advisory-358.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29571 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29571.html + https://xenbits.xen.org/xsa/advisory-359.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2020-29573 on Ubuntu 20.04 (focal) - low. + sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-06 00:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=26649 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29573.html + https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html + + + + mdeslaur> fixed in 2.23 and later + + + + + + + + + CVE-2020-2958 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2958.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-2959 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2959.html + https://www.oracle.com/security-alerts/cpuapr2020.html + + + + + + + + + + CVE-2020-29599 on Ubuntu 20.04 (focal) - negligible. + ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-12-07 20:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977205 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29599.html + https://github.com/ImageMagick/ImageMagick/discussions/2851 + https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html + + + + mdeslaur> ghostscript formats are disabled in Ubuntu packaging, we are mdeslaur> not vulnerable to this issue + + + + + + + + + CVE-2020-29600 on Ubuntu 20.04 (focal) - low. + In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-07 20:15:00 UTC + 2020-12-07 20:15:00 UTC + avital + Sean Boran + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469 + https://github.com/eldy/awstats/issues/90 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29600.html + https://ubuntu.com/security/notices/USN-4953-1 + + + + mdeslaur> fix is incomplete, see CVE-2020-35176 + + + + + + + + + CVE-2020-29623 on Ubuntu 20.04 (focal) - medium. + "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 18:15:00 UTC + 2020-12-31 00:00:00 UTC + Simon Hunt + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29623.html + https://webkitgtk.org/security/WSA-2021-0002.html + https://ubuntu.com/security/notices/USN-4894-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-29651 on Ubuntu 20.04 (focal) - medium. + A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29651.html + https://github.com/pytest-dev/py/issues/256 + https://github.com/pytest-dev/py/pull/257 + + + + + + + + + + CVE-2020-29652 on Ubuntu 20.04 (focal) - medium. + A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-17 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29652.html + https://go-review.googlesource.com/c/crypto/+/278852 + https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1 + + + + jdstrand> snapd contains an embedded copy of golang-go.crypto jdstrand> lxd in 18.04 LTS and earlier contains an embedded copy of golang-go.crypto mdeslaur> snapd and lxd only use the terminal sub-package, not the ssh mdeslaur> part of golang-go.crypto, so they are not vulnerable + + + + + + + + + + + + CVE-2020-29660 on Ubuntu 20.04 (focal) - medium. + A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. Jann Horn discovered that the tty subsystem of the Linux kernel did not use consistent locking in some situations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 17:15:00 UTC + 2020-12-09 17:15:00 UTC + Jann Horn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29660.html + https://git.kernel.org/linus/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9 + https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 + https://ubuntu.com/security/notices/USN-4748-1 + https://ubuntu.com/security/notices/USN-4749-1 + https://ubuntu.com/security/notices/USN-4750-1 + https://ubuntu.com/security/notices/USN-4751-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29661 on Ubuntu 20.04 (focal) - medium. + A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Jann Horn discovered a race condition in the tty subsystem of the Linux kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 17:15:00 UTC + 2020-12-09 17:15:00 UTC + Jann Horn + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1909486 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29661.html + https://git.kernel.org/linus/54ffccbf053b5b6ca4f6e45094b942fab92a25fc + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc + https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 + https://ubuntu.com/security/notices/USN-4748-1 + https://ubuntu.com/security/notices/USN-4749-1 + https://ubuntu.com/security/notices/USN-4750-1 + https://ubuntu.com/security/notices/USN-4751-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29663 on Ubuntu 20.04 (focal) - medium. + Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29663.html + https://github.com/Icinga/icinga2/security/advisories/GHSA-pcmr-2p2f-r7j6 + https://github.com/Icinga/icinga2/commit/abbd7d5494369af8bbf8fc12f5dc1a0f05a1f817 + https://github.com/Icinga/icinga2/commit/cae22a89da9e6a381904c3b207e5a3f93f6ed838 + https://github.com/Icinga/icinga2/compare/v2.12.1...v2.12.2 + + + + + + + + + + CVE-2020-29668 on Ubuntu 20.04 (focal) - low. + Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-10 08:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29668.html + https://github.com/sympa-community/sympa/issues/1041 + https://github.com/sympa-community/sympa/pull/1044 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020 + https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md + + + + + + + + + + CVE-2020-35111 on Ubuntu 20.04 (focal) - low. + When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + 2020-12-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35111.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35111 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35111 + https://ubuntu.com/security/notices/USN-4671-1 + https://ubuntu.com/security/notices/USN-4701-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-35112 on Ubuntu 20.04 (focal) - low. + If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35112.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35112 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-35113 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + 2020-12-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35113.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35113 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35113 + https://ubuntu.com/security/notices/USN-4671-1 + https://ubuntu.com/security/notices/USN-4701-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-35114 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 14:15:00 UTC + 2020-12-15 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35114.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35114 + https://ubuntu.com/security/notices/USN-4671-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-35132 on Ubuntu 20.04 (focal) - medium. + An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 05:15:00 UTC + Andy Gu + https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35132.html + https://github.com/leenooks/phpLDAPadmin/issues/130 + https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2 + + + + + + + + + + CVE-2020-35176 on Ubuntu 20.04 (focal) - low. + In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-12 00:15:00 UTC + 2020-12-12 00:15:00 UTC + avital + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190 + https://github.com/eldy/awstats/issues/195 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35176.html + https://ubuntu.com/security/notices/USN-4953-1 + + + + mdeslaur> incomplete fix for CVE-2017-1000501 and CVE-2020-29600 + + + + + + + + + CVE-2020-35239 on Ubuntu 20.04 (focal) - medium. + A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35239.html + https://github.com/cakephp/cakephp/commit/d2da5346a6cddab284f8cf94e38f90d897595fe8 (4.0.10) + https://bakery.cakephp.org/2020/12/07/cakephp_4010_released.html + + + + + + + + + + CVE-2020-35269 on Ubuntu 20.04 (focal) - medium. + Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-23 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35269.html + https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc + https://github.com/NagiosEnterprises/nagioscore/issues/809 + + + + + + + + + + CVE-2020-35359 on Ubuntu 20.04 (focal) - medium. + Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-26 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35359.html + https://www.exploit-db.com/exploits/49105 + + + + + + + + + + CVE-2020-35376 on Ubuntu 20.04 (focal) - medium. + Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-26 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35376.html + https://forum.xpdfreader.com/viewtopic.php?f=3&t=42066 + + + + jdstrand> xpdf in koffice is 2.0 mdeslaur> no indication poppler is affected + + + + + + + + + CVE-2020-35450 on Ubuntu 20.04 (focal) - medium. + Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-26 05:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978446 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35450.html + https://github.com/gobby/gobby/issues/183 + https://github.com/gobby/gobby/pull/184 + https://github.com/gobby/gobby/commit/6f34307bff645eb2935d82deee0119ec89866118 + + + + + + + + + + CVE-2020-35452 on Ubuntu 20.04 (focal) - low. + Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 07:15:00 UTC + 2021-06-10 07:15:00 UTC + mdeslaur + Antonio Morales + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35452.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452 + https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602@%3Cannounce.httpd.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/06/10/5 + https://ubuntu.com/security/notices/USN-4994-1 + https://ubuntu.com/security/notices/USN-4994-2 + + + + + + + + + + CVE-2020-35459 on Ubuntu 20.04 (focal) - low. + An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-12 15:15:00 UTC + Vincent Berg + 2021-01-12 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35459.html + https://www.openwall.com/lists/oss-security/2021/01/12/3 + + + + + + + + + + CVE-2020-35474 on Ubuntu 20.04 (focal) - medium. + In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-18 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35474.html + https://phabricator.wikimedia.org/T268894 + https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html + https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html + + + + + + + + + + CVE-2020-35475 on Ubuntu 20.04 (focal) - medium. + In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-18 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35475.html + https://phabricator.wikimedia.org/T268917 + https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html + https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html + + + + + + + + + + CVE-2020-35477 on Ubuntu 20.04 (focal) - medium. + MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-18 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35477.html + https://phabricator.wikimedia.org/T205908 + https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html + https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html + + + + + + + + + + CVE-2020-35478 on Ubuntu 20.04 (focal) - medium. + MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-18 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35478.html + https://phabricator.wikimedia.org/T268938 + https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html + https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html + + + + + + + + + + CVE-2020-35479 on Ubuntu 20.04 (focal) - medium. + MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-18 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35479.html + https://phabricator.wikimedia.org/T268938 + https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html + https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html + + + + + + + + + + CVE-2020-35480 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-18 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35480.html + https://phabricator.wikimedia.org/T120883 + https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html + https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html + + + + + + + + + + CVE-2020-35490 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35490.html + https://github.com/FasterXML/jackson-databind/issues/2986 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d + + + + + + + + + + CVE-2020-35491 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35491.html + https://github.com/FasterXML/jackson-databind/issues/2986 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d + + + + + + + + + + CVE-2020-35492 on Ubuntu 20.04 (focal) - low. + A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-18 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978658 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35492.html + https://gitlab.freedesktop.org/cairo/cairo/-/issues/437 + https://bugzilla.redhat.com/show_bug.cgi?id=1898396 + + + + + + + + + + CVE-2020-35493 on Ubuntu 20.04 (focal) - low. + A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-04 15:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25307 + https://bugzilla.redhat.com/show_bug.cgi?id=1911437 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35493.html + + + + + + + + + + CVE-2020-35495 on Ubuntu 20.04 (focal) - low. + There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-04 15:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25306 + https://bugzilla.redhat.com/show_bug.cgi?id=1911441 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35495.html + + + + + + + + + + CVE-2020-35496 on Ubuntu 20.04 (focal) - low. + There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-04 15:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25308 + https://bugzilla.redhat.com/show_bug.cgi?id=1911444 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35496.html + + + + mdeslaur> same commit at CVE-2020-25495 + + + + + + + + + CVE-2020-35501 on Ubuntu 20.04 (focal) - low. + kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-31 00:00:00 UTC + Felix Kosterhon + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-35501 + https://github.com/linux-audit/audit-kernel/issues/9 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35501.html + https://www.openwall.com/lists/oss-security/2021/02/18/1 + https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html + + + + sbeattie> the commits listed in the github issue are false hits due to the string '#9' showing up in kernel oops backtraces. sbeattie> unfixed as of 2021.07.20 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-35503 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 14:15:00 UTC + Cheolwoo Myung + https://bugzilla.redhat.com/show_bug.cgi?id=1910346 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35503.html + https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html + + + + mdeslaur> as of 2021-07-08, the proposed patch has not been commited mdeslaur> upstream + + + + + + + + + CVE-2020-35504 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 11:15:00 UTC + 2021-05-28 11:15:00 UTC + Cheolwoo Myung + https://bugzilla.redhat.com/show_bug.cgi?id=1909766 + https://bugs.launchpad.net/qemu/+bug/1910723 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35504.html + https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg06550.html + https://lists.gnu.org/archive/html/qemu-devel/2021-04/msg01000.html + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2020-35505 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 11:15:00 UTC + 2021-05-28 11:15:00 UTC + Cheolwoo Myung + https://bugzilla.redhat.com/show_bug.cgi?id=1909769 + https://bugs.launchpad.net/qemu/+bug/1910723 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35505.html + https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg06550.html + https://lists.gnu.org/archive/html/qemu-devel/2021-04/msg01000.html + https://ubuntu.com/security/notices/USN-5010-1 + + + + mdeslaur> same commits as CVE-2020-35504 + + + + + + + + + CVE-2020-35507 on Ubuntu 20.04 (focal) - low. + There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-04 15:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25308 + https://bugzilla.redhat.com/show_bug.cgi?id=1911691 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35507.html + + + + mdeslaur> same commit at CVE-2020-25495 + + + + + + + + + CVE-2020-35508 on Ubuntu 20.04 (focal) - low. + A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. It was discovered that a race condition existed that caused the Linux kernel to not properly restrict exit signal delivery. A local attacker could possibly use this to send signals to arbitrary processes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 17:15:00 UTC + 2020-12-31 00:00:00 UTC + Eddy Wu + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35508.html + https://bugzilla.redhat.com/show_bug.cgi?id=1902724 + https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948 + https://lore.kernel.org/kernel-hardening/20200324215049.GA3710@pi3.com.pl/ + https://mailman-eng.corp.redhat.com/archives/rhkernel-list/2020-December/498644.html + https://ubuntu.com/security/notices/USN-4751-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + mdeslaur> possibly Red Hat specific, but bug lists upstream mdeslaur> commits, needs investigation sbeattie| The upstream commit is with respect to the race condition, not the improper initialization. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-35512 on Ubuntu 20.04 (focal) - low. + A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35512.html + https://bugzilla.redhat.com/show_bug.cgi?id=1909101 + https://gitlab.freedesktop.org/dbus/dbus/-/issues/305 + https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c (dbus-1.13.18) + https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20) + https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32) + + + + + + + + + + CVE-2020-35518 on Ubuntu 20.04 (focal) - medium. + When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35518.html + https://bugzilla.redhat.com/show_bug.cgi?id=1905565 + + + + + + + + + + CVE-2020-35519 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Kiyin (尹亮) discovered that the x25 implementation in the Linux kernel contained overflows when handling addresses from user space. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 15:15:00 UTC + 2021-03-18 + Kiyin (尹亮) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35519.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ee50c8e262a0f0693dad264c3c99e30e6442a56 + https://seclists.org/oss-sec/2021/q1/228 + https://ubuntu.com/security/notices/USN-4947-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-35521 on Ubuntu 20.04 (focal) - negligible. + A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35521.html + https://gitlab.com/libtiff/libtiff/-/commit/b5a935d96b21cda0f434230cdf8ca958cd8b4eef + https://gitlab.com/libtiff/libtiff/-/merge_requests/165 + + + + + + + + + + CVE-2020-35522 on Ubuntu 20.04 (focal) - negligible. + In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35522.html + https://gitlab.com/libtiff/libtiff/-/merge_requests/165 + + + + mdeslaur> this issue simply causes the tiff2rgba tool to abort on a mdeslaur> malformed image, and has very little security impact. + + + + + + + + + CVE-2020-35523 on Ubuntu 20.04 (focal) - medium. + An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 20:15:00 UTC + 2020-12-31 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35523.html + https://gitlab.com/libtiff/libtiff/-/merge_requests/160 + https://ubuntu.com/security/notices/USN-4755-1 + + + + + + + + + + CVE-2020-35524 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 20:15:00 UTC + 2020-12-31 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35524.html + https://gitlab.com/libtiff/libtiff/-/merge_requests/159 + https://ubuntu.com/security/notices/USN-4755-1 + + + + + + + + + + CVE-2020-35545 on Ubuntu 20.04 (focal) - medium. + Time-based SQL injection exists in Spotweb 1.4.9 via the query string. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-17 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35545.html + https://github.com/spotweb/spotweb/issues/629 + + + + + + + + + + CVE-2020-35572 on Ubuntu 20.04 (focal) - untriaged. + Adminer through 4.7.8 allows XSS via the history parameter to the default URI. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-02-09 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35572.html + https://sourceforge.net/p/adminer/bugs-and-features/775/ + https://sourceforge.net/p/adminer/news/ + + + + + + + + + + CVE-2020-35573 on Ubuntu 20.04 (focal) - medium. + srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-20 05:15:00 UTC + 2020-12-20 05:15:00 UTC + pfsmorigo + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35573.html + https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac (1.10) + https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac + https://ubuntu.com/security/notices/USN-4730-1 + + + + + + + + + + CVE-2020-35605 on Ubuntu 20.04 (focal) - medium. + The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-21 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35605.html + https://github.com/kovidgoyal/kitty/commit/82c137878c2b99100a3cdc1c0f0efea069313901 + https://github.com/kovidgoyal/kitty/issues/3128 + + + + + + + + + + CVE-2020-35628 on Ubuntu 20.04 (focal) - medium. + A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-04 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35628.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 + https://github.com/CGAL/cgal/issues/5345 + https://github.com/CGAL/cgal/pull/5371 + https://github.com/CGAL/cgal/issues/5514 + + + + sbeattie> possible regression introduced by fix, see GH issue 5514 + + + + + + + + + CVE-2020-35636 on Ubuntu 20.04 (focal) - medium. + A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-04 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35636.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 + https://github.com/CGAL/cgal/issues/5345 + https://github.com/CGAL/cgal/pull/5371 + https://github.com/CGAL/cgal/issues/5514 + + + + sbeattie> possible regression introduced by fix, see GH issue 5514 + + + + + + + + + CVE-2020-35652 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-29 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35652.html + https://issues.asterisk.org/jira/browse/ASTERISK-29191 + https://issues.asterisk.org/jira/browse/ASTERISK-29219 + https://downloads.asterisk.org/pub/security/AST-2020-003.html + https://downloads.asterisk.org/pub/security/AST-2020-003-13.diff (Asterisk 13.x) + https://downloads.asterisk.org/pub/security/AST-2020-003-16.diff (Asterisk 16.x) + https://downloads.asterisk.org/pub/security/AST-2020-004.html + + + + + + + + + + CVE-2020-35653 on Ubuntu 20.04 (focal) - medium. + In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-12 09:15:00 UTC + 2021-01-12 09:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35653.html + https://pillow.readthedocs.io/en/stable/releasenotes/index.html + https://ubuntu.com/security/notices/USN-4697-1 + https://ubuntu.com/security/notices/USN-4697-2 + + + + + + + + + + + + + CVE-2020-35654 on Ubuntu 20.04 (focal) - medium. + In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-12 09:15:00 UTC + 2021-01-12 09:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35654.html + https://pillow.readthedocs.io/en/stable/releasenotes/index.html + https://ubuntu.com/security/notices/USN-4697-1 + + + + mdeslaur> per upstream, affects 6.0.0 to 8.0.1, and only when used with mdeslaur> libtiff 4.1.0 in focal, not 4.0.9 in bionic + + + + + + + + + + + + CVE-2020-35655 on Ubuntu 20.04 (focal) - medium. + In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-12 09:15:00 UTC + 2021-01-12 09:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35655.html + https://pillow.readthedocs.io/en/stable/releasenotes/index.html + https://ubuntu.com/security/notices/USN-4697-1 + + + + mdeslaur> per upstream, affects 4.3.0 to 8.0.1 + + + + + + + + + + + + CVE-2020-35678 on Ubuntu 20.04 (focal) - medium. + Autobahn|Python before 20.12.3 allows redirect header injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-27 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978416 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35678.html + https://github.com/crossbario/autobahn-python/pull/1439 + https://github.com/crossbario/autobahn-python/commit/f7b7ad5c1066bdcc551775b73da15dca5c111623 (v20.12.3) + https://autobahn.readthedocs.io/en/latest/changelog.html + https://github.com/crossbario/autobahn-python + https://github.com/crossbario/autobahn-python/compare/v20.12.2...v20.12.3 + https://pypi.org/project/autobahn/20.12.3/ + + + + + + + + + + CVE-2020-35679 on Ubuntu 20.04 (focal) - medium. + smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-24 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978038 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35679.html + https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043 + https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html + https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/ + + + + + + + + + + CVE-2020-35680 on Ubuntu 20.04 (focal) - medium. + smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-24 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978039 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35680.html + https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1 + https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html + https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/ + + + + + + + + + + CVE-2020-35681 on Ubuntu 20.04 (focal) - medium. + Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channels 3.0. In many cases this would result in a crash but, with correct timing, responses could be sent to the wrong client, resulting in potential leakage of session identifiers and other sensitive data. Note that this affects only the legacy Channels provided class, and not Django's similar ASGIHandler, available from Django 3.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-22 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35681.html + https://channels.readthedocs.io/en/latest/releases/3.0.3.html#cve-2020-35681-potential-leakage-of-session-identifiers-using-legacy-asgihandler + + + + + + + + + + CVE-2020-35701 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35701.html + https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/ + https://github.com/Cacti/cacti/issues/4022 + + + + + + + + + + CVE-2020-35728 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-27 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35728.html + https://github.com/FasterXML/jackson-databind/issues/2999 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-35730 on Ubuntu 20.04 (focal) - medium. + An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-28 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35730.html + https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d (1.4.10) + https://github.com/roundcube/roundcubemail/commit/a06ec1dcf9c972d302b16e1ac6aa079a4f6a1c3e (1.3.16) + https://github.com/roundcube/roundcubemail/commit/47e4d44f62ea16f923761d57f1773a66d51afad4 (1.2.13) + + + + + + + + + + CVE-2020-35766 on Ubuntu 20.04 (focal) - medium. + The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-28 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35766.html + https://github.com/trusteddomainproject/OpenDKIM/issues/113 + + + + + + + + + + CVE-2020-35776 on Ubuntu 20.04 (focal) - medium. + A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-18 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35776.html + https://downloads.asterisk.org/pub/security/AST-2021-001.html + https://issues.asterisk.org/jira/browse/ASTERISK-29227 + http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html + http://seclists.org/fulldisclosure/2021/Feb/57 + https://issues.asterisk.org/ + + + + + + + + + + CVE-2020-35850 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-30 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35850.html + https://github.com/cockpit-project/cockpit/issues/15077 + https://github.com/passtheticket/vulnerability-research/blob/main/cockpitProject/README.md + + + + + + + + + + CVE-2020-35964 on Ubuntu 20.04 (focal) - medium. + track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-03 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35964.html + https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622 + + + + + + + + + + CVE-2020-35965 on Ubuntu 20.04 (focal) - medium. + decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-04 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35965.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532 + https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b + https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3 + + + + + + + + + + CVE-2020-35979 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35979.html + https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc + https://github.com/gpac/gpac/issues/1662 + + + + + + + + + + CVE-2020-35980 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35980.html + https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a + https://github.com/gpac/gpac/issues/1661 + + + + + + + + + + CVE-2020-35981 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35981.html + https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b + https://github.com/gpac/gpac/issues/1659 + + + + + + + + + + CVE-2020-35982 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35982.html + https://github.com/gpac/gpac/commit/a4eb327049132359cae54b59faec9e2f14c5a619 + https://github.com/gpac/gpac/issues/1660 + + + + + + + + + + CVE-2020-36049 on Ubuntu 20.04 (focal) - medium. + socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-08 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36049.html + https://blog.caller.xyz/socketio-engineio-dos/ + https://github.com/bcaller/kill-engine-io + https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55 + + + + + + + + + + CVE-2020-36120 on Ubuntu 20.04 (focal) - medium. + Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-14 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36120.html + https://github.com/saitoha/libsixel/issues/143 + + + + + + + + + + CVE-2020-36148 on Ubuntu 20.04 (focal) - low. + Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36148.html + https://github.com/hoene/libmysofa/issues/138 + + + + + + + + + + CVE-2020-36149 on Ubuntu 20.04 (focal) - low. + Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36149.html + https://github.com/hoene/libmysofa/issues/137 + + + + + + + + + + CVE-2020-36150 on Ubuntu 20.04 (focal) - medium. + Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36150.html + https://github.com/hoene/libmysofa/issues/135 + + + + + + + + + + CVE-2020-36151 on Ubuntu 20.04 (focal) - medium. + Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36151.html + https://github.com/hoene/libmysofa/issues/134 + + + + + + + + + + CVE-2020-36152 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36152.html + https://github.com/hoene/libmysofa/issues/136 + + + + + + + + + + CVE-2020-36158 on Ubuntu 20.04 (focal) - medium. + mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-05 05:15:00 UTC + 2021-01-05 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36158.html + https://git.kernel.org/linus/5c455c5ab332773464d02ba17015acdca198f03d (5.11-rc1) + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c455c5ab332773464d02ba17015acdca198f03d + https://github.com/torvalds/linux/commit/5c455c5ab332773464d02ba17015acdca198f03d + https://lore.kernel.org/r/20201206084801.26479-1-ruc_zhangxiaohui@163.com + https://patchwork.kernel.org/project/linux-wireless/patch/20201206084801.26479-1-ruc_zhangxiaohui@163.com/ + https://ubuntu.com/security/notices/USN-4876-1 + https://ubuntu.com/security/notices/USN-4877-1 + https://ubuntu.com/security/notices/USN-4878-1 + https://ubuntu.com/security/notices/USN-4879-1 + https://ubuntu.com/security/notices/USN-4912-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-36177 on Ubuntu 20.04 (focal) - medium. + RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 16:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/wolfssl/+bug/1914474 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36177.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567 + https://github.com/wolfSSL/wolfssl/commit/63bf5dc56ccbfc12a73b06327361687091a4c6f7 + https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f + https://github.com/wolfSSL/wolfssl/pull/3426 + https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable + + + + + + + + + + CVE-2020-36179 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36179.html + https://github.com/FasterXML/jackson-databind/issues/3004 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36180 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36180.html + https://github.com/FasterXML/jackson-databind/issues/3004 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36181 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36181.html + https://github.com/FasterXML/jackson-databind/issues/3004 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36182 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36182.html + https://github.com/FasterXML/jackson-databind/issues/3004 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36183 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-07 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36183.html + https://github.com/FasterXML/jackson-databind/issues/3003 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36184 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36184.html + https://github.com/FasterXML/jackson-databind/issues/2998 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36185 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36185.html + https://github.com/FasterXML/jackson-databind/issues/2998 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36186 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36186.html + https://github.com/FasterXML/jackson-databind/issues/2997 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36187 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36187.html + https://github.com/FasterXML/jackson-databind/issues/2997 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36188 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36188.html + https://github.com/FasterXML/jackson-databind/issues/2996 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36189 on Ubuntu 20.04 (focal) - low. + FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36189.html + https://github.com/FasterXML/jackson-databind/issues/2996 + https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-36221 on Ubuntu 20.04 (focal) - medium. + An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9404 + https://bugs.openldap.org/show_bug.cgi?id=9424 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36221.html + https://ubuntu.com/security/notices/USN-4724-1 + + + + + + + + + + CVE-2020-36222 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9406 + https://bugs.openldap.org/show_bug.cgi?id=9407 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36222.html + https://ubuntu.com/security/notices/USN-4724-1 + + + + + + + + + + CVE-2020-36223 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9408 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36223.html + https://ubuntu.com/security/notices/USN-4724-1 + + + + + + + + + + CVE-2020-36224 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9409 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36224.html + https://ubuntu.com/security/notices/USN-4724-1 + + + + + + + + + + CVE-2020-36225 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9412 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36225.html + https://ubuntu.com/security/notices/USN-4724-1 + + + + + + + + + + CVE-2020-36226 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9413 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36226.html + https://ubuntu.com/security/notices/USN-4724-1 + + + + + + + + + + CVE-2020-36227 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9428 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36227.html + https://ubuntu.com/security/notices/USN-4724-1 + + + + + + + + + + CVE-2020-36228 on Ubuntu 20.04 (focal) - medium. + An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9427 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36228.html + https://ubuntu.com/security/notices/USN-4724-1 + + + + + + + + + + CVE-2020-36229 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9425 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36229.html + https://ubuntu.com/security/notices/USN-4724-1 + + + + + + + + + + CVE-2020-36230 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + 2021-01-26 18:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9423 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36230.html + https://ubuntu.com/security/notices/USN-4724-1 + + + + + + + + + + CVE-2020-36244 on Ubuntu 20.04 (focal) - untriaged. + The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36244.html + https://github.com/GENIVI/dlt-daemon/issues/265 + https://github.com/GENIVI/dlt-daemon/pull/269 + https://github.com/GENIVI/dlt-daemon/commit/af734fe097ed379b0aa5fcf551886b1ce5098052 (v2.18.6) + https://github.com/GENIVI/dlt-daemon/compare/v2.18.5...v2.18.6 + + + + + + + + + + CVE-2020-36254 on Ubuntu 20.04 (focal) - low. + scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-25 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36254.html + https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff + + + + + + + + + + CVE-2020-36277 on Ubuntu 20.04 (focal) - medium. + Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-11 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36277.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997 + https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0 + https://github.com/DanBloomberg/leptonica/pull/499 + + + + + + + + + + CVE-2020-36278 on Ubuntu 20.04 (focal) - medium. + Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-12 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36278.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433 + https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842 + https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0 + + + + + + + + + + CVE-2020-36279 on Ubuntu 20.04 (focal) - medium. + Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-12 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36279.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512 + https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4 + https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0 + + + + + + + + + + CVE-2020-36280 on Ubuntu 20.04 (focal) - medium. + Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-12 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36280.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654 + https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c + https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0 + + + + + + + + + + CVE-2020-36281 on Ubuntu 20.04 (focal) - medium. + Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-12 01:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985089 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36281.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140 + https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5 + https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0 + + + + + + + + + + CVE-2020-36306 on Ubuntu 20.04 (focal) - medium. + Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36306.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2020-36307 on Ubuntu 20.04 (focal) - medium. + Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36307.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2020-36308 on Ubuntu 20.04 (focal) - medium. + Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36308.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2020-36309 on Ubuntu 20.04 (focal) - low. + ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36309.html + https://github.com/openresty/lua-nginx-module/pull/1654 + + + + mdeslaur> The lua module is included in the debian directory as it is not mdeslaur> part of the upstream nginx release. mdeslaur> It is included in the nginx-extras binary package in universe. + + + + + + + + + CVE-2020-36310 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-07 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36310.html + https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e72436bc3a5206f95bb384e741154166ddb3202e + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-36311 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-07 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36311.html + https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7be74942f184fdfba34ddd19a0d995deb34d4a03 + + + + sbeattie> break commit 5dd0a57cf38ee is when SEV was introduced, actual break may be more recent. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-36312 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-07 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36312.html + https://git.kernel.org/linus/f65886606c2d3b562716de030706dfe1bea4ed5e + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f65886606c2d3b562716de030706dfe1bea4ed5e + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-36313 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-07 00:15:00 UTC + Qian Cai + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36313.html + https://git.kernel.org/linus/0774a964ef561b7170d8d1b1bfe6f88002b6d219 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0774a964ef561b7170d8d1b1bfe6f88002b6d219 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-36317 on Ubuntu 20.04 (focal) - medium. + In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-11 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36317.html + https://github.com/rust-lang/rust/issues/78498 + https://github.com/rust-lang/rust/pull/78499 + + + + + + + + + + CVE-2020-36318 on Ubuntu 20.04 (focal) - medium. + In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-11 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36318.html + https://github.com/rust-lang/rust/issues/79808 + https://github.com/rust-lang/rust/pull/79814 + + + + + + + + + + CVE-2020-36322 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-14 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36322.html + https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-36323 on Ubuntu 20.04 (focal) - medium. + In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-14 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36323.html + https://github.com/rust-lang/rust/issues/80335 + https://github.com/rust-lang/rust/pull/81728 + + + + + + + + + + CVE-2020-36326 on Ubuntu 20.04 (focal) - medium. + PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-28 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36326.html + https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 + + + + + + + + + + CVE-2020-36327 on Ubuntu 20.04 (focal) - medium. + Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36327.html + https://github.com/rubygems/rubygems/issues/3982 + https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24105 + + + + + + + + + + CVE-2020-36328 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2020-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/webp/issues/detail?id=383 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36328.html + https://ubuntu.com/security/notices/USN-4971-1 + https://ubuntu.com/security/notices/USN-4971-2 + + + + + + + + + + CVE-2020-36329 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2020-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/webp/issues/detail?id=385 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36329.html + https://ubuntu.com/security/notices/USN-4971-1 + https://ubuntu.com/security/notices/USN-4971-2 + + + + + + + + + + CVE-2020-36330 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2020-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/webp/issues/detail?id=386 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36330.html + https://ubuntu.com/security/notices/USN-4971-1 + https://ubuntu.com/security/notices/USN-4971-2 + + + + + + + + + + CVE-2020-36331 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2020-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/webp/issues/detail?id=388 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36331.html + https://ubuntu.com/security/notices/USN-4971-1 + https://ubuntu.com/security/notices/USN-4971-2 + + + + + + + + + + CVE-2020-36332 on Ubuntu 20.04 (focal) - low. + A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 17:15:00 UTC + 2020-12-31 00:00:00 UTC + mdeslaur + https://bugs.chromium.org/p/webp/issues/detail?id=391 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36332.html + https://ubuntu.com/security/notices/USN-4971-1 + + + + leosilva> backporting this to xenial is too intrusive, hence we will not be fixing leosilva> this in xenial/esm neither in trusty/esm. + + + + + + + + + CVE-2020-36385 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-07 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36385.html + https://git.kernel.org/linus/f5449e74802c1112dea984aec8af7a33c4516af1 + https://syzkaller.appspot.com/bug?id=457491c4672d7b52c1007db213d93e47c711fae6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5449e74802c1112dea984aec8af7a33c4516af1 + https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-ucma_close-2 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-36386 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-07 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36386.html + https://git.kernel.org/linus/51c19bf3d5cfaa66571e4b88ba2a6f6295311101 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51c19bf3d5cfaa66571e4b88ba2a6f6295311101 + https://syzkaller.appspot.com/text?tag=ReproC&x=15ca2f46900000 + https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt + https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-36387 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-07 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36387.html + https://git.kernel.org/linus/6d816e088c359866f9867057e04f244c608c42fe + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d816e088c359866f9867057e04f244c608c42fe + https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-io_async_task_func + https://syzkaller.appspot.com/bug?id=ce5f07d6ec3b5050b8f0728a3b389aa510f2591b + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-36388 on Ubuntu 20.04 (focal) - medium. + In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36388.html + https://civicrm.org/advisory/civi-sa-2020-03 + + + + + + + + + + CVE-2020-36389 on Ubuntu 20.04 (focal) - medium. + In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36389.html + https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form + + + + + + + + + + CVE-2020-36394 on Ubuntu 20.04 (focal) - low. + pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-22 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36394.html + https://seclists.org/oss-sec/2020/q2/169 + + + + + + + + + + CVE-2020-36401 on Ubuntu 20.04 (focal) - medium. + mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990540 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36401.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml + https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503 + + + + + + + + + + CVE-2020-36403 on Ubuntu 20.04 (focal) - medium. + HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36403.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24097 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/htslib/OSV-2020-955.yaml + https://github.com/samtools/htslib/commit/dcd4b7304941a8832fba2d0fc4c1e716e7a4e72c + + + + + + + + + + CVE-2020-36421 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36421.html + https://github.com/ARMmbed/mbedtls/issues/3394 + https://bugs.gentoo.org/730752 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 + https://github.com/ARMmbed/mbedtls/pull/3398 + + + + + + + + + + CVE-2020-36422 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36422.html + https://bugs.gentoo.org/730752 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 + + + + + + + + + + CVE-2020-36423 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36423.html + https://bugs.gentoo.org/730752 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 + + + + + + + + + + CVE-2020-36424 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36424.html + https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17 + https://bugs.gentoo.org/740108 + + + + + + + + + + CVE-2020-36425 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36425.html + https://github.com/ARMmbed/mbedtls/pull/3433 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0 + https://github.com/ARMmbed/mbedtls/issues/3340 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17 + https://github.com/ARMmbed/mbedtls/pull/3433 + https://bugs.gentoo.org/740108 + + + + + + + + + + CVE-2020-36426 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36426.html + https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0 + https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17 + https://bugs.gentoo.org/740108 + + + + + + + + + + CVE-2020-36427 on Ubuntu 20.04 (focal) - medium. + GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36427.html + https://mail.gnome.org/archives/gthumb-list/2020-September/msg00001.html + https://download.gnome.org/sources/gthumb/3.10/gthumb-3.10.1.news + + + + + + + + + + CVE-2020-36430 on Ubuntu 20.04 (focal) - medium. + libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-20 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36430.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml + https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632 + + + + + + + + + + CVE-2020-3862 on Ubuntu 20.04 (focal) - medium. + A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 21:15:00 UTC + 2020-02-14 + Srikanth Gatta + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3862.html + https://webkitgtk.org/security/WSA-2020-0002.html + https://ubuntu.com/security/notices/USN-4281-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3864 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-27 21:15:00 UTC + 2020-02-14 + Ryan Pickren + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3864.html + https://webkitgtk.org/security/WSA-2020-0002.html + https://ubuntu.com/security/notices/USN-4281-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3865 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 21:15:00 UTC + 2020-02-14 + Ryan Pickren + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3865.html + https://webkitgtk.org/security/WSA-2020-0002.html + https://ubuntu.com/security/notices/USN-4281-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3867 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 21:15:00 UTC + 2020-02-14 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3867.html + https://webkitgtk.org/security/WSA-2020-0002.html + https://ubuntu.com/security/notices/USN-4281-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3868 on Ubuntu 20.04 (focal) - medium. + Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 21:15:00 UTC + 2020-02-14 + Marcin Towalski + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3868.html + https://webkitgtk.org/security/WSA-2020-0002.html + https://ubuntu.com/security/notices/USN-4281-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3885 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3885.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3894 on Ubuntu 20.04 (focal) - medium. + A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3894.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3895 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3895.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3897 on Ubuntu 20.04 (focal) - medium. + A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3897.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3899 on Ubuntu 20.04 (focal) - medium. + A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 18:15:00 UTC + 2020-04-28 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3899.html + https://webkitgtk.org/security/WSA-2020-0005.html + https://ubuntu.com/security/notices/USN-4347-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3900 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3900.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3901 on Ubuntu 20.04 (focal) - medium. + A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3901.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-3902 on Ubuntu 20.04 (focal) - medium. + An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3902.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-4030 on Ubuntu 20.04 (focal) - medium. + In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 22:15:00 UTC + 2020-06-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4030.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 + http://www.freerdp.com/2020/06/22/2_1_2-released + https://ubuntu.com/security/notices/USN-4481-1 + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-4033 on Ubuntu 20.04 (focal) - low. + In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 22:15:00 UTC + 2020-06-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4033.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8 + http://www.freerdp.com/2020/06/22/2_1_2-released + https://ubuntu.com/security/notices/USN-4481-1 + + + + mdeslaur> The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS mdeslaur> does not build a server library. This is simply a client mdeslaur> denial of service that has a negligible security impact. + + + + + + + + + CVE-2020-4044 on Ubuntu 20.04 (focal) - medium. + The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-30 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4044.html + https://github.com/neutrinolabs/xrdp/commit/0c791d073d0eb344ee7aaafd221513dc9226762c + https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.13.1 + https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4 + + + + + + + + + + CVE-2020-4046 on Ubuntu 20.04 (focal) - medium. + In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-12 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4046.html + https://core.trac.wordpress.org/changeset/47947 + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf + https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-4047 on Ubuntu 20.04 (focal) - medium. + In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-12 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4047.html + https://core.trac.wordpress.org/changeset/47948 + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27 + https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f + https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-4048 on Ubuntu 20.04 (focal) - medium. + In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-12 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4048.html + https://core.trac.wordpress.org/changeset/47949 + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5 + https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693 + https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-4049 on Ubuntu 20.04 (focal) - low. + In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-12 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4049.html + https://core.trac.wordpress.org/changeset/47950 + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p + https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148 + https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-4050 on Ubuntu 20.04 (focal) - low. + In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-12 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962685 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4050.html + https://core.trac.wordpress.org/changeset/47951 + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc + https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920 + https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/ + + + + + + + + + + CVE-2020-4051 on Ubuntu 20.04 (focal) - medium. + In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4051.html + https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301 + https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 + + + + + + + + + + CVE-2020-4054 on Ubuntu 20.04 (focal) - medium. + In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-16 22:15:00 UTC + 2020-06-16 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4054.html + https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m + https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9 + https://github.com/rgrove/sanitize/releases/tag/v5.2.1 + https://ubuntu.com/security/notices/USN-4543-1 + + + + + + + + + + CVE-2020-5202 on Ubuntu 20.04 (focal) - medium. + apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5202.html + https://www.openwall.com/lists/oss-security/2020/01/20/4 + + + + + + + + + + CVE-2020-5208 on Ubuntu 20.04 (focal) - medium. + It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-05 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5208.html + https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 + https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + + + + + + + + + + CVE-2020-5209 on Ubuntu 20.04 (focal) - low. + In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5209.html + https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8 + https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 + + + + msalvatore> Nethack is installed sgid games, but not suid or sgid root. + + + + + + + + + CVE-2020-5210 on Ubuntu 20.04 (focal) - low. + In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5210.html + https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp + https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 + https://nethack.org/security/CVE-2020-5210.html + + + + msalvatore> Nethack is installed sgid games, but not suid or sgid root. + + + + + + + + + CVE-2020-5211 on Ubuntu 20.04 (focal) - low. + In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5211.html + https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7 + + + + msalvatore> Nethack is installed sgid games, but not suid or sgid root. + + + + + + + + + CVE-2020-5212 on Ubuntu 20.04 (focal) - low. + In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5212.html + https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56 + + + + msalvatore> Nethack is installed sgid games, but not suid or sgid root. + + + + + + + + + CVE-2020-5213 on Ubuntu 20.04 (focal) - low. + In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5213.html + https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v + https://nethack.org/security/CVE-2020-5213.html + + + + msalvatore> Nethack is installed sgid games, but not suid or sgid root. + + + + + + + + + CVE-2020-5214 on Ubuntu 20.04 (focal) - low. + In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5214.html + https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6 + https://nethack.org/security/CVE-2020-5214.html + + + + msalvatore> Nethack is installed sgid games, but not suid or sgid root. + + + + + + + + + CVE-2020-5216 on Ubuntu 20.04 (focal) - medium. + In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-23 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949998 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5216.html + https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg + https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0 + + + + + + + + + + CVE-2020-5217 on Ubuntu 20.04 (focal) - medium. + In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so they pretty much all come before script-src. A previously undefined directive would receive a value even if SecureHeaders::OPT_OUT was supplied. The fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s. Depending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-23 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949999 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5217.html + https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c + https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3 + https://github.com/twitter/secure_headers/issues/418 + https://github.com/twitter/secure_headers/pull/421 + + + + + + + + + + CVE-2020-5225 on Ubuntu 20.04 (focal) - medium. + Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-24 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5225.html + https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww + https://simplesamlphp.org/security/202001-02 + + + + + + + + + + CVE-2020-5238 on Ubuntu 20.04 (focal) - low. + The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-01 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965984 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965983 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965981 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965982 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965980 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5238.html + https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85 + https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4 + + + + + + + + + + + + + + + + CVE-2020-5243 on Ubuntu 20.04 (focal) - medium. + uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-21 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5243.html + https://github.com/ua-parser/uap-core/commit/0afd61ed85396a3b5316f18bfd1edfaadf8e88e1 + https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p + + + + + + + + + + CVE-2020-5253 on Ubuntu 20.04 (focal) - medium. + NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5253.html + https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m + https://github.com/NetHack/NetHack/commits/612755bfb5c412079795c68ba392df5d93874ed8 + https://nethack.org/security/CVE-2020-5253.html + + + + + + + + + + CVE-2020-5254 on Ubuntu 20.04 (focal) - medium. + In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5254.html + https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9 + https://nethack.org/security/CVE-2020-5254.html + + + + debian> Vulnerable code introduced in 3.6.1 + + + + + + + + + CVE-2020-5255 on Ubuntu 20.04 (focal) - medium. + In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response&#39;s content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-30 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5255.html + https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header + https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6 + https://github.com/symfony/symfony/security/advisories/GHSA-mcx4-f5f5-4859 + + + + + + + + + + CVE-2020-5258 on Ubuntu 20.04 (focal) - medium. + In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953585 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5258.html + https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 + https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d + + + + + + + + + + CVE-2020-5259 on Ubuntu 20.04 (focal) - medium. + In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953587 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5259.html + https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw + https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da + + + + + + + + + + CVE-2020-5267 on Ubuntu 20.04 (focal) - medium. + In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5267.html + https://www.openwall.com/lists/oss-security/2020/03/19/1 + http://www.openwall.com/lists/oss-security/2020/03/19/1 + https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a + https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv + https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2020-5274 on Ubuntu 20.04 (focal) - medium. + In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-30 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5274.html + https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler + https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad + https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db + https://github.com/symfony/symfony/security/advisories/GHSA-m884-279h-32v2 + + + + + + + + + + CVE-2020-5275 on Ubuntu 20.04 (focal) - medium. + In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. The accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute. This issue is patched in versions 4.4.7 and 5.0.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-30 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5275.html + https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy + https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf + https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72 + + + + + + + + + + CVE-2020-5395 on Ubuntu 20.04 (focal) - medium. + FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-03 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948231 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5395.html + https://github.com/fontforge/fontforge/issues/4084 + + + + + + + + + + CVE-2020-5397 on Ubuntu 20.04 (focal) - medium. + Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5397.html + https://pivotal.io/security/cve-2020-5397 + + + + + + + + + + CVE-2020-5398 on Ubuntu 20.04 (focal) - medium. + In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-17 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5398.html + https://pivotal.io/security/cve-2020-5398 + + + + + + + + + + CVE-2020-5421 on Ubuntu 20.04 (focal) - medium. + In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-19 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5421.html + https://tanzu.vmware.com/security/cve-2020-5421 + + + + + + + + + + CVE-2020-5496 on Ubuntu 20.04 (focal) - medium. + FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-03 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948231 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5496.html + https://github.com/fontforge/fontforge/issues/4085 + + + + + + + + + + CVE-2020-5504 on Ubuntu 20.04 (focal) - medium. + In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted username. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-09 22:15:00 UTC + 2020-01-09 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5504.html + https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983 + https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b + https://www.phpmyadmin.net/security/PMASA-2020-1/ + https://ubuntu.com/security/notices/USN-4639-1 + + + + + + + + + + CVE-2020-5991 on Ubuntu 20.04 (focal) - medium. + NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-30 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973543 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5991.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5094 + + + + + + + + + + CVE-2020-6070 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-10 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6070.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-0988 + + + + + + + + + + CVE-2020-6071 on Ubuntu 20.04 (focal) - medium. + An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6071.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994 + + + + + + + + + + CVE-2020-6072 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6072.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995 + + + + + + + + + + CVE-2020-6073 on Ubuntu 20.04 (focal) - medium. + An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6073.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996 + + + + + + + + + + CVE-2020-6077 on Ubuntu 20.04 (focal) - medium. + An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6077.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000 + + + + + + + + + + CVE-2020-6078 on Ubuntu 20.04 (focal) - medium. + An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6078.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001 + + + + + + + + + + CVE-2020-6079 on Ubuntu 20.04 (focal) - medium. + An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6079.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 + + + + + + + + + + CVE-2020-6080 on Ubuntu 20.04 (focal) - medium. + An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6080.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 + + + + + + + + + + CVE-2020-6095 on Ubuntu 20.04 (focal) - medium. + An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-27 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6095.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018 + https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a + + + + + + + + + + CVE-2020-6096 on Ubuntu 20.04 (focal) - low. + An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 22:15:00 UTC + 2020-04-01 22:15:00 UTC + sbeattie + Jason Royes and Samuel Dytrych + https://sourceware.org/bugzilla/show_bug.cgi?id=25620 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6096.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019 + https://ubuntu.com/security/notices/USN-4954-1 + + + + + + + + + + CVE-2020-6097 on Ubuntu 20.04 (focal) - medium. + An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-10 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6097.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 + + + + + + + + + + CVE-2020-6098 on Ubuntu 20.04 (focal) - medium. + An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-28 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6098.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030 + + + + + + + + + + CVE-2020-6104 on Ubuntu 20.04 (focal) - medium. + An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-15 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6104.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046 + + + + + + + + + + CVE-2020-6105 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-15 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6105.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047 + + + + + + + + + + CVE-2020-6106 on Ubuntu 20.04 (focal) - medium. + An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-15 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6106.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048 + + + + + + + + + + CVE-2020-6107 on Ubuntu 20.04 (focal) - medium. + An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-15 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6107.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049 + + + + + + + + + + CVE-2020-6108 on Ubuntu 20.04 (focal) - medium. + An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-15 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6108.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050 + + + + + + + + + + CVE-2020-6463 on Ubuntu 20.04 (focal) - medium. + Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-21 04:15:00 UTC + 2020-05-21 04:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6463.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-6463 + https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html + https://crbug.com/1065186 + https://ubuntu.com/security/notices/USN-4443-1 + + + + amurray> The Debian chromium source package is called chromium-browser in Ubuntu mdeslaur> starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-6514 on Ubuntu 20.04 (focal) - medium. + Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-22 17:15:00 UTC + 2020-07-22 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6514.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-6514 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-6514 + https://ubuntu.com/security/notices/USN-4443-1 + + + + amurray> The Debian chromium source package is called chromium-browser in Ubuntu mdeslaur> starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap + + + + + + + + + + + + CVE-2020-6581 on Ubuntu 20.04 (focal) - low. + Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6581.html + https://herolab.usd.de/security-advisories/ + https://herolab.usd.de/security-advisories/usd-2020-0002/ + + + + leosilva> fix in the commit link are the part for proper leosilva> processing of nasty_metachars + + + + + + + + + CVE-2020-6582 on Ubuntu 20.04 (focal) - low. + Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6582.html + https://herolab.usd.de/security-advisories/ + https://herolab.usd.de/security-advisories/usd-2020-0001/ + + + + + + + + + + CVE-2020-6617 on Ubuntu 20.04 (focal) - medium. + stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6617.html + https://github.com/nothings/stb/issues/864 + + + + + + + + + + CVE-2020-6618 on Ubuntu 20.04 (focal) - medium. + stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6618.html + https://github.com/nothings/stb/issues/866 + + + + + + + + + + CVE-2020-6619 on Ubuntu 20.04 (focal) - medium. + stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6619.html + https://github.com/nothings/stb/issues/863 + + + + + + + + + + CVE-2020-6620 on Ubuntu 20.04 (focal) - medium. + stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6620.html + https://github.com/nothings/stb/issues/868 + + + + + + + + + + CVE-2020-6621 on Ubuntu 20.04 (focal) - medium. + stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6621.html + https://github.com/nothings/stb/issues/867 + + + + + + + + + + CVE-2020-6622 on Ubuntu 20.04 (focal) - medium. + stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6622.html + https://github.com/nothings/stb/issues/869 + + + + + + + + + + CVE-2020-6623 on Ubuntu 20.04 (focal) - medium. + stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6623.html + https://github.com/nothings/stb/issues/865 + + + + + + + + + + CVE-2020-6624 on Ubuntu 20.04 (focal) - medium. + jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-09 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6624.html + https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744 + + + + + + + + + + CVE-2020-6625 on Ubuntu 20.04 (focal) - medium. + jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-09 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6625.html + https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746 + + + + + + + + + + CVE-2020-6630 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-09 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6630.html + https://github.com/gpac/gpac/issues/1377 + https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 + + + + + + + + + + CVE-2020-6631 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-09 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6631.html + https://github.com/gpac/gpac/issues/1378 + https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 + + + + + + + + + + CVE-2020-6796 on Ubuntu 20.04 (focal) - medium. + A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 05:15:00 UTC + 2020-02-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6796.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796 + https://ubuntu.com/security/notices/USN-4278-1 + https://ubuntu.com/security/notices/USN-4278-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-6798 on Ubuntu 20.04 (focal) - medium. + If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 05:15:00 UTC + 2020-02-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6798.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6798 + https://ubuntu.com/security/notices/USN-4278-1 + https://ubuntu.com/security/notices/USN-4278-2 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6800 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 05:15:00 UTC + 2020-02-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6800.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6800 + https://ubuntu.com/security/notices/USN-4278-1 + https://ubuntu.com/security/notices/USN-4278-2 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6802 on Ubuntu 20.04 (focal) - medium. + In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951907 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6802.html + https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) + https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r + https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd + + + + + + + + + + CVE-2020-6805 on Ubuntu 20.04 (focal) - medium. + When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6805.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805 + https://ubuntu.com/security/notices/USN-4299-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6806 on Ubuntu 20.04 (focal) - medium. + By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6806.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806 + https://ubuntu.com/security/notices/USN-4299-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6807 on Ubuntu 20.04 (focal) - medium. + When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6807.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807 + https://ubuntu.com/security/notices/USN-4299-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6808 on Ubuntu 20.04 (focal) - medium. + When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6808.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808 + https://ubuntu.com/security/notices/USN-4299-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-6809 on Ubuntu 20.04 (focal) - medium. + When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-10 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6809.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809 + https://ubuntu.com/security/notices/USN-4299-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-6810 on Ubuntu 20.04 (focal) - medium. + After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6810.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810 + https://ubuntu.com/security/notices/USN-4299-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-6811 on Ubuntu 20.04 (focal) - medium. + The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6811.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811 + https://ubuntu.com/security/notices/USN-4299-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6812 on Ubuntu 20.04 (focal) - low. + The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6812.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812 + https://ubuntu.com/security/notices/USN-4299-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6813 on Ubuntu 20.04 (focal) - low. + When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6813.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813 + https://ubuntu.com/security/notices/USN-4299-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-6814 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6814.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814 + https://ubuntu.com/security/notices/USN-4299-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6815 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 74. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-25 22:15:00 UTC + 2020-03-11 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6815.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 + https://ubuntu.com/security/notices/USN-4299-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-6816 on Ubuntu 20.04 (focal) - medium. + In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954236 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6816.html + https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public) + https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 + https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986 + + + + + + + + + + CVE-2020-6817 on Ubuntu 20.04 (focal) - medium. + [Regular expression denial of service] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955388 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6817.html + https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm + https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 + https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69 + https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7 + + + + + + + + + + CVE-2020-6821 on Ubuntu 20.04 (focal) - medium. + When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 16:15:00 UTC + 2020-04-07 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6821.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821 + https://ubuntu.com/security/notices/USN-4323-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-6822 on Ubuntu 20.04 (focal) - medium. + On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 16:15:00 UTC + 2020-04-07 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6822.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6822 + https://ubuntu.com/security/notices/USN-4323-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-6823 on Ubuntu 20.04 (focal) - medium. + A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 16:15:00 UTC + 2020-04-07 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6823.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823 + https://ubuntu.com/security/notices/USN-4323-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6824 on Ubuntu 20.04 (focal) - medium. + Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability affects Firefox < 75. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 16:15:00 UTC + 2020-04-07 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6824.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6824 + https://ubuntu.com/security/notices/USN-4323-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6825 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 16:15:00 UTC + 2020-04-07 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6825.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6825 + https://ubuntu.com/security/notices/USN-4323-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-6826 on Ubuntu 20.04 (focal) - medium. + Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 75. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 16:15:00 UTC + 2020-04-07 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6826.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826 + https://ubuntu.com/security/notices/USN-4323-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2020-6831 on Ubuntu 20.04 (focal) - medium. + A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 18:15:00 UTC + 2020-05-06 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6831.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-6831 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831 + https://ubuntu.com/security/notices/USN-4353-1 + https://ubuntu.com/security/notices/USN-4373-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2020-6838 on Ubuntu 20.04 (focal) - medium. + In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-11 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6838.html + https://github.com/mruby/mruby/issues/4926 + https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 + https://github.com/mruby/mruby/commit/70e574689664c10ed2c47581999cc2ce3e3c5afb + https://github.com/mruby/mruby/commit/2742ded32fe18f88833d76b297f5c2170b6880c3 + + + + + + + + + + CVE-2020-6839 on Ubuntu 20.04 (focal) - medium. + In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-11 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6839.html + https://github.com/mruby/mruby/issues/4929 + https://github.com/mruby/mruby/commit/2124b9b4c95e66e63b1eb26a8dab49753b82fd6c + + + + + + + + + + CVE-2020-6840 on Ubuntu 20.04 (focal) - medium. + In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-11 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6840.html + https://github.com/mruby/mruby/issues/4927 + https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 + + + + + + + + + + CVE-2020-6851 on Ubuntu 20.04 (focal) - medium. + OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-13 06:15:00 UTC + 2020-01-13 06:15:00 UTC + https://github.com/uclouvain/openjpeg/issues/1228 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950000 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6851.html + https://ubuntu.com/security/notices/USN-4686-1 + + + + + + + + + + + + + + + + CVE-2020-6860 on Ubuntu 20.04 (focal) - medium. + libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-13 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6860.html + https://github.com/hoene/libmysofa/issues/96 + https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85 + + + + + + + + + + CVE-2020-7010 on Ubuntu 20.04 (focal) - untriaged. + Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-06-03 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7010.html + https://www.elastic.co/community/security/ + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-7039 on Ubuntu 20.04 (focal) - medium. + tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out-of-bounds access, which can lead to a denial of service (application crash) or potential execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-16 23:15:00 UTC + 2020-01-16 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7039.html + https://www.openwall.com/lists/oss-security/2020/01/16/2 + https://ubuntu.com/security/notices/USN-4283-1 + https://ubuntu.com/security/notices/USN-4632-1 + + + + mdeslaur> possible better approach would be to disable tcp_emu completely mdeslaur> https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91 + + + + + + + + + + + + CVE-2020-7041 on Ubuntu 20.04 (focal) - low. + An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7041.html + https://github.com/adrienverge/openfortivpn/issues/536 + https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91 + https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 + + + + + + + + + + CVE-2020-7042 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7042.html + https://github.com/adrienverge/openfortivpn/issues/536 + https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3 + https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 + + + + + + + + + + CVE-2020-7043 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7043.html + https://github.com/adrienverge/openfortivpn/issues/536 + https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8 + https://github.com/adrienverge/openfortivpn/commit/cd9368c6a1b4ef91d77bb3fdbe2e5bc34aa6f4c4 + + + + + + + + + + CVE-2020-7045 on Ubuntu 20.04 (focal) - low. + In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-16 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7045.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d + https://www.wireshark.org/security/wnpa-sec-2020-02.html + + + + + + + + + + CVE-2020-7058 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7058.html + https://github.com/Cacti/cacti/issues/3186 + https://github.com/Cacti/cacti/issues/3186#issuecomment-574444803 + + + + + + + + + + CVE-2020-7068 on Ubuntu 20.04 (focal) - low. + In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-09 18:15:00 UTC + 2020-09-09 18:15:00 UTC + mdeslaur + https://bugs.php.net/bug.php?id=79797 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7068.html + https://access.redhat.com/security/cve/CVE-2020-7068 + https://ubuntu.com/security/notices/USN-5006-1 + https://ubuntu.com/security/notices/USN-5006-2 + + + + + + + + + + CVE-2020-7071 on Ubuntu 20.04 (focal) - low. + In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-15 04:15:00 UTC + 2021-02-15 04:15:00 UTC + mdeslaur + https://bugs.php.net/bug.php?id=77423 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7071.html + https://ubuntu.com/security/notices/USN-5006-1 + https://ubuntu.com/security/notices/USN-5006-2 + + + + mdeslaur> original fix in 7.3.26 introduced a regression and was reverted mdeslaur> with an improved fix in 7.3.27 + + + + + + + + + CVE-2020-7105 on Ubuntu 20.04 (focal) - medium. + async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. It was discovered that Hiredis did not properly catch unsuccessful attempts to allocate memory, resulting in null pointer dereferences. An attacker could potentially use this to cause Hiredis to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-16 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7105.html + https://github.com/redis/hiredis/issues/747 + + + + + + + + + + CVE-2020-7106 on Ubuntu 20.04 (focal) - medium. + Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). It was discovered that Cacti has a XSS vulnerability. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-16 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7106.html + https://github.com/Cacti/cacti/issues/3191 + + + + + + + + + + CVE-2020-7218 on Ubuntu 20.04 (focal) - low. + HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7218.html + https://github.com/hashicorp/nomad/issues/7002 + https://www.hashicorp.com/blog/category/nomad/ + + + + + + + + + + CVE-2020-7219 on Ubuntu 20.04 (focal) - medium. + HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-31 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7219.html + https://github.com/hashicorp/consul/issues/7159 + https://www.hashicorp.com/blog/category/consul/ + + + + + + + + + + CVE-2020-7237 on Ubuntu 20.04 (focal) - medium. + Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-20 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7237.html + https://github.com/Cacti/cacti/issues/3201 + + + + + + + + + + CVE-2020-7238 on Ubuntu 20.04 (focal) - medium. + Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. It was discovered that Netty has HTTP request smuggling vulnerability. A remote attacker could use it to extract sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-27 17:15:00 UTC + 2020-01-27 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7238.html + https://bugzilla.redhat.com/show_bug.cgi?id=1796225 + https://github.com/jdordonezn/CVE-2020-72381/issues/1 + https://netty.io/news/ + https://ubuntu.com/security/notices/USN-4600-1 + + + + + + + + + + CVE-2020-7247 on Ubuntu 20.04 (focal) - high. + smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-01-29 16:15:00 UTC + 2020-01-29 16:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/opensmtpd/+bug/1861242 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950121 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7247.html + https://www.openwall.com/lists/oss-security/2020/01/28/3 + https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig + https://github.com/OpenSMTPD/OpenSMTPD/commit/be6ef06cba9484d008d9f057e6b25d863cf278ff (opensmtpd-6.4.0) + http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html + http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html + http://www.openwall.com/lists/oss-security/2020/01/28/3 + https://seclists.org/bugtraq/2020/Jan/51 + https://www.debian.org/security/2020/dsa-4611 + https://www.kb.cert.org/vuls/id/390745 + https://www.openbsd.org/security.html + https://ubuntu.com/security/notices/USN-4268-1 + + + + + + + + + + CVE-2020-7598 on Ubuntu 20.04 (focal) - medium. + minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-11 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7598.html + https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 + + + + + + + + + + CVE-2020-7608 on Ubuntu 20.04 (focal) - medium. + yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-16 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7608.html + https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 + https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2 + https://gist.github.com/Kirill89/dcd8100d010896157a36624119439832 + + + + + + + + + + CVE-2020-7610 on Ubuntu 20.04 (focal) - medium. + All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-30 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7610.html + https://snyk.io/vuln/SNYK-JS-BSON-561052 + https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8 + + + + seth-arnold> The github patch link from snyk.io shows a diff with 'serializer.js', but the description is for Deserialization. I don't know if this is intentoinal or not. + + + + + + + + + CVE-2020-7663 on Ubuntu 20.04 (focal) - medium. + websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-02 19:15:00 UTC + 2020-06-02 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7663.html + https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions + https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b + https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2 + https://snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830 + https://ubuntu.com/security/notices/USN-4502-1 + + + + + + + + + + CVE-2020-7676 on Ubuntu 20.04 (focal) - low. + angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-08 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7676.html + https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 + + + + + + + + + + CVE-2020-7694 on Ubuntu 20.04 (focal) - medium. + This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-27 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7694.html + https://github.com/encode/uvicorn + https://snyk.io/vuln/SNYK-PYTHON-UVICORN-575560 + + + + + + + + + + CVE-2020-7695 on Ubuntu 20.04 (focal) - medium. + Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-27 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7695.html + https://github.com/encode/uvicorn + https://snyk.io/vuln/SNYK-PYTHON-UVICORN-570471 + + + + + + + + + + CVE-2020-7720 on Ubuntu 20.04 (focal) - medium. + The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-01 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7720.html + https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 + https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756 + https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293 + + + + + + + + + + CVE-2020-7729 on Ubuntu 20.04 (focal) - medium. + The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-03 09:15:00 UTC + 2020-09-03 09:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969668 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7729.html + https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7 + https://snyk.io/vuln/SNYK-JS-GRUNT-597546 + https://ubuntu.com/security/notices/USN-4595-1 + + + + + + + + + + CVE-2020-7733 on Ubuntu 20.04 (focal) - low. + The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7733.html + https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d + https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665 + + + + sbeattie> No affected version present in the Debian archive, introduced after 0.7.14 and fixed in 0.7.22. + + + + + + + + + CVE-2020-7739 on Ubuntu 20.04 (focal) - medium. + This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7739.html + https://github.com/areverberi/phantomjs-seo/blob/083f66892f97d67031668decb917389ffc32a94c/index.js%23L17 + https://snyk.io/vuln/SNYK-JS-PHANTOMJSSEO-609638 + + + + + + + + + + CVE-2020-7746 on Ubuntu 20.04 (focal) - low. + This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-29 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7746.html + https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716 + https://github.com/chartjs/Chart.js/pull/7920 + + + + + + + + + + CVE-2020-7751 on Ubuntu 20.04 (focal) - medium. + pathval before version 1.1.1 is vulnerable to prototype pollution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-26 12:17:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972895 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7751.html + https://snyk.io/vuln/SNYK-JS-PATHVAL-596926 + https://github.com/chaijs/pathval/pull/58 + + + + + + + + + + CVE-2020-7760 on Ubuntu 20.04 (focal) - medium. + This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)* + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-30 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7760.html + https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb + https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447 + https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937 + + + + + + + + + + CVE-2020-7769 on Ubuntu 20.04 (focal) - medium. + This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-12 09:15:00 UTC + Vineet Kumar + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7769.html + https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75 + https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742 + https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834 + + + + + + + + + + CVE-2020-7774 on Ubuntu 20.04 (focal) - low. + This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-17 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7774.html + https://github.com/yargs/y18n/issues/96 + https://github.com/yargs/y18n/pull/108 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306 + https://snyk.io/vuln/SNYK-JS-Y18N-1021887 + + + + + + + + + + CVE-2020-7788 on Ubuntu 20.04 (focal) - medium. + This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7788.html + https://snyk.io/vuln/SNYK-JS-INI-1048974 + https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6) + https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 + + + + + + + + + + CVE-2020-7793 on Ubuntu 20.04 (focal) - medium. + The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7793.html + https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 + https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18 (0.7.23) + https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-1050388 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050387 + + + + + + + + + + CVE-2020-7919 on Ubuntu 20.04 (focal) - medium. + Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-16 21:15:00 UTC + https://github.com/golang/go/issues/36837 + https://github.com/golang/go/issues/36838 (Go 1.13) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7919.html + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + CVE-2020-7921 on Ubuntu 20.04 (focal) - medium. + Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects: MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3; 4.0 versions prior to 4.0.15; 4.3 versions prior to 4.3.3; 3.6 versions prior to 3.6.18. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-06 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7921.html + https://jira.mongodb.org/browse/SERVER-45472 + + + + + + + + + + CVE-2020-7923 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to 4.0.19. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7923.html + https://jira.mongodb.org/browse/SERVER-47773 + https://github.com/mongodb/mongo/commit/c8ced6df8f620daaa2e539f192f2eef356c63e9c + + + + + + + + + + CVE-2020-7925 on Ubuntu 20.04 (focal) - medium. + Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7925.html + https://jira.mongodb.org/browse/SERVER-49142 + + + + + + + + + + CVE-2020-7928 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7928.html + https://jira.mongodb.org/browse/SERVER-49404 + + + + + + + + + + CVE-2020-7929 on Ubuntu 20.04 (focal) - medium. + A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-01 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7929.html + https://jira.mongodb.org/browse/SERVER-51083 + + + + + + + + + + CVE-2020-7943 on Ubuntu 20.04 (focal) - medium. + Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-11 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7943.html + https://puppet.com/security/cve/CVE-2020-7943/ + + + + + + + + + + CVE-2020-7955 on Ubuntu 20.04 (focal) - low. + HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-31 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7955.html + https://github.com/hashicorp/consul/issues/7160 + + + + + + + + + + CVE-2020-7956 on Ubuntu 20.04 (focal) - medium. + HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-31 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7956.html + https://github.com/hashicorp/nomad/issues/7003 + + + + + + + + + + CVE-2020-7993 on Ubuntu 20.04 (focal) - medium. + Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-03 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7993.html + https://github.com/prototypejs/prototype/blob/master/CHANGELOG + https://medium.com/@vbharad/improper-access-control-vulnerability-in-prototype-1-6-0-1-framework-379cc3a05079 + + + + + + + + + + CVE-2020-8021 on Ubuntu 20.04 (focal) - untriaged. + a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8021.html + https://bugzilla.suse.com/show_bug.cgi?id=1171649 + + + + + + + + + + CVE-2020-8024 on Ubuntu 20.04 (focal) - low. + A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-29 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8024.html + https://bugzilla.suse.com/show_bug.cgi?id=1172731 + + + + + + + + + + CVE-2020-8032 on Ubuntu 20.04 (focal) - low. + A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-25 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8032.html + https://bugzilla.suse.com/show_bug.cgi?id=1180669 + + + + + + + + + + CVE-2020-8037 on Ubuntu 20.04 (focal) - low. + The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-04 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8037.html + + + + + + + + + + CVE-2020-8086 on Ubuntu 20.04 (focal) - medium. + The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8086.html + https://hg.prosody.im/prosody-modules/rev/f2b29183ef08 + https://prosody.im/security/advisory_20200128/ + https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap/mod_auth_ldap.lua + https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap2/mod_auth_ldap2.lua + + + + + + + + + + CVE-2020-8112 on Ubuntu 20.04 (focal) - medium. + opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. It was discovered that OpenJPEG did not properly handle certain input. If OpenJPEG were supplied with specially crafted input, it could be made to crash or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 18:15:00 UTC + 2020-01-28 18:15:00 UTC + https://github.com/uclouvain/openjpeg/issues/1231 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950184 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8112.html + https://lists.debian.org/debian-lts-announce/2020/01/msg00035.html + https://ubuntu.com/security/notices/USN-4686-1 + + + + + + + + + + + + + + + + CVE-2020-8116 on Ubuntu 20.04 (focal) - medium. + Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-04 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8116.html + https://hackerone.com/reports/719856 + https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2 + + + + + + + + + + CVE-2020-8151 on Ubuntu 20.04 (focal) - medium. + There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-12 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8151.html + https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8 + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2020-8159 on Ubuntu 20.04 (focal) - medium. + There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-12 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8159.html + https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 + + + + + + + + + + CVE-2020-8161 on Ubuntu 20.04 (focal) - low. + A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-02 19:15:00 UTC + 2020-07-02 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8161.html + https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ + https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e + https://ubuntu.com/security/notices/USN-4561-1 + https://ubuntu.com/security/notices/USN-4561-2 + + + + + + + + + + CVE-2020-8162 on Ubuntu 20.04 (focal) - untriaged. + A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-06-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8162.html + https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released + https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2020-8163 on Ubuntu 20.04 (focal) - untriaged. + The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-07-02 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8163.html + https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/ + https://github.com/rails/rails/commit/4c46a15e0a7815ca9e4cd7c7fda042eb8c1b7724 (4.2.11.2) + https://github.com/rails/rails/commit/1f3db0ad793441a0c00e85d56228fc80aafbe6c1 (4.2.11.3) + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2020-8164 on Ubuntu 20.04 (focal) - medium. + A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8164.html + https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2020-8165 on Ubuntu 20.04 (focal) - untriaged. + A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-06-19 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8165.html + https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released + https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 + https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2020-8166 on Ubuntu 20.04 (focal) - untriaged. + A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-07-02 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8166.html + https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released + https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1 + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2020-8167 on Ubuntu 20.04 (focal) - untriaged. + A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-06-19 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8167.html + https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released + https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3 + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2020-8172 on Ubuntu 20.04 (focal) - medium. + TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-08 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8172.html + https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172 + + + + + + + + + + CVE-2020-8174 on Ubuntu 20.04 (focal) - medium. + napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-24 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8174.html + https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#napi_get_value_string_-allows-various-kinds-of-memory-corruption-high-cve-2020-8174 + + + + + + + + + + CVE-2020-8178 on Ubuntu 20.04 (focal) - medium. + Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8178.html + https://hackerone.com/reports/690010 + + + + + + + + + + CVE-2020-8184 on Ubuntu 20.04 (focal) - medium. + A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-19 17:15:00 UTC + 2020-06-19 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963477 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8184.html + https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak + https://hackerone.com/reports/895727 + https://ubuntu.com/security/notices/USN-4561-1 + https://ubuntu.com/security/notices/USN-4561-2 + + + + + + + + + + CVE-2020-8185 on Ubuntu 20.04 (focal) - medium. + A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-02 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8185.html + https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2020-8189 on Ubuntu 20.04 (focal) - low. + A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8189.html + https://nextcloud.com/security/advisory/?id=NC-SA-2020-027 + https://hackerone.com/reports/685552 + + + + + + + + + + CVE-2020-8201 on Ubuntu 20.04 (focal) - medium. + Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-18 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8201.html + https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201 + https://hackerone.com/reports/922597 + https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ + + + + + + + + + + CVE-2020-8203 on Ubuntu 20.04 (focal) - medium. + Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8203.html + https://hackerone.com/reports/712065 + + + + + + + + + + CVE-2020-8225 on Ubuntu 20.04 (focal) - medium. + A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-18 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8225.html + https://nextcloud.com/security/advisory/?id=NC-SA-2020-031 + https://hackerone.com/reports/685990 + + + + + + + + + + CVE-2020-8227 on Ubuntu 20.04 (focal) - low. + Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8227.html + https://nextcloud.com/security/advisory/?id=NC-SA-2020-032 + https://hackerone.com/reports/590319 + + + + + + + + + + CVE-2020-8244 on Ubuntu 20.04 (focal) - medium. + A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-30 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969309 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8244.html + https://hackerone.com/reports/966347 + https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190 + + + + + + + + + + CVE-2020-8251 on Ubuntu 20.04 (focal) - medium. + Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-18 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8251.html + https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251 + https://hackerone.com/reports/868834 + https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ + + + + + + + + + + CVE-2020-8265 on Ubuntu 20.04 (focal) - medium. + Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8265.html + https://nodejs.org/en/blog/release/v10.23.1/ + https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed (v10.23.1) + + + + + + + + + + CVE-2020-8287 on Ubuntu 20.04 (focal) - medium. + Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8287.html + https://nodejs.org/en/blog/release/v10.23.1/ + https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e (v10.23.1) + + + + + + + + + + CVE-2020-8432 on Ubuntu 20.04 (focal) - low. + In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-29 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8432.html + https://lists.denx.de/pipermail/u-boot/2020-January/396799.html + https://lists.denx.de/pipermail/u-boot/2020-January/396853.html + https://www.mail-archive.com/u-boot@lists.denx.de/msg354060.html + https://www.mail-archive.com/u-boot@lists.denx.de/msg354114.html + + + + mdeslaur> per thread, introduced by: mdeslaur> https://gitlab.denx.de/u-boot/u-boot/commit/18030d04 + + + + + + + + + CVE-2020-8492 on Ubuntu 20.04 (focal) - low. + Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-30 19:15:00 UTC + 2020-01-30 19:15:00 UTC + https://bugs.python.org/issue39503 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8492.html + https://github.com/python/cpython/pull/18284 + https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html + https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 + https://ubuntu.com/security/notices/USN-4333-1 + https://ubuntu.com/security/notices/USN-4333-2 + https://ubuntu.com/security/notices/USN-4754-3 + + + + + + + + + + + + + CVE-2020-8516 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-02 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8516.html + https://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html + + + + + + + + + + CVE-2020-8552 on Ubuntu 20.04 (focal) - medium. + The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-27 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8552.html + https://github.com/kubernetes/kubernetes/issues/89378 + https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8554 on Ubuntu 20.04 (focal) - medium. + Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-21 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8554.html + https://www.openwall.com/lists/oss-security/2020/12/07/5 + https://github.com/kubernetes/kubernetes/issues/97076 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8555 on Ubuntu 20.04 (focal) - untriaged. + The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-06-05 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8555.html + https://github.com/kubernetes/kubernetes/issues/91542 + https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8557 on Ubuntu 20.04 (focal) - medium. + The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-23 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8557.html + https://github.com/kubernetes/kubernetes/issues/93032 + https://github.com/kubernetes/kubernetes/pull/92916 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8558 on Ubuntu 20.04 (focal) - medium. + The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-27 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8558.html + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8559 on Ubuntu 20.04 (focal) - medium. + The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-22 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8559.html + https://www.openwall.com/lists/oss-security/2020/07/15/6 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8562 on Ubuntu 20.04 (focal) - low. + [Unknown description] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-31 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8562.html + https://www.openwall.com/lists/oss-security/2021/05/04/8 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8563 on Ubuntu 20.04 (focal) - medium. + In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-07 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8563.html + https://github.com/kubernetes/kubernetes/pull/95236 + https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk + https://github.com/kubernetes/kubernetes/issues/95621 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8564 on Ubuntu 20.04 (focal) - medium. + In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-07 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972341 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8564.html + https://github.com/kubernetes/kubernetes/pull/94712 + https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk + https://github.com/kubernetes/kubernetes/issues/95622 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8565 on Ubuntu 20.04 (focal) - medium. + In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-07 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972341 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8565.html + https://github.com/kubernetes/kubernetes/pull/95316 + https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk + https://github.com/kubernetes/kubernetes/issues/95623 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8566 on Ubuntu 20.04 (focal) - medium. + In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-07 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972341 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8566.html + https://github.com/kubernetes/kubernetes/pull/95245 + https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk + https://github.com/kubernetes/kubernetes/issues/95624 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2020-8597 on Ubuntu 20.04 (focal) - medium. + eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-03 23:15:00 UTC + 2020-02-03 23:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950618 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8597.html + https://ubuntu.com/security/notices/USN-4288-1 + https://ubuntu.com/security/notices/USN-4288-2 + + + + + + + + + + + + + CVE-2020-8608 on Ubuntu 20.04 (focal) - medium. + In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. It was discovered that the SLiRP networking implementation of the QEMU emulator misuses snprintf return values. An attacker could use this to cause a denial of service (application crash) or potentially execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-06 17:15:00 UTC + 2020-02-06 17:15:00 UTC + Laszlo Ersek + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8608.html + https://www.openwall.com/lists/oss-security/2020/02/06/2 + https://ubuntu.com/security/notices/USN-4283-1 + https://ubuntu.com/security/notices/USN-4632-1 + + + + mdeslaur> possible better approach would be to disable tcp_emu completely mdeslaur> https://gitlab.freedesktop.org/slirp/libslirp/commit/07c2a44b67e219ac14207f7a1b33704e1312cf91 + + + + + + + + + + + + + CVE-2020-8631 on Ubuntu 20.04 (focal) - low. + cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-05 14:15:00 UTC + Marc Deslauriers + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8631.html + https://github.com/canonical/cloud-init/pull/204 + + + + + + + + + + CVE-2020-8632 on Ubuntu 20.04 (focal) - low. + In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-05 14:15:00 UTC + Dimitri John Ledkov + https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8632.html + https://github.com/canonical/cloud-init/pull/189 + + + + + + + + + + CVE-2020-8793 on Ubuntu 20.04 (focal) - low. + OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-25 17:15:00 UTC + 2020-02-25 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8793.html + https://ubuntu.com/security/notices/USN-4294-1 + + + + + + + + + + CVE-2020-8794 on Ubuntu 20.04 (focal) - high. + OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-02-25 17:15:00 UTC + 2020-02-25 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8794.html + https://ubuntu.com/security/notices/USN-4294-1 + + + + + + + + + + CVE-2020-8813 on Ubuntu 20.04 (focal) - medium. + graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-22 02:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951832 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8813.html + https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129 + https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ + https://github.com/Cacti/cacti/issues/3285 + https://github.com/Cacti/cacti/commit/fea919e8fe05bb730c802054661fd3a7ec029784 + https://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/view + https://github.com/Cacti/cacti/releases + + + + + + + + + + CVE-2020-8840 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-10 21:56:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8840.html + https://github.com/FasterXML/jackson-databind/issues/2620 + https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497 + + + + + + + + + + CVE-2020-8903 on Ubuntu 20.04 (focal) - medium. + A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8903.html + https://cloud.google.com/support/bulletins/#gcp-2020-008 + https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 + https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020 + + + + + + + + + + CVE-2020-8907 on Ubuntu 20.04 (focal) - medium. + A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8907.html + https://cloud.google.com/support/bulletins/#gcp-2020-008 + https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 + https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020 + + + + + + + + + + CVE-2020-8910 on Ubuntu 20.04 (focal) - low. + A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-26 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8910.html + https://github.com/google/closure-library/releases/tag/v20200315 + + + + amurray> The Debian chromium source package is called chromium-browser in Ubuntu mdeslaur> starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap mdeslaur> the third_party/google_input_tools directory doesn't look like it is built in Ubuntu binary packages, marking as not-affected + + + + + + + + + CVE-2020-8933 on Ubuntu 20.04 (focal) - medium. + A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8933.html + https://cloud.google.com/support/bulletins/#gcp-2020-008 + https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 + https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020 + + + + + + + + + + CVE-2020-8955 on Ubuntu 20.04 (focal) - medium. + irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-12 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8955.html + https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da + https://weechat.org/doc/security/ + + + + + + + + + + CVE-2020-9273 on Ubuntu 20.04 (focal) - medium. + In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-20 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9273.html + https://github.com/proftpd/proftpd/issues/903 + https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master) + https://github.com/proftpd/proftpd/commit/e845abc1bd86eebec7a0342fded908a1b0f1996b (1.3.6.c) + https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES + + + + + + + + + + CVE-2020-9274 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-26 16:15:00 UTC + 2020-02-26 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952666 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9274.html + https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa + https://www.pureftpd.org/project/pure-ftpd/news/ + https://ubuntu.com/security/notices/USN-4515-1 + + + + + + + + + + CVE-2020-9281 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-07 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9281.html + https://github.com/ckeditor/ckeditor4 + + + + + + + + + + CVE-2020-9283 on Ubuntu 20.04 (focal) - medium. + golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-20 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9283.html + http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html + https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY + + + + jdstrand> snapd contains an embedded copy of golang-go.crypto jdstrand> lxd in 18.04 LTS and earlier contains an embedded copy of golang-go.crypto mdeslaur> snapd and lxd only use the terminal sub-package, not the ssh mdeslaur> part of golang-go.crypto, so they are not vulnerable + + + + + + + + + + + + CVE-2020-9355 on Ubuntu 20.04 (focal) - untriaged. + danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-02-23 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9355.html + https://github.com/danfruehauf/NetworkManager-ssh/pull/98 + https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4 + https://bugzilla.redhat.com/show_bug.cgi?id=1803499 + https://github.com/danfruehauf/NetworkManager-ssh/releases/tag/1.2.11 + + + + + + + + + + CVE-2020-9359 on Ubuntu 20.04 (focal) - medium. + KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954891 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9359.html + https://kde.org/info/security/advisory-20200312-1.txt + https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC) + https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TY3O6UWX2XTP7PISPTZ6FYRDFU4UF66/ + + + + + + + + + + CVE-2020-9365 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-24 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952471 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9365.html + https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b + https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e + + + + + + + + + + CVE-2020-9428 on Ubuntu 20.04 (focal) - low. + In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9428.html + https://www.wireshark.org/security/wnpa-sec-2020-05.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2 + + + + + + + + + + CVE-2020-9430 on Ubuntu 20.04 (focal) - low. + In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9430.html + https://www.wireshark.org/security/wnpa-sec-2020-04.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368 + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790 + + + + + + + + + + CVE-2020-9431 on Ubuntu 20.04 (focal) - low. + In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-27 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9431.html + https://www.wireshark.org/security/wnpa-sec-2020-03.html + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341 + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850 + + + + + + + + + + CVE-2020-9440 on Ubuntu 20.04 (focal) - medium. + A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9440.html + https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed + + + + + + + + + + CVE-2020-9481 on Ubuntu 20.04 (focal) - medium. + Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9481.html + https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E + + + + + + + + + + CVE-2020-9484 on Ubuntu 20.04 (focal) - low. + When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-20 19:15:00 UTC + 2020-05-20 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961209 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9484.html + https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5) + https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222 (9.0.35) + https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f (8.5.55) + https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06 (7.0.104) + https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E + https://ubuntu.com/security/notices/USN-4448-1 + https://ubuntu.com/security/notices/USN-4596-1 + + + + + + + + + + CVE-2020-9488 on Ubuntu 20.04 (focal) - medium. + Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9488.html + https://www.openwall.com/lists/oss-security/2020/04/25/1 + https://issues.apache.org/jira/browse/LOG4J2-2819 + https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x) + https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master) + + + + + + + + + + CVE-2020-9489 on Ubuntu 20.04 (focal) - medium. + A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9489.html + https://www.openwall.com/lists/oss-security/2020/04/24/1 + + + + + + + + + + CVE-2020-9494 on Ubuntu 20.04 (focal) - medium. + Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-24 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963629 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9494.html + https://lists.apache.org/thread.html/rf7f86917f42fdaf904d99560cba0c016e03baea6244c47efeb60ecbe%40%3Cdev.trafficserver.apache.org%3E + + + + + + + + + + CVE-2020-9543 on Ubuntu 20.04 (focal) - medium. + OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-12 17:15:00 UTC + 2020-03-10 15:00:00 UTC + https://bugs.launchpad.net/manila/+bug/1861485 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9543.html + + + + + + + + + + CVE-2020-9546 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9546.html + https://github.com/FasterXML/jackson-databind/issues/2631 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-9547 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9547.html + https://github.com/FasterXML/jackson-databind/issues/2634 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-9548 on Ubuntu 20.04 (focal) - medium. + FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9548.html + https://github.com/FasterXML/jackson-databind/issues/2634 + https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + + + + + + + + + + CVE-2020-9549 on Ubuntu 20.04 (focal) - medium. + In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bounds write via a crafted PDF document. It was discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service (system crash) or arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 05:15:00 UTC + 2020-03-02 05:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952948 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9549.html + https://github.com/enferex/pdfresurrect/issues/8 + https://ubuntu.com/security/notices/USN-4642-1 + + + + + + + + + + CVE-2020-9759 on Ubuntu 20.04 (focal) - medium. + A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-23 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9759.html + https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html + https://security.gentoo.org/glsa/202003-51 + https://weechat.org/doc/security/ + + + + + + + + + + CVE-2020-9760 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-23 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9760.html + https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html + https://security.gentoo.org/glsa/202003-51 + https://weechat.org/doc/security/ + + + + + + + + + + CVE-2020-9770 on Ubuntu 20.04 (focal) - low. + A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9770.html + https://support.apple.com/HT211102 + https://friends.cs.purdue.edu/pubs/WOOT20.pdf + + + + amurray| For Ubuntu this only appears to affect gatttool from bluez. Marking this as low priority since this tool is not running or enabled by default (and is deprecated in favour of bluetoothctl). mdeslaur> no upstream fix as of 2021-05-26 + + + + + + + + + CVE-2020-9794 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9794.html + https://vuldb.com/?id.155768 + + + + mdeslaur> This may be an Apple-specific CVE, as of 2021-02-08, no details mdeslaur> are available as to what the upstream fix is. + + + + + + + + + + + + CVE-2020-9802 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 17:15:00 UTC + 2020-07-13 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9802.html + https://ubuntu.com/security/notices/USN-4422-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-9803 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 17:15:00 UTC + 2020-07-13 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9803.html + https://ubuntu.com/security/notices/USN-4422-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-9805 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 17:15:00 UTC + 2020-07-13 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9805.html + https://ubuntu.com/security/notices/USN-4422-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-9806 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 17:15:00 UTC + 2020-07-13 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9806.html + https://ubuntu.com/security/notices/USN-4422-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-9807 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 17:15:00 UTC + 2020-07-13 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9807.html + https://ubuntu.com/security/notices/USN-4422-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-9843 on Ubuntu 20.04 (focal) - medium. + An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 17:15:00 UTC + 2020-07-13 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9843.html + https://ubuntu.com/security/notices/USN-4422-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-9849 on Ubuntu 20.04 (focal) - low. + An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9849.html + https://support.apple.com/en-us/HT211931 + https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9849/ + + + + mdeslaur> This may be an Apple-specific CVE, as of 2021-02-08, no details mdeslaur> are available as to what the upstream fix is. + + + + + + + + + + + + CVE-2020-9850 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 17:15:00 UTC + 2020-07-13 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9850.html + https://ubuntu.com/security/notices/USN-4422-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + CVE-2020-9862 on Ubuntu 20.04 (focal) - medium. + A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-07-29 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9862.html + https://webkitgtk.org/security/WSA-2020-0007.html + https://ubuntu.com/security/notices/USN-4444-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9893 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-07-29 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9893.html + https://webkitgtk.org/security/WSA-2020-0007.html + https://ubuntu.com/security/notices/USN-4444-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9894 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-07-29 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9894.html + https://webkitgtk.org/security/WSA-2020-0007.html + https://ubuntu.com/security/notices/USN-4444-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9895 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-07-29 00:00:00 UTC + Wen Xu + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9895.html + https://webkitgtk.org/security/WSA-2020-0007.html + https://ubuntu.com/security/notices/USN-4444-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9915 on Ubuntu 20.04 (focal) - medium. + An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-07-29 00:00:00 UTC + Ayoub AIT ELMOKHTAR + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9915.html + https://webkitgtk.org/security/WSA-2020-0007.html + https://ubuntu.com/security/notices/USN-4444-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9925 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-07-29 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9925.html + https://webkitgtk.org/security/WSA-2020-0007.html + https://ubuntu.com/security/notices/USN-4444-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9947 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9947.html + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9948 on Ubuntu 20.04 (focal) - medium. + A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-11-24 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9948.html + https://webkitgtk.org/security/WSA-2020-0008.html + https://ubuntu.com/security/notices/USN-4648-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9951 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-11-24 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9951.html + https://webkitgtk.org/security/WSA-2020-0008.html + https://ubuntu.com/security/notices/USN-4648-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9952 on Ubuntu 20.04 (focal) - medium. + An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-11-24 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9952.html + https://webkitgtk.org/security/WSA-2020-0008.html + https://ubuntu.com/security/notices/USN-4648-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9983 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-11-24 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9983.html + https://webkitgtk.org/security/WSA-2020-0008.html + https://ubuntu.com/security/notices/USN-4648-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2020-9991 on Ubuntu 20.04 (focal) - low. + This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9991.html + https://support.apple.com/en-us/HT211931 + https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/ + + + + mdeslaur> This may be an Apple-specific CVE, as of 2021-02-08, no details mdeslaur> are available as to what the upstream fix is. + + + + + + + + + + + + CVE-2021-0089 on Ubuntu 20.04 (focal) - medium. + Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-0089.html + https://xenbits.xen.org/xsa/advisory-375.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html + http://www.openwall.com/lists/oss-security/2021/06/10/1 + http://www.openwall.com/lists/oss-security/2021/06/10/11 + http://www.openwall.com/lists/oss-security/2021/06/10/10 + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2021-0129 on Ubuntu 20.04 (focal) - medium. + Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 20:15:00 UTC + 2021-06-08 17:00:00 UTC + 2021-06-08 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-0129.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d19628f539fccf899298ff02ee4c73e4bf6df3f + https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738 + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html + https://ubuntu.com/security/notices/USN-5018-1 + https://ubuntu.com/security/notices/USN-5017-1 + + + + amurray| INTEL-SA-00517 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-0308 on Ubuntu 20.04 (focal) - low. + In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-0308.html + https://sourceforge.net/p/gptfdisk/code/ci/f523bbc0c2437fe259aa3aff5e819e24101aee29 + https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5 + https://sourceforge.net/p/gptfdisk/mailman/message/37196701/ + + + + sbeattie> requires reading malicious device + + + + + + + + + CVE-2021-0448 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-0448.html + https://source.android.com/security/bulletin/pixel/2021-03-01 + + + + Debian> Duplicate of CVE-2020-25211, Android Security team contacted sbeattie| looks like Android updated their bulletin to correctly reflect CVE-2020-25211. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-0512 on Ubuntu 20.04 (focal) - medium. + In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-21 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-0512.html + https://git.kernel.org/linus/ed9be64eefe26d7d8b0b5b9fa3ffdf425d87a01f + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-0605 on Ubuntu 20.04 (focal) - medium. + In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-22 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-0605.html + https://git.kernel.org/linus/37bd22420f856fcd976989f1d4f1f7ad28e1fcac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-0606 on Ubuntu 20.04 (focal) - medium. + In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-22 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-0606.html + https://source.android.com/security/bulletin/pixel/2021-06-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-1076 on Ubuntu 20.04 (focal) - high. + NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 23:15:00 UTC + 2021-04-19 + 2021-04-19 + https://bugs.launchpad.net/bugs/1923062 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1076.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5172 + https://ubuntu.com/security/notices/USN-4935-1 + + + + sbeattie> issues are in nvidia drivers, but kernels need to be respun to handle drivers mdeslaur> some binary drivers are no longer support by NVidia, so they mdeslaur> are marked as ignored here + + + + + + + + + + + + + + + + + + + + + + CVE-2021-1077 on Ubuntu 20.04 (focal) - medium. + NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 23:15:00 UTC + 2021-04-19 + 2021-04-19 + https://bugs.launchpad.net/bugs/1923062 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1077.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5172 + https://ubuntu.com/security/notices/USN-4935-1 + + + + sbeattie> issue is in nvidia drivers, but kernels need to be respun to handle drivers mdeslaur> some binary drivers are no longer support by NVidia, so they mdeslaur> are marked as ignored here + + + + + + + + + + + + + + + + + + + + + + CVE-2021-1093 on Ubuntu 20.04 (focal) - medium. + NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to Denial of Service or system crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-20 16:00:00 +0000 + 2021-07-20 16:00:00 +0000 + 2021-07-20 16:00:00 +0000 + https://bugs.launchpad.net/ubuntu/+bug/1933980 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1093.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5211 + https://ubuntu.com/security/notices/USN-5019-1 + + + + mdeslaur> some binary drivers are no longer support by NVidia, so they mdeslaur> are marked as ignored here + + + + + + + + + + + + + + + + + + + + + + CVE-2021-1094 on Ubuntu 20.04 (focal) - medium. + NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-20 16:00:00 +0000 + 2021-07-20 16:00:00 +0000 + 2021-07-20 16:00:00 +0000 + https://bugs.launchpad.net/ubuntu/+bug/1933980 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1094.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5211 + https://ubuntu.com/security/notices/USN-5019-1 + + + + mdeslaur> some binary drivers are no longer support by NVidia, so they mdeslaur> are marked as ignored here + + + + + + + + + + + + + + + + + + + + + + CVE-2021-1095 on Ubuntu 20.04 (focal) - medium. + NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where an untrusted pointer dereference may lead to denial of service + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-20 16:00:00 +0000 + 2021-07-20 16:00:00 +0000 + 2021-07-20 16:00:00 +0000 + https://bugs.launchpad.net/ubuntu/+bug/1933980 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1095.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5211 + https://ubuntu.com/security/notices/USN-5019-1 + + + + mdeslaur> some binary drivers are no longer support by NVidia, so they mdeslaur> are marked as ignored here + + + + + + + + + + + + + + + + + + + + + + CVE-2021-1765 on Ubuntu 20.04 (focal) - medium. + This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 18:15:00 UTC + 2021-03-24 00:00:00 UTC + Eliya Stein + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1765.html + https://webkitgtk.org/security/WSA-2021-0002.html + https://ubuntu.com/security/notices/USN-4894-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-1788 on Ubuntu 20.04 (focal) - medium. + A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 18:15:00 UTC + 2021-04-02 18:15:00 UTC + Francisco Alonso + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1788.html + https://webkitgtk.org/security/WSA-2021-0003.html + https://ubuntu.com/security/notices/USN-4939-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-1789 on Ubuntu 20.04 (focal) - medium. + A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 18:15:00 UTC + 2021-03-24 00:00:00 UTC + @S0rryMybad of 360 Vulcan Team + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1789.html + https://webkitgtk.org/security/WSA-2021-0002.html + https://ubuntu.com/security/notices/USN-4894-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-1799 on Ubuntu 20.04 (focal) - medium. + A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 19:15:00 UTC + 2021-03-24 00:00:00 UTC + Gregory Vishnepolsky, Ben Seriy, and Samy Kamkar + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1799.html + https://webkitgtk.org/security/WSA-2021-0002.html + https://ubuntu.com/security/notices/USN-4894-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-1801 on Ubuntu 20.04 (focal) - medium. + This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 19:15:00 UTC + 2021-03-24 00:00:00 UTC + Eliya Stein + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1801.html + https://webkitgtk.org/security/WSA-2021-0002.html + https://ubuntu.com/security/notices/USN-4894-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-1844 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 19:15:00 UTC + 2021-04-02 19:15:00 UTC + Clément Lecigne, Alison Huffman + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1844.html + https://webkitgtk.org/security/WSA-2021-0003.html + https://ubuntu.com/security/notices/USN-4939-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-1870 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 19:15:00 UTC + 2021-03-24 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1870.html + https://webkitgtk.org/security/WSA-2021-0002.html + https://ubuntu.com/security/notices/USN-4894-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-1871 on Ubuntu 20.04 (focal) - medium. + A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 19:15:00 UTC + 2021-04-02 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1871.html + https://webkitgtk.org/security/WSA-2021-0003.html + https://ubuntu.com/security/notices/USN-4939-1 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-1998 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1998.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.0 only + + + + + + + + + + + + CVE-2021-2001 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2001.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2002 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2002.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.0 only + + + + + + + + + + + + CVE-2021-2006 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2006.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2007 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2007.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2009 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2009.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2010 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2010.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2011 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2011.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2012 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2012.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2014 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 5.7.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2014.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2016 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2016.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20176 on Ubuntu 20.04 (focal) - low. + A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-06 00:15:00 UTC + 2021-02-06 00:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/3077 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20176.html + https://ubuntu.com/security/notices/USN-4988-1 + + + + + + + + + + CVE-2021-20177 on Ubuntu 20.04 (focal) - low. + A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected. It was discovered that the netfilter subsystem in the Linux kernel did not properly handle filter rules in some situations. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 21:15:00 UTC + 2021-01-12 00:00:00 UTC + https://bugzilla.kernel.org/show_bug.cgi?id=209823 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20177.html + https://bugzilla.kernel.org/show_bug.cgi?id=209823 + https://ubuntu.com/security/notices/USN-4750-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-20178 on Ubuntu 20.04 (focal) - medium. + A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20178.html + https://bugzilla.redhat.com/show_bug.cgi?id=1914774 + https://github.com/ansible-collections/community.general/pull/1621 + + + + + + + + + + CVE-2021-20179 on Ubuntu 20.04 (focal) - high. + A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-03-15 13:15:00 UTC + Fraser Tweedale, Geetika Kapoor + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20179.html + https://bugzilla.redhat.com/show_bug.cgi?id=1914379 + + + + + + + + + + CVE-2021-20180 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-18 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20180.html + https://bugzilla.redhat.com/show_bug.cgi?id=1915808 + + + + + + + + + + CVE-2021-20181 on Ubuntu 20.04 (focal) - medium. + A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 16:15:00 UTC + 2021-02-01 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20181.html + https://ubuntu.com/security/notices/USN-4725-1 + + + + + + + + + + CVE-2021-2019 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2019.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20190 on Ubuntu 20.04 (focal) - medium. + A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-19 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20190.html + https://github.com/FasterXML/jackson-databind/issues/2854 + https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a + https://bugzilla.redhat.com/show_bug.cgi?id=1916633 + + + + + + + + + + CVE-2021-20191 on Ubuntu 20.04 (focal) - medium. + A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20191.html + https://bugzilla.redhat.com/show_bug.cgi?id=1916813 + + + + + + + + + + CVE-2021-20193 on Ubuntu 20.04 (focal) - low. + A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980525 + https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20193.html + https://savannah.gnu.org/bugs/?59897 + https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777 + + + + sbeattie> the tar command failed to free memory. As this is a command line tool denial of service, this has been rated as priority low + + + + + + + + + CVE-2021-20194 on Ubuntu 20.04 (focal) - low. + There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 23:15:00 UTC + 2021-02-23 23:15:00 UTC + Loris Reiff + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20194.html + https://bugzilla.redhat.com/show_bug.cgi?id=1912683 + https://patchwork.kernel.org/project/netdevbpf/patch/20210122164232.61770-1-loris.reiff@liblor.ch/#23921223 + https://ubuntu.com/security/notices/USN-4879-1 + https://ubuntu.com/security/notices/USN-4884-1 + https://ubuntu.com/security/notices/USN-4909-1 + https://ubuntu.com/security/notices/USN-4912-1 + + + + sbeattie| for 5.8 kernels, HARDENED_USERCOPY is enabled, and so is less likely to be vulnerable to code execution. Also, user BPF is disabled if booted under secure boot/lockdown. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-20196 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + Gaoning Pan + https://bugzilla.redhat.com/show_bug.cgi?id=1919210 + https://bugs.launchpad.net/qemu/+bug/1912780 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20196.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html + https://www.openwall.com/lists/oss-security/2021/01/28/1 + + + + mdeslaur> as of 2021-07-08, proposed patch has not been commited upstream + + + + + + + + + + + + CVE-2021-20197 on Ubuntu 20.04 (focal) - low. + There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 17:15:00 UTC + Rich Felker + https://sourceware.org/bugzilla/show_bug.cgi?id=26945 + https://bugzilla.redhat.com/show_bug.cgi?id=1951278#c3 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20197.html + + + + mdeslaur> see RH bug 1951278 for possible regression + + + + + + + + + CVE-2021-2020 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2020.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20201 on Ubuntu 20.04 (focal) - low. + A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 11:15:00 UTC + https://gitlab.freedesktop.org/spice/spice/-/issues/49 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20201.html + https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks + + + + leosilva> Issues that touch python_modules for spice in Xenial leosilva> need to be addressed in spice-protocol. + + + + + + + + + CVE-2021-20203 on Ubuntu 20.04 (focal) - low. + An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-25 20:15:00 UTC + Gaoning Pan + https://bugs.launchpad.net/qemu/+bug/1913873 + https://bugs.launchpad.net/qemu/+bug/1890152 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20203.html + https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html + + + + mdeslaur> as of 2021-07-08, proposed patch has not been commited upstream + + + + + + + + + CVE-2021-20204 on Ubuntu 20.04 (focal) - medium. + A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 15:15:00 UTC + Carlos Andres Ramirez + unknown + https://bugs.launchpad.net/ubuntu/+source/libgetdata/+bug/1912050 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20204.html + + + + + + + + + + CVE-2021-20208 on Ubuntu 20.04 (focal) - low. + A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20208.html + https://bugzilla.samba.org/show_bug.cgi?id=14651 + https://lists.samba.org/archive/samba-technical/2021-April/136467.html + https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=e461afd8cfa6d0781ae0c5c10e89b6ef1ca6da32 + https://bugzilla.redhat.com/show_bug.cgi?id=1921116 + + + + + + + + + + CVE-2021-2021 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2021.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20216 on Ubuntu 20.04 (focal) - low. + A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 19:15:00 UTC + 2021-02-05 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20216.html + https://www.openwall.com/lists/oss-security/2021/01/31/2 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31) + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20217 on Ubuntu 20.04 (focal) - low. + A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 19:15:00 UTC + 2021-02-05 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20217.html + https://www.openwall.com/lists/oss-security/2021/01/31/2 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5bba5b89193fa2eeea51aa39fb6525c47b59a82a (3.0.31) + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-2022 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2022.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20220 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20220.html + https://bugzilla.redhat.com/show_bug.cgi?id=1923133 + + + + sbeattie> CVE for incomplete fix for CVE-2020-10687, after 2.0.30.SP4 + + + + + + + + + CVE-2021-20221 on Ubuntu 20.04 (focal) - low. + An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 16:15:00 UTC + 2021-05-13 16:15:00 UTC + https://bugs.launchpad.net/qemu/+bug/1914353 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20221.html + https://www.openwall.com/lists/oss-security/2021/02/05/1 + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-20225 on Ubuntu 20.04 (focal) - medium. + A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that the option parser in GRUB 2 contained a heap overflow vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 17:15:00 UTC + 2021-03-02 18:00:00 UTC + 2021-03-02 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20225.html + https://ubuntu.com/security/notices/USN-4992-1 + + + + sbeattie| grub2-unsigned will contain fixes and supersede grub2, which will contain only BIOS grub bits. + + + + + + + + + + + + CVE-2021-20226 on Ubuntu 20.04 (focal) - medium. + A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 17:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20226 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20226.html + https://www.zerodayinitiative.com/advisories/ZDI-21-001/ + https://www.openwall.com/lists/oss-security/2021/02/05/4 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-20228 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20228.html + https://bugzilla.redhat.com/show_bug.cgi?id=1925002 + https://github.com/ansible/ansible/pull/73487 + + + + + + + + + + CVE-2021-20230 on Ubuntu 20.04 (focal) - medium. + A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20230.html + https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9 + https://bugzilla.redhat.com/show_bug.cgi?id=1925226 + + + + + + + + + + CVE-2021-20231 on Ubuntu 20.04 (focal) - low. + A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-12 19:15:00 UTC + https://gitlab.com/gnutls/gnutls/-/issues/1151 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20231.html + https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10 + + + + + + + + + + CVE-2021-20232 on Ubuntu 20.04 (focal) - low. + A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-12 19:15:00 UTC + https://gitlab.com/gnutls/gnutls/-/issues/1151 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20232.html + https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10 + + + + + + + + + + CVE-2021-20233 on Ubuntu 20.04 (focal) - medium. + A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that the menu rendering implementation in GRUB 2 did not properly calculate the amount of memory needed in some situations, leading to out-of-bounds writes. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 17:15:00 UTC + 2021-03-02 18:00:00 UTC + 2021-03-02 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20233.html + https://ubuntu.com/security/notices/USN-4992-1 + + + + sbeattie| grub2-unsigned will contain fixes and supersede grub2, which will contain only BIOS grub bits. + + + + + + + + + + + + CVE-2021-20234 on Ubuntu 20.04 (focal) - low. + An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20234.html + https://github.com/zeromq/libzmq/pull/3918 + https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123 + + + + + + + + + + CVE-2021-20235 on Ubuntu 20.04 (focal) - medium. + There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 14:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20235.html + https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 + + + + + + + + + + CVE-2021-20236 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 11:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20236.html + https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 + + + + + + + + + + CVE-2021-20237 on Ubuntu 20.04 (focal) - low. + An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 11:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22344 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20237.html + https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw + + + + + + + + + + CVE-2021-20239 on Ubuntu 20.04 (focal) - low. + A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 11:15:00 UTC + 2021-02-17 00:00:00 UTC + Ryota Shiga + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20239.html + https://www.zerodayinitiative.com/advisories/ZDI-21-100/ + https://gist.github.com/Ga-ryo/2ec958e78f55c5d18558960f3fe1c6ec + https://ubuntu.com/security/notices/USN-4878-1 + https://ubuntu.com/security/notices/USN-4910-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-2024 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2024.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20241 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20241.html + https://github.com/ImageMagick/ImageMagick/pull/3177 + + + + + + + + + + CVE-2021-20243 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20243.html + https://github.com/ImageMagick/ImageMagick/pull/3193 + + + + mdeslaur> same commit as CVE-2021-20241 + + + + + + + + + CVE-2021-20244 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20244.html + https://github.com/ImageMagick/ImageMagick/pull/3194 + + + + debian> In IM6 the code seems to be in magick/fx.c + + + + + + + + + CVE-2021-20245 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 19:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/3176 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20245.html + + + + + + + + + + CVE-2021-20246 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 19:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/3195 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20246.html + + + + + + + + + + CVE-2021-20247 on Ubuntu 20.04 (focal) - low. + A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20247.html + https://www.openwall.com/lists/oss-security/2021/02/22/1 + + + + + + + + + + CVE-2021-20255 on Ubuntu 20.04 (focal) - medium. + A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 20:15:00 UTC + Sergej Schumilo, Cornelius Aschermann, Simon Werner + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20255.html + https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html + https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1 + https://www.openwall.com/lists/oss-security/2021/02/25/1 + + + + mdeslaur> as of 2021-07-08, proposed patch has not been commited upstream + + + + + + + + + CVE-2021-20257 on Ubuntu 20.04 (focal) - medium. + net: e1000: infinite loop while processing transmit descriptors + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 00:00:00 UTC + 2021-02-23 00:00:00 UTC + Alexander Bulekov, Cheolwoo Myung, Sergej Schumilo, Cornelius Aschermann, Simon Werner + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20257.html + https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html + https://www.openwall.com/lists/oss-security/2021/02/25/2 + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-20266 on Ubuntu 20.04 (focal) - low. + A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-30 12:15:00 UTC + Demi M. Obenour + https://bugzilla.redhat.com/show_bug.cgi?id=1927741 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985308 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20266.html + + + + seth-arnold> Only debugedit and librpmio9 binary packages are in main, and triaged with view to how they are used in the build process as described in https://bugs.launchpad.net/ubuntu/+source/rpm/+bug/1913871 + + + + + + + + + CVE-2021-20267 on Ubuntu 20.04 (focal) - medium. + A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 19:15:00 UTC + David Sinquin + https://bugs.launchpad.net/neutron/+bug/1902917 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20267.html + https://review.opendev.org/c/openstack/neutron/+/776599 + + + + mdeslaur> per upstream Affects: <15.3.3, >=16.0.0 <16.3.1, >=17.0.0 <17.1.1 mdeslaur> as of 2021-05-13, patch has been flagged as possibly incomplete mdeslaur> see comment #17 in upstream bug. mdeslaur> addditional patch: https://review.opendev.org/c/openstack/neutron/+/783743 mdeslaur> Second patch not included in 16.3.2 in focal-updates and mdeslaur> 17.1.2 in groovy-proposed. + + + + + + + + + CVE-2021-20268 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. It was discovered that the BPF verifier in the Linux kernel did not properly handle signed add32 and sub integer overflows. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 18:15:00 UTC + 2021-03-09 18:15:00 UTC + De4dCr0w + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20268.html + https://www.zerodayinitiative.com/advisories/ZDI-21-101/ + https://git.kernel.org/linus/bc895e8b2a64e502fbba72748d59618272052a8b + https://ubuntu.com/security/notices/USN-4910-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-20269 on Ubuntu 20.04 (focal) - low. + [incorrect permissions on kdump dmesg file] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-12 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20269.html + https://www.openwall.com/lists/oss-security/2021/03/11/2 + + + + + + + + + + CVE-2021-20270 on Ubuntu 20.04 (focal) - medium. + An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 17:15:00 UTC + 2021-03-09 00:00:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984664 + https://github.com/pygments/pygments/issues/1625 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20270.html + https://ubuntu.com/security/notices/USN-4885-1 + + + + + + + + + + CVE-2021-20271 on Ubuntu 20.04 (focal) - low. + A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 17:15:00 UTC + Demi M. Obenour + https://bugzilla.redhat.com/show_bug.cgi?id=1934125 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985308 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20271.html + + + + seth-arnold> Only debugedit and librpmio9 binary packages are in main, and triaged with view to how they are used in the build process as described in https://bugs.launchpad.net/ubuntu/+source/rpm/+bug/1913871 + + + + + + + + + CVE-2021-20272 on Ubuntu 20.04 (focal) - medium. + A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 14:15:00 UTC + 2021-03-09 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20272.html + https://www.openwall.com/lists/oss-security/2021/02/28/1 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=2256d7b4d67dd9c364386877d5af59943433458b + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20273 on Ubuntu 20.04 (focal) - medium. + A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 14:15:00 UTC + 2021-03-09 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20273.html + https://www.openwall.com/lists/oss-security/2021/02/28/1 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=e711c505c4830ab271938d61af90a2075523f058 + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20275 on Ubuntu 20.04 (focal) - medium. + A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 14:15:00 UTC + 2021-03-09 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20275.html + https://www.openwall.com/lists/oss-security/2021/02/28/1 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=a912ba7bc9ce5855a810d09332e9d94566ce1521 + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20276 on Ubuntu 20.04 (focal) - medium. + A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 14:15:00 UTC + 2021-03-09 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20276.html + https://www.openwall.com/lists/oss-security/2021/02/28/1 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=28512e5b62457f0ff6f2d72e3e5c9226b9e0203d + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-2028 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2028.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20284 on Ubuntu 20.04 (focal) - low. + A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 17:15:00 UTC + Hao Wang + https://sourceware.org/bugzilla/show_bug.cgi?id=26931 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20284.html + + + + + + + + + + CVE-2021-20285 on Ubuntu 20.04 (focal) - low. + A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 17:15:00 UTC + Hao Wang + https://github.com/upx/upx/commit/3781df9da23840e596d5e9e8493f22666802fe6c + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20285.html + + + + + + + + + + CVE-2021-20286 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20286.html + + + + + + + + + + CVE-2021-20288 on Ubuntu 20.04 (focal) - medium. + An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that Ceph contained an authentication flaw, leading to key reuse. An attacker could use this to cause a denial of service or possibly impersonate another user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-15 15:15:00 UTC + 2021-04-15 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986974 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20288.html + https://www.openwall.com/lists/oss-security/2021/04/14/2 + https://docs.ceph.com/en/latest/security/CVE-2021-20288/#cve-2021-20288 + https://ubuntu.com/security/notices/USN-4998-1 + + + + mdeslaur> this is fixed in 15.2.11 in focal-updates and groovy-updates, mdeslaur> and 16.2.1 in hirsute-updates but has not been pushed to the mdeslaur> security pocket + + + + + + + + + CVE-2021-20289 on Ubuntu 20.04 (focal) - low. + A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 17:15:00 UTC + Dirk Papenberg + https://bugzilla.redhat.com/show_bug.cgi?id=1935927 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20289.html + + + + + + + + + + + + + CVE-2021-20291 on Ubuntu 20.04 (focal) - medium. + A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20291.html + https://bugzilla.redhat.com/show_bug.cgi?id=1939485 + + + + + + + + + + CVE-2021-20292 on Ubuntu 20.04 (focal) - low. + There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 11:15:00 UTC + 2021-03-24 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20292.html + https://bugzilla.redhat.com/show_bug.cgi?id=1939686 + https://git.kernel.org/linus/5de5b6ecf97a021f29403aa272cb4e03318ef586 + https://ubuntu.com/security/notices/USN-4946-1 + + + + sbeattie> kernels with CONFIG_SLAB_FREELIST_HARDENED=y (which Ubuntu enables) are probably not affected. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-20293 on Ubuntu 20.04 (focal) - medium. + A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 12:15:00 UTC + Jeremy Bonghwan Choi, Ted Jongseok Won + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20293.html + https://bugzilla.redhat.com/show_bug.cgi?id=1942819 + + + + + + + + + + + + + CVE-2021-20294 on Ubuntu 20.04 (focal) - negligible. + A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 16:15:00 UTC + Hao Wang + https://sourceware.org/bugzilla/show_bug.cgi?id=26929 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20294.html + + + + + + + + + + CVE-2021-20296 on Ubuntu 20.04 (focal) - low. + A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 14:15:00 UTC + 2021-04-01 14:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854 + https://bugzilla.redhat.com/show_bug.cgi?id=1939141 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20296.html + https://ubuntu.com/security/notices/USN-4996-1 + https://ubuntu.com/security/notices/USN-4996-2 + + + + + + + + + + CVE-2021-20298 on Ubuntu 20.04 (focal) - negligible. + OpenEXR: Out-of-memory in B44Compressor + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 23:46:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20298.html + https://access.redhat.com/security/cve/CVE-2021-20298 + + + + + + + + + + CVE-2021-2030 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2030.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20300 on Ubuntu 20.04 (focal) - medium. + components for: CVE-2021-20300 OpenEXR: Integer-overflow in Imf_2_5::hufUncompress + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 23:46:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20300.html + https://access.redhat.com/security/cve/CVE-2021-20300 + + + + + + + + + + CVE-2021-20302 on Ubuntu 20.04 (focal) - low. + OpenEXR: Floating-point-exception in Imf_2_5::precalculateTileInfot + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 23:46:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20302.html + https://access.redhat.com/security/cve/CVE-2021-20302 + + + + + + + + + + CVE-2021-20303 on Ubuntu 20.04 (focal) - medium. + OpenEXR: Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 23:46:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20303.html + https://access.redhat.com/security/cve/CVE-2021-20303 + + + + + + + + + + CVE-2021-20304 on Ubuntu 20.04 (focal) - medium. + OpenEXR: Undefined-shift in Imf_2_5::hufDecode + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 23:46:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20304.html + https://access.redhat.com/security/cve/CVE-2021-20304 + + + + + + + + + + CVE-2021-20305 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-05 22:15:00 UTC + 2021-04-05 22:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985652 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20305.html + https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html + https://ubuntu.com/security/notices/USN-4906-1 + + + + + + + + + + CVE-2021-20307 on Ubuntu 20.04 (focal) - medium. + Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-05 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985249 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20307.html + https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/ + https://bugzilla.redhat.com/show_bug.cgi?id=1946284 + + + + + + + + + + CVE-2021-20308 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-05 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20308.html + https://github.com/michaelrsweet/htmldoc/issues/423 + https://bugzilla.redhat.com/show_bug.cgi?id=1946289 + + + + + + + + + + CVE-2021-20309 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20309.html + + + + + + + + + + CVE-2021-2031 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2031.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20312 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20312.html + + + + + + + + + + CVE-2021-20313 on Ubuntu 20.04 (focal) - low. + A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20313.html + + + + mdeslaur> same fix as CVE-2021-20312 + + + + + + + + + CVE-2021-2032 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2032.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20326 on Ubuntu 20.04 (focal) - medium. + A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-30 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20326.html + https://jira.mongodb.org/browse/SERVER-53929 + + + + + + + + + + CVE-2021-20328 on Ubuntu 20.04 (focal) - low. + Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-25 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20328.html + https://jira.mongodb.org/browse/JAVA-4017 + https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234 + + + + + + + + + + CVE-2021-20329 on Ubuntu 20.04 (focal) - low. + Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20329.html + https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1 + + + + + + + + + + CVE-2021-20335 on Ubuntu 20.04 (focal) - medium. + For MongoDB Ops Manager <= 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager <= 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted*.* Customers upgrading from Ops Manager 4.2.X to 4.2.24 and finally to Ops Manager 4.4.13+ are unaffected by this issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-11 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20335.html + https://docs-opsmanager-staging.mongodb.com/docsworker-xlarge/DOCSP-14164/release-notes/application.html + + + + + + + + + + CVE-2021-2036 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2036.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2038 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2038.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2042 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2042.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2046 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2046.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2048 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2048.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2055 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2055.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2056 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2056.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2058 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2058.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2060 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2060.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2061 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2061.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2065 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2065.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2070 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2070.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-20718 on Ubuntu 20.04 (focal) - medium. + mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-20 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20718.html + https://github.com/zmartzone/mod_auth_openidc + https://jvn.jp/en/jp/JVN49704918/index.html + https://www.zmartzone.eu/ + + + + + + + + + + CVE-2021-2072 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2072.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2073 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2073.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-2074 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2074.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-2076 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2076.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2081 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2081.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2086 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2086.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-2087 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2087.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2088 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2088.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2111 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2111.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-2112 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2112.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-2119 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2119.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-2120 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2120.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-2121 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2121.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-2122 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2122.html + https://www.oracle.com/security-alerts/cpujan2021.html + https://ubuntu.com/security/notices/USN-4716-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2123 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2123.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-21236 on Ubuntu 20.04 (focal) - medium. + CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1. See Referenced GitHub advisory for more information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-06 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979597 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21236.html + https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf + https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc (2.5.1) + https://github.com/Kozea/CairoSVG/commit/cfc9175e590531d90384aa88845052de53d94bf3 + https://github.com/Kozea/CairoSVG/releases/tag/2.5.1 + https://pypi.org/project/CairoSVG/ + + + + + + + + + + CVE-2020-27955 on Ubuntu 20.04 (focal) - medium. + Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-27955. This issue occurs because on Windows, Go includes (and prefers) the current directory when the name of a command run does not contain a directory separator. Other than avoiding untrusted repositories or using a different operating system, there is no workaround. This is fixed in v2.13.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21237.html + https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a + https://github.com/git-lfs/git-lfs/releases/tag/v2.13.2 + https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5 + + + + + + + + + + CVE-2021-21238 on Ubuntu 20.04 (focal) - low. + PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-21 15:15:00 UTC + Victor Schönfelder Garcia, Juraj Somorovsky, Vladislav Mladenov + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980773 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21238.html + https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9 + https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0 + https://pypi.org/project/pysaml2 + + + + mdeslaur> Fixing this requires the python-xmlschema package, which is mdeslaur> only available on hirsute. Backporting this fix to stable mdeslaur> releases is intrusive and may introduce regressions. + + + + + + + + + CVE-2021-21239 on Ubuntu 20.04 (focal) - medium. + PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only _x509 certificates_ for the verification process of the SAML document signature. This is fixed in PySAML2 6.5.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-21 15:15:00 UTC + mdeslaur + Brian Wolff + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980772 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21239.html + https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62 + https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0 + https://pypi.org/project/pysaml2 + https://www.aleksey.com/pipermail/xmlsec/2013/009717.html + + + + + + + + + + CVE-2021-2124 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2124.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-21240 on Ubuntu 20.04 (focal) - low. + httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 20:15:00 UTC + Ben Caller + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21240.html + https://github.com/httplib2/httplib2/pull/182 + https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m + https://pypi.org/project/httplib2 + + + + mdeslaur> patch will introduce dependency on the pyparsing package + + + + + + + + + CVE-2021-21241 on Ubuntu 20.04 (focal) - medium. + The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token. Version 3.4.5 and version 4.0.0 are patched. As a workaround, if you aren't using authentication tokens - you can set the SECURITY_TOKEN_MAX_AGE to "0" (seconds) which should make the token unusable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21241.html + https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f + https://github.com/Flask-Middleware/flask-security/commit/6d50ee9169acf813257c37b75babe9c28e83542a + https://github.com/Flask-Middleware/flask-security/pull/422 + https://github.com/Flask-Middleware/flask-security/releases/tag/3.4.5 + https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv + https://pypi.org/project/Flask-Security-Too + + + + + + + + + + CVE-2021-2125 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2125.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-21252 on Ubuntu 20.04 (focal) - medium. + The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-13 19:15:00 UTC + Erik Krogh Kristensen + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980892 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980891 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21252.html + https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm + https://github.com/phpmyadmin/phpmyadmin/commit/401eedd288c4e83d69287b97a9f574f231156171 + + + + + + + + + + + + + + CVE-2021-2126 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2126.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-2127 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2127.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-21273 on Ubuntu 20.04 (focal) - medium. + Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21273.html + https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p + https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746 + https://github.com/matrix-org/synapse/pull/8821 + https://github.com/matrix-org/synapse/releases/tag/v1.25.0 + + + + + + + + + + CVE-2021-21274 on Ubuntu 20.04 (focal) - medium. + Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21274.html + https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8 + https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6 + https://github.com/matrix-org/synapse/pull/8950 + https://github.com/matrix-org/synapse/releases/tag/v1.25.0 + + + + + + + + + + CVE-2021-2128 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2128.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-21284 on Ubuntu 20.04 (focal) - medium. + In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-02 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21284.html + https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc + https://docs.docker.com/engine/release-notes/#20103 + https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c + https://github.com/moby/moby/releases/tag/v19.03.15 + https://github.com/moby/moby/releases/tag/v20.10.3 + + + + + + + + + + CVE-2021-21285 on Ubuntu 20.04 (focal) - medium. + In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-02 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21285.html + https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8 + https://docs.docker.com/engine/release-notes/#20103 + https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30 + https://github.com/moby/moby/releases/tag/v19.03.15 + https://github.com/moby/moby/releases/tag/v20.10.3 + + + + + + + + + + CVE-2021-21288 on Ubuntu 20.04 (focal) - untriaged. + CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21288.html + https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08 + https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08 + https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0 + https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5 + https://rubygems.org/gems/carrierwave/ + + + + + + + + + + CVE-2021-21289 on Ubuntu 20.04 (focal) - medium. + Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-02 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21289.html + https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g + https://github.com/sparklemotion/mechanize/commit/aae0b13514a1a0caf93b1cf233733c50e679069a (v2.7.7) + https://github.com/sparklemotion/mechanize/commit/2ac906b26f4a565a0af92df5fb9c8a36c2b75375 (v2.7.7) + https://github.com/sparklemotion/mechanize/commit/f43a3952ab39341136656b0a8b2c8597ba1b4adc (v2.7.7) + https://github.com/sparklemotion/mechanize/commit/b48b12f5db33c5a94a14dfcab8adf3e73cfa0388 (v2.7.7) + https://github.com/sparklemotion/mechanize/commit/63f8779e49664d5e95fae8d42d04c8e373162b3c (v2.7.7) + https://github.com/sparklemotion/mechanize/commit/66a6a1bfa653a5f13274a396a5e5441238656aa0 + https://github.com/sparklemotion/mechanize/releases/tag/v2.7.7 + https://rubygems.org/gems/mechanize/ + + + + + + + + + + CVE-2021-2129 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2129.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-21290 on Ubuntu 20.04 (focal) - medium. + Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21290.html + https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec + https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 + + + + + + + + + + CVE-2021-21295 on Ubuntu 20.04 (focal) - medium. + Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21295.html + https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj + https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4 + https://github.com/Netflix/zuul/pull/980 + + + + + + + + + + CVE-2021-2130 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2130.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-21303 on Ubuntu 20.04 (focal) - untriaged. + Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used "as is" without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-02-05 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21303.html + https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a + https://github.com/helm/helm/releases/tag/v3.5.2 + https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx + + + + + + + + + + CVE-2021-21305 on Ubuntu 20.04 (focal) - untriaged. + CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21305.html + https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08 + https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08 + https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7 + https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4 + https://rubygems.org/gems/carrierwave + + + + + + + + + + CVE-2021-21309 on Ubuntu 20.04 (focal) - medium. + Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983446 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21309.html + https://github.com/redis/redis/pull/8522 + + + + + + + + + + CVE-2021-2131 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2131.html + https://www.oracle.com/security-alerts/cpujan2021.html + + + + + + + + + + CVE-2021-21311 on Ubuntu 20.04 (focal) - medium. + Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-11 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21311.html + https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 + https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 (v4.7.9) + https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 + https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf + https://packagist.org/packages/vrana/adminer + + + + + + + + + + CVE-2021-21317 on Ubuntu 20.04 (focal) - medium. + uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21317.html + https://github.com/ua-parser/uap-core/security/advisories/GHSA-p4pj-mg4r-x6v4 + https://www.npmjs.com/package/uap-core + + + + + + + + + + CVE-2021-21330 on Ubuntu 20.04 (focal) - medium. + aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21330.html + https://github.com/aio-libs/aiohttp/issues/5497 + https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg + https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25 + https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b + https://pypi.org/project/aiohttp/ + + + + + + + + + + CVE-2021-21332 on Ubuntu 20.04 (focal) - medium. + Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 20:15:00 UTC + https://github.com/matrix-org/synapse/pull/9200 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21332.html + https://github.com/matrix-org/synapse/releases/tag/v1.27.0 + https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899 + + + + + + + + + + CVE-2021-21333 on Ubuntu 20.04 (focal) - low. + Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 20:15:00 UTC + https://github.com/matrix-org/synapse/pull/9200 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21333.html + https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df + https://github.com/matrix-org/synapse/pull/9200 + https://github.com/matrix-org/synapse/releases/tag/v1.27.0 + https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm + + + + + + + + + + CVE-2021-21334 on Ubuntu 20.04 (focal) - medium. + In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-10 22:15:00 UTC + 2021-03-05 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21334.html + https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4 + https://ubuntu.com/security/notices/USN-4881-1 + + + + + + + + + + CVE-2021-21341 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21341.html + https://github.com/x-stream/xstream/security/advisories/GHSA-2p3x-qw9c-25hh + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21341.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21342 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21342.html + https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21342.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21343 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21343.html + https://github.com/x-stream/xstream/security/advisories/GHSA-74cv-f58x-f9wf + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21343.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21344 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21344.html + https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3 + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21344.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21345 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21345.html + https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4 + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21345.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21346 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21346.html + https://github.com/x-stream/xstream/security/advisories/GHSA-4hrm-m67v-5cxr + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21346.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21347 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21347.html + https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21347.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21348 on Ubuntu 20.04 (focal) - low. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21348.html + https://github.com/x-stream/xstream/security/advisories/GHSA-56p8-3fh9-4cvq + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21348.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21349 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21349.html + https://github.com/x-stream/xstream/security/advisories/GHSA-f6hm-88x3-mfjv + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21349.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21350 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21350.html + https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21350.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21351 on Ubuntu 20.04 (focal) - medium. + XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 00:15:00 UTC + 2021-03-23 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985843 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21351.html + https://github.com/x-stream/xstream/security/advisories/GHSA-hrcp-8f3q-4w2c + http://x-stream.github.io/changes.html#1.4.16 + https://x-stream.github.io/CVE-2021-21351.html + https://x-stream.github.io/security.html#workaround + https://ubuntu.com/security/notices/USN-4943-1 + + + + + + + + + + CVE-2021-21366 on Ubuntu 20.04 (focal) - medium. + xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-12 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21366.html + https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv + https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135 + https://github.com/xmldom/xmldom/releases/tag/0.5.0 + https://www.npmjs.com/package/xmldom + + + + + + + + + + CVE-2021-21372 on Ubuntu 20.04 (focal) - medium. + Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21372.html + https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ + + + + + + + + + + CVE-2021-21373 on Ubuntu 20.04 (focal) - medium. + Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21373.html + https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ + + + + + + + + + + CVE-2021-21374 on Ubuntu 20.04 (focal) - medium. + Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21374.html + https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ + + + + + + + + + + CVE-2021-21391 on Ubuntu 20.04 (focal) - medium. + CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widget. Following an internal audit, a regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze. It affects all users using the CKEditor 5 packages listed above at version <= 26.0.0. The problem has been recognized and patched. The fix will be available in version 27.0.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21391.html + https://www.npmjs.com/package/@ckeditor/ckeditor5-markdown-gfm + https://www.npmjs.com/package/@ckeditor/ckeditor5-engine + https://www.npmjs.com/package/@ckeditor/ckeditor5-image + https://www.npmjs.com/package/@ckeditor/ckeditor5-media-embed + https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj + https://www.npmjs.com/package/@ckeditor/ckeditor5-list + https://www.npmjs.com/package/@ckeditor/ckeditor5-font + https://www.npmjs.com/package/@ckeditor/ckeditor5-paste-from-office + https://www.npmjs.com/package/@ckeditor/ckeditor5-widget + + + + + + + + + + + + + CVE-2021-21392 on Ubuntu 20.04 (focal) - medium. + Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-12 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21392.html + https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78 + https://github.com/matrix-org/synapse/pull/9240 + https://pypi.org/project/matrix-synapse/ + + + + + + + + + + CVE-2021-21393 on Ubuntu 20.04 (focal) - medium. + Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-12 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21393.html + https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88 + https://github.com/matrix-org/synapse/pull/9321 + https://github.com/matrix-org/synapse/pull/9393 + https://pypi.org/project/matrix-synapse/ + + + + + + + + + + CVE-2021-21394 on Ubuntu 20.04 (focal) - medium. + Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-12 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21394.html + https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362 + https://github.com/matrix-org/synapse/pull/9321 + https://github.com/matrix-org/synapse/pull/9393 + https://pypi.org/project/matrix-synapse/ + + + + + + + + + + CVE-2021-21401 on Ubuntu 20.04 (focal) - medium. + Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed. This has been fixed in versions 0.3.9.8 and 0.4.5. See referenced GitHub Security Advisory for more information including workarounds. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985844 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21401.html + https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88 + https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261 + https://github.com/nanopb/nanopb/blob/c9124132a604047d0ef97a09c0e99cd9bed2c818/CHANGELOG.txt#L1 + https://github.com/nanopb/nanopb/issues/647 + + + + + + + + + + CVE-2021-21404 on Ubuntu 20.04 (focal) - medium. + Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21404.html + https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97 + https://github.com/syncthing/syncthing/releases/tag/v1.15.0 + https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h + https://pkg.go.dev/github.com/syncthing/syncthing + + + + + + + + + + CVE-2021-21295 on Ubuntu 20.04 (focal) - medium. + Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21409.html + https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432 + https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32 + https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj + + + + + + + + + + CVE-2021-21416 on Ubuntu 20.04 (focal) - medium. + django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled and a server-side error (HTTP 5xx) occurs during an attempt by a user to register an account. Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21416.html + https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh + + + + + + + + + + CVE-2021-21417 on Ubuntu 20.04 (focal) - medium. + fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21417.html + https://github.com/FluidSynth/fluidsynth/issues/808 + https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9 + + + + + + + + + + CVE-2021-21419 on Ubuntu 20.04 (focal) - medium. + Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-07 15:15:00 UTC + 2021-05-07 15:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988342 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21419.html + https://ubuntu.com/security/notices/USN-4956-1 + + + + leosilva> support for permessage-defalte extension or compression extension leosilva> was added by b7d2a251ad55e1c161aa6c8aa236db456c4c4a21 and it's not leosilva> present in versions of Bionic and xenial/esm-infra. + + + + + + + + + CVE-2021-21424 on Ubuntu 20.04 (focal) - low. + Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 16:15:00 UTC + James Isaac, Mathias Brodala + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21424.html + https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms + https://github.com/symfony/symfony/commit/f012eee6c6034a94566dff596fe4e16dfc5d9c1f + https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011 + https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68 + + + + + + + + + + CVE-2021-21434 on Ubuntu 20.04 (focal) - untriaged. + Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21434.html + https://otrs.com/release-notes/otrs-security-advisory-2021-01/ + + + + + + + + + + CVE-2021-21435 on Ubuntu 20.04 (focal) - untriaged. + Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21435.html + https://otrs.com/release-notes/otrs-security-advisory-2021-02/ + + + + + + + + + + CVE-2021-21436 on Ubuntu 20.04 (focal) - untriaged. + Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21436.html + https://otrs.com/release-notes/otrs-security-advisory-2021-04/ + + + + + + + + + + CVE-2021-21439 on Ubuntu 20.04 (focal) - low. + DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-14 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21439.html + https://otrs.com/release-notes/otrs-security-advisory-2021-09/ + + + + + + + + + + CVE-2021-2144 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2144.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-21441 on Ubuntu 20.04 (focal) - medium. + There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-16 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21441.html + https://otrs.com/release-notes/otrs-security-advisory-2021-11/ + + + + + + + + + + CVE-2021-2145 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2145.html + https://www.oracle.com/security-alerts/cpuapr2021.html + https://www.zerodayinitiative.com/advisories/ZDI-21-455/ + + + + + + + + + + CVE-2021-2146 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2146.html + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2154 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2154.html + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 5.7 only + + + + + + + + + CVE-2021-2160 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2160.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2161 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2161.html + + + + ebarretto> Windows-specific issue + + + + + + + + + CVE-2021-2162 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2162.html + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2163 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-20 17:34:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2163.html + https://rhn.redhat.com/errata/RHSA-2021-1301.html + https://ubuntu.com/security/notices/USN-4892-1 + + + + + + + + + + + + + + + + CVE-2021-2164 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2164.html + https://access.redhat.com/security/cve/CVE-2021-2164 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.0 only + + + + + + + + + + + + CVE-2021-2166 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2166.html + https://access.redhat.com/security/cve/CVE-2021-2166 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2169 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2169.html + https://access.redhat.com/security/cve/CVE-2021-2169 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2170 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2170.html + https://access.redhat.com/security/cve/CVE-2021-2170 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-21702 on Ubuntu 20.04 (focal) - low. + In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-15 04:15:00 UTC + 2021-02-15 04:15:00 UTC + mdeslaur + https://bugs.php.net/80672 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21702.html + https://ubuntu.com/security/notices/USN-5006-1 + https://ubuntu.com/security/notices/USN-5006-2 + + + + + + + + + + CVE-2021-21704 on Ubuntu 20.04 (focal) - medium. + Multiple Security vulnerabilities in pdo_firebase module + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-02 00:00:00 UTC + 2021-07-02 00:00:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990575 + https://bugs.php.net/bug.php?id=76448 + https://bugs.php.net/bug.php?id=76449 + https://bugs.php.net/bug.php?id=76450 + https://bugs.php.net/bug.php?id=76452 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21704.html + https://ubuntu.com/security/notices/USN-5006-1 + https://ubuntu.com/security/notices/USN-5006-2 + + + + + + + + + + CVE-2021-21705 on Ubuntu 20.04 (focal) - medium. + SSRF bypass in FILTER_VALIDATE_URL + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-02 00:00:00 UTC + 2021-07-02 00:00:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990575 + https://bugs.php.net/81122 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21705.html + https://ubuntu.com/security/notices/USN-5006-1 + https://ubuntu.com/security/notices/USN-5006-2 + + + + + + + + + + CVE-2021-2171 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2171.html + https://access.redhat.com/security/cve/CVE-2021-2171 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2172 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2172.html + https://access.redhat.com/security/cve/CVE-2021-2172 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2174 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2174.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-21772 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-10 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21772.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226 + + + + + + + + + + CVE-2021-21775 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-07 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21775.html + https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-21779 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-08 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21779.html + https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-2178 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2178.html + https://access.redhat.com/security/cve/CVE-2021-2178 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-21781 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-17 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21781.html + https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243 + https://git.kernel.org/linus/9c698bff66ab4914bb3d71da7dc6112519bde23e + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-21783 on Ubuntu 20.04 (focal) - medium. + A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21783.html + https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245 + + + + + + + + + + CVE-2021-2179 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2179.html + https://access.redhat.com/security/cve/CVE-2021-2179 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2180 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2180.html + https://access.redhat.com/security/cve/CVE-2021-2180 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-21806 on Ubuntu 20.04 (focal) - medium. + An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-08 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21806.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214 + + + + jdstrand> webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 + + + + + + + + + + + + + CVE-2021-2193 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2193.html + https://access.redhat.com/security/cve/CVE-2021-2193 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2194 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2194.html + https://access.redhat.com/security/cve/CVE-2021-2194 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2196 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2196.html + https://access.redhat.com/security/cve/CVE-2021-2196 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2201 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2201.html + https://access.redhat.com/security/cve/CVE-2021-2201 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2202 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2202.html + https://access.redhat.com/security/cve/CVE-2021-2202 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2203 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2203.html + https://access.redhat.com/security/cve/CVE-2021-2203 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2208 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2208.html + https://access.redhat.com/security/cve/CVE-2021-2208 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-22116 on Ubuntu 20.04 (focal) - medium. + RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 12:15:00 UTC + 2021-06-08 12:15:00 UTC + leosilva + Jonathan Knudsen + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22116.html + https://tanzu.vmware.com/security/cve-2021-22116 + https://github.com/rabbitmq/rabbitmq-server/pull/2953 + https://ubuntu.com/security/notices/USN-5004-1 + + + + leosilva> code affected in bionic is in deps/rabbitmq_amqp1_0/src/rabbit_amqp1_0_binary_parser.erl leosilva> in xenial in plugins-src/rabbitmq-amqp1.0/src/rabbit_amqp1_0_binary_parser.erl. + + + + + + + + + CVE-2021-2212 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2212.html + https://access.redhat.com/security/cve/CVE-2021-2212 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2213 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2213.html + https://access.redhat.com/security/cve/CVE-2021-2213 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2215 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2215.html + https://access.redhat.com/security/cve/CVE-2021-2215 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2217 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2217.html + https://access.redhat.com/security/cve/CVE-2021-2217 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-22173 on Ubuntu 20.04 (focal) - low. + Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22173.html + https://www.wireshark.org/security/wnpa-sec-2021-01.html + https://gitlab.com/wireshark/wireshark/-/issues/17124 + + + + + + + + + + CVE-2021-22174 on Ubuntu 20.04 (focal) - low. + Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22174.html + https://www.wireshark.org/security/wnpa-sec-2021-02.html + https://gitlab.com/wireshark/wireshark/-/issues/17165 + + + + + + + + + + CVE-2021-22191 on Ubuntu 20.04 (focal) - medium. + Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22191.html + https://www.wireshark.org/security/wnpa-sec-2021-03.html + https://gitlab.com/wireshark/wireshark/-/issues/17232 + + + + + + + + + + CVE-2021-22204 on Ubuntu 20.04 (focal) - high. + Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-04-23 18:15:00 UTC + 2021-04-23 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987505 + https://bugs.launchpad.net/bugs/1925985 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22204.html + https://bugs.launchpad.net/bugs/1925985 + https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 + https://hackerone.com/reports/1154542 + https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json + https://ubuntu.com/security/notices/USN-4987-1 + + + + + + + + + + CVE-2021-22207 on Ubuntu 20.04 (focal) - low. + Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-23 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22207.html + https://gitlab.com/wireshark/wireshark/-/issues/17331 + https://www.wireshark.org/security/wnpa-sec-2021-04.html + https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json + + + + + + + + + + CVE-2021-22212 on Ubuntu 20.04 (focal) - low. + ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22212.html + https://gitlab.com/NTPsec/ntpsec/-/issues/699 + https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22212.json + https://bugzilla.redhat.com/show_bug.cgi?id=1955859 + + + + + + + + + + CVE-2021-22222 on Ubuntu 20.04 (focal) - low. + Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-07 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22222.html + https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json + https://www.wireshark.org/security/wnpa-sec-2021-05.html + https://gitlab.com/wireshark/wireshark/-/merge_requests/3130 + + + + + + + + + + CVE-2021-22235 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-17 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22235.html + https://www.wireshark.org/security/wnpa-sec-2021-06.html + https://gitlab.com/wireshark/wireshark/-/issues/17462 + + + + + + + + + + CVE-2021-2226 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2226.html + https://access.redhat.com/security/cve/CVE-2021-2226 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2230 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2230.html + https://access.redhat.com/security/cve/CVE-2021-2230 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2232 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 1.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2232.html + https://access.redhat.com/security/cve/CVE-2021-2232 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2250 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2250.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-22543 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22543.html + https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 + https://www.openwall.com/lists/oss-security/2021/05/26/3 + https://www.openwall.com/lists/oss-security/2021/05/26/4 + https://www.openwall.com/lists/oss-security/2021/05/26/5 + https://github.com/torvalds/linux/commit/f8be156be163a052a067306417cd0ff679068c97 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-22555 on Ubuntu 20.04 (focal) - high. + A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-07-07 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22555.html + https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-2264 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 8.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2264.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-2266 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2266.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-2278 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2278.html + https://access.redhat.com/security/cve/CVE-2021-2278 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2279 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2279.html + https://www.oracle.com/security-alerts/cpuapr2021.html + https://www.zerodayinitiative.com/advisories/ZDI-21-453/ + + + + + + + + + + CVE-2021-2280 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2280.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-2281 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2281.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-2282 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2282.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-2283 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2283.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-2284 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2284.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-2285 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2285.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-2286 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2286.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-2287 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2287.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-22879 on Ubuntu 20.04 (focal) - medium. + Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-14 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22879.html + https://nextcloud.com/security/advisory/?id=NC-SA-2021-008 + https://github.com/nextcloud/desktop/pull/2906 + https://hackerone.com/reports/1078002 + + + + + + + + + + CVE-2021-22880 on Ubuntu 20.04 (focal) - low. + The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-11 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22880.html + https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129 + https://hackerone.com/reports/1023899 + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2021-22881 on Ubuntu 20.04 (focal) - medium. + The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-11 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22881.html + https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130 + https://hackerone.com/reports/1047447 + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2021-22883 on Ubuntu 20.04 (focal) - medium. + Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22883.html + https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ + + + + + + + + + + CVE-2021-22884 on Ubuntu 20.04 (focal) - medium. + Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22884.html + https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ + + + + + + + + + + CVE-2021-22885 on Ubuntu 20.04 (focal) - medium. + A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22885.html + https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main) + https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7) + https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6) + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2021-22895 on Ubuntu 20.04 (focal) - medium. + Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989846 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22895.html + https://github.com/nextcloud/desktop/pull/2926 + https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc (stable-3.1) + https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5 + https://github.com/nextcloud/desktop/releases/tag/v3.1.3 + https://hackerone.com/reports/903424 + + + + + + + + + + CVE-2021-22898 on Ubuntu 20.04 (focal) - low. + curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 16:15:00 UTC + Harry Sintonen + 2021-05-26 06:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22898.html + https://curl.se/docs/CVE-2021-22898.html + + + + + + + + + + CVE-2021-22901 on Ubuntu 20.04 (focal) - medium. + curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 16:15:00 UTC + Harry Sintonen + 2021-05-26 06:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22901.html + + + + mdeslaur> since 7.75.0 only + + + + + + + + + CVE-2021-22902 on Ubuntu 20.04 (focal) - medium. + The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22902.html + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2021-22903 on Ubuntu 20.04 (focal) - medium. + The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22903.html + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2021-22904 on Ubuntu 20.04 (focal) - medium. + The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22904.html + https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main) + https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7) + https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6) + + + + seth-arnold> In Oneiric-Saucy, rails package is just for transition; seth-arnold> The rails package contains actual code from vivid onward + + + + + + + + + CVE-2021-2291 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2291.html + https://www.oracle.com/security-alerts/cpuapr2021.html + https://www.zerodayinitiative.com/advisories/ZDI-21-457/ + + + + + + + + + + CVE-2021-22918 on Ubuntu 20.04 (focal) - medium. + Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-12 11:15:00 UTC + 2021-07-02 00:00:00 UTC + leosilva + Eric Sesterhenn + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990561 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22918.html + https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ + https://ubuntu.com/security/notices/USN-5007-1 + + + + + + + + + + CVE-2021-2293 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2293.html + https://access.redhat.com/security/cve/CVE-2021-2293 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2296 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2296.html + https://www.oracle.com/security-alerts/cpuapr2021.html + https://www.zerodayinitiative.com/advisories/ZDI-21-459/ + + + + + + + + + + CVE-2021-2297 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2297.html + https://www.oracle.com/security-alerts/cpuapr2021.html + https://www.zerodayinitiative.com/advisories/ZDI-21-462/ + + + + + + + + + + CVE-2021-2298 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2298.html + https://access.redhat.com/security/cve/CVE-2021-2298 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2299 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2299.html + https://access.redhat.com/security/cve/CVE-2021-2299 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2300 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2300.html + https://access.redhat.com/security/cve/CVE-2021-2300 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2301 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2301.html + https://access.redhat.com/security/cve/CVE-2021-2301 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-23017 on Ubuntu 20.04 (focal) - medium. + A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 13:15:00 UTC + 2021-05-25 + mdeslaur + Luis Merino, Markus Vervier, Eric Sesterhenn + 2021-05-25 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23017.html + https://www.x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/ + https://ubuntu.com/security/notices/USN-4967-1 + https://ubuntu.com/security/notices/USN-4967-2 + + + + + + + + + + CVE-2021-2304 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2304.html + https://access.redhat.com/security/cve/CVE-2021-2304 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2305 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2305.html + https://access.redhat.com/security/cve/CVE-2021-2305 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2306 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2306.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-2307 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2307.html + https://access.redhat.com/security/cve/CVE-2021-2307 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. + + + + + + + + + + + + CVE-2021-2308 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + 2021-04-22 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2308.html + https://access.redhat.com/security/cve/CVE-2021-2308 + https://ubuntu.com/security/notices/USN-4952-1 + + + + leosilva> since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. mdeslaur> 8.x only + + + + + + + + + + + + CVE-2021-2309 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2309.html + https://www.oracle.com/security-alerts/cpuapr2021.html + https://www.zerodayinitiative.com/advisories/ZDI-21-461/ + + + + + + + + + + CVE-2021-2310 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2310.html + https://www.oracle.com/security-alerts/cpuapr2021.html + https://www.zerodayinitiative.com/advisories/ZDI-21-456/ + + + + + + + + + + CVE-2021-2312 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2312.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-23133 on Ubuntu 20.04 (focal) - medium. + A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. Or Cohen discovered that the SCTP implementation in the Linux kernel contained a race condition in some situations, leading to a use-after-free condition. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 18:15:00 UTC + 2021-04-22 18:15:00 UTC + Or Cohen + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23133.html + https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b + https://www.openwall.com/lists/oss-security/2021/04/18/2 + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + https://ubuntu.com/security/notices/USN-5003-1 + + + + sbeattie> commit b166a20b0738 "net/sctp: fix race condition in sctp_destroy_sock" in net-next + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-23134 on Ubuntu 20.04 (focal) - medium. + Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-12 23:15:00 UTC + 2021-05-12 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23134.html + https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6 + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + https://ubuntu.com/security/notices/USN-5018-1 + https://ubuntu.com/security/notices/USN-5016-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-23158 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989437 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23158.html + https://github.com/michaelrsweet/htmldoc/issues/414 + https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc + + + + + + + + + + CVE-2021-23165 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989437 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23165.html + https://github.com/michaelrsweet/htmldoc/issues/413 + https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc + + + + + + + + + + CVE-2021-23169 on Ubuntu 20.04 (focal) - low. + A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 12:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28051 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23169.html + + + + mdeslaur> it looks like the fix for this issue actually went into the mdeslaur> exrcheck tool used by the fuzzer + + + + + + + + + CVE-2021-23180 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989437 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23180.html + https://github.com/michaelrsweet/htmldoc/issues/418 + https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a + + + + + + + + + + CVE-2021-23191 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989437 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23191.html + https://github.com/michaelrsweet/htmldoc/issues/415 + https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc + + + + + + + + + + CVE-2021-23206 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989437 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23206.html + https://github.com/michaelrsweet/htmldoc/issues/416 + https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8 + + + + + + + + + + CVE-2021-2321 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-28 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-2321.html + https://www.oracle.com/security-alerts/cpuapr2021.html + + + + + + + + + + CVE-2021-23215 on Ubuntu 20.04 (focal) - low. + An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 12:15:00 UTC + 2021-06-08 12:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23215.html + https://access.redhat.com/security/cve/CVE-2021-23215 + https://github.com/AcademySoftwareFoundation/openexr/pull/901 + https://ubuntu.com/security/notices/USN-4996-1 + https://ubuntu.com/security/notices/USN-4996-2 + + + + + + + + + + CVE-2021-23239 on Ubuntu 20.04 (focal) - low. + The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-12 09:15:00 UTC + 2021-01-12 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23239.html + https://www.openwall.com/lists/oss-security/2021/01/11/2 + https://ubuntu.com/security/notices/USN-4705-1 + + + + + + + + + + CVE-2021-23240 on Ubuntu 20.04 (focal) - negligible. + selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-01-12 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23240.html + https://www.openwall.com/lists/oss-security/2021/01/11/2 + https://www.sudo.ws/alerts/sudoedit_selinux.html + + + + sbeattie> selinux is not the default MAC in Ubuntu, though users can boot into it. + + + + + + + + + CVE-2021-23336 on Ubuntu 20.04 (focal) - low. + The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-15 13:15:00 UTC + 2021-02-15 13:15:00 UTC + https://bugs.python.org/issue42967 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23336.html + https://github.com/python/cpython/pull/24297 + https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master) + https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ + https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 + https://www.djangoproject.com/weblog/2021/feb/19/security-releases/ + https://ubuntu.com/security/notices/USN-4742-1 + + + + mdeslaur> fixing this in stable releases will break compatibility with mdeslaur> existing applications. Marking as low priority. We may decide mdeslaur> not to fix this at all in stable releases in the future. + + + + + + + + + + + + + + CVE-2021-23337 on Ubuntu 20.04 (focal) - medium. + Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-15 13:15:00 UTC + Marc Hassan + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23337.html + https://snyk.io/vuln/SNYK-JS-LODASH-1040724 + https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 + https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 + + + + + + + + + + CVE-2021-23341 on Ubuntu 20.04 (focal) - medium. + The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-18 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23341.html + https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609 + https://github.com/PrismJS/prism/pull/2584 + https://github.com/PrismJS/prism/issues/2583 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582 + https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581 + + + + + + + + + + CVE-2021-23362 on Ubuntu 20.04 (focal) - medium. + The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23362.html + https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356 + https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355 + + + + + + + + + + CVE-2021-23364 on Ubuntu 20.04 (focal) - medium. + The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-28 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987792 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23364.html + https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98 + https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194 + https://github.com/browserslist/browserslist/pull/593 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182 + https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474 + + + + + + + + + + CVE-2021-23369 on Ubuntu 20.04 (focal) - medium. + The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-12 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23369.html + https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8 + https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 + https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952 + + + + + + + + + + CVE-2021-23382 on Ubuntu 20.04 (focal) - medium. + The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-26 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23382.html + https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640 + https://github.com/postcss/postcss/commit/2ad1ca9b965dde32223bee28dc259c339cbaaa05 (8.2.13) + https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641 + + + + + + + + + + CVE-2021-23383 on Ubuntu 20.04 (focal) - medium. + The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-04 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23383.html + https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 + https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030 + + + + + + + + + + CVE-2021-23400 on Ubuntu 20.04 (focal) - medium. + The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-29 12:15:00 UTC + Adam Williams + https://github.com/nodemailer/nodemailer/issues/1289 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23400.html + https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415 + https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737 + https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f + https://github.com/nodemailer/nodemailer/issues/1289 + + + + + + + + + + CVE-2021-23840 on Ubuntu 20.04 (focal) - low. + Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-16 17:15:00 UTC + 2021-02-16 17:15:00 UTC + Paul Kehrer + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23840.html + https://www.openssl.org/news/secadv/20210216.txt + https://ubuntu.com/security/notices/USN-4738-1 + + + + mdeslaur> edk2 doesn't use EVP_CipherUpdate, EVP_EncryptUpdate, or mdeslaur> EVP_DecryptUpdate, so it is not vulnerable to this issue + + + + + + + + + CVE-2021-23926 on Ubuntu 20.04 (focal) - medium. + The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-14 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23926.html + https://issues.apache.org/jira/browse/XMLBEANS-517 + https://poi.apache.org/ + + + + + + + + + + CVE-2021-23953 on Ubuntu 20.04 (focal) - medium. + If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Rob Wu + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23953.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23953 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23953 + https://ubuntu.com/security/notices/USN-4717-1 + https://ubuntu.com/security/notices/USN-4736-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23954 on Ubuntu 20.04 (focal) - medium. + Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Gary Kwong + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23954.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23954 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23954 + https://ubuntu.com/security/notices/USN-4717-1 + https://ubuntu.com/security/notices/USN-4736-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23955 on Ubuntu 20.04 (focal) - medium. + The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Irvan Kurniawan + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23955.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955 + https://ubuntu.com/security/notices/USN-4717-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23956 on Ubuntu 20.04 (focal) - medium. + An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Abdulrahman Alqabandi + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23956.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23956 + https://ubuntu.com/security/notices/USN-4717-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23958 on Ubuntu 20.04 (focal) - medium. + The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Jan-Ivar Bruaroey + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23958.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23958 + https://ubuntu.com/security/notices/USN-4717-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23960 on Ubuntu 20.04 (focal) - medium. + Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Irvan Kurniawan + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23960.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23960 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23960 + https://ubuntu.com/security/notices/USN-4717-1 + https://ubuntu.com/security/notices/USN-4736-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23961 on Ubuntu 20.04 (focal) - medium. + Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Samy Kamkar, Ben Seri, and Gregory Vishnepolsky + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23961.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961 + https://ubuntu.com/security/notices/USN-4717-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23962 on Ubuntu 20.04 (focal) - medium. + Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Chiaki ISHIKAWA + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23962.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23962 + https://ubuntu.com/security/notices/USN-4717-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23963 on Ubuntu 20.04 (focal) - medium. + When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Paul Zühlcke + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23963.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23963 + https://ubuntu.com/security/notices/USN-4717-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23964 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 16:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, André Bargull, Jason Kratzer, Jesse Schwartzentruber, Steve Fink, Byron Campen + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23964.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23964 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23964 + https://ubuntu.com/security/notices/USN-4717-1 + https://ubuntu.com/security/notices/USN-4736-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23965 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 16:15:00 UTC + 2021-01-26 00:00:00 UTC + chrisccoulson + Sebastian Hengst, Christian Holler, Tyson Smith + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23965.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965 + https://ubuntu.com/security/notices/USN-4717-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23968 on Ubuntu 20.04 (focal) - medium. + If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 02:15:00 UTC + 2021-02-26 02:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23968.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23968 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23968 + https://bugzilla.mozilla.org/show_bug.cgi?id=1687342 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + https://www.mozilla.org/security/advisories/mfsa2021-08/ + https://www.mozilla.org/security/advisories/mfsa2021-09/ + https://ubuntu.com/security/notices/USN-4756-1 + https://ubuntu.com/security/notices/USN-4936-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23969 on Ubuntu 20.04 (focal) - medium. + As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 02:15:00 UTC + 2021-02-26 02:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23969.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23969 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969 + https://bugzilla.mozilla.org/show_bug.cgi?id=1542194 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + https://www.mozilla.org/security/advisories/mfsa2021-08/ + https://www.mozilla.org/security/advisories/mfsa2021-09/ + https://ubuntu.com/security/notices/USN-4756-1 + https://ubuntu.com/security/notices/USN-4936-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23970 on Ubuntu 20.04 (focal) - medium. + Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 02:15:00 UTC + 2021-02-26 02:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23970.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970 + https://bugzilla.mozilla.org/show_bug.cgi?id=1681724 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + https://ubuntu.com/security/notices/USN-4756-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23971 on Ubuntu 20.04 (focal) - medium. + When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 02:15:00 UTC + 2021-02-26 02:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23971.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23971 + https://bugzilla.mozilla.org/show_bug.cgi?id=1678545 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + https://ubuntu.com/security/notices/USN-4756-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23972 on Ubuntu 20.04 (focal) - low. + One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 02:15:00 UTC + 2021-02-26 02:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23972.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23972 + https://bugzilla.mozilla.org/show_bug.cgi?id=1683536 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + https://ubuntu.com/security/notices/USN-4756-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23973 on Ubuntu 20.04 (focal) - low. + When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 02:15:00 UTC + 2021-02-26 02:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23973.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23973 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23973 + https://bugzilla.mozilla.org/show_bug.cgi?id=1690976 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + https://www.mozilla.org/security/advisories/mfsa2021-08/ + https://www.mozilla.org/security/advisories/mfsa2021-09/ + https://ubuntu.com/security/notices/USN-4756-1 + https://ubuntu.com/security/notices/USN-4936-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23974 on Ubuntu 20.04 (focal) - medium. + The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 02:15:00 UTC + 2021-02-26 02:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23974.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974 + https://bugzilla.mozilla.org/buglist.cgi?bug_id=1528997%2C1683627 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + https://ubuntu.com/security/notices/USN-4756-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23975 on Ubuntu 20.04 (focal) - low. + The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 02:15:00 UTC + 2021-02-26 02:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23975.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23975 + https://bugzilla.mozilla.org/show_bug.cgi?id=1685145 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + https://ubuntu.com/security/notices/USN-4756-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23976 on Ubuntu 20.04 (focal) - medium. + When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 02:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23976.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23976 + https://bugzilla.mozilla.org/show_bug.cgi?id=1684627 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2021-23977 on Ubuntu 20.04 (focal) - medium. + Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 03:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23977.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23977 + https://bugzilla.mozilla.org/show_bug.cgi?id=1684761 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2021-23978 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 16:15:00 UTC + 2021-02-26 16:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23978.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23978 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23978 + https://bugzilla.mozilla.org/buglist.cgi?bug_id=786797%2C1682928%2C1687391%2C1687597 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + https://www.mozilla.org/security/advisories/mfsa2021-08/ + https://www.mozilla.org/security/advisories/mfsa2021-09/ + https://ubuntu.com/security/notices/USN-4756-1 + https://ubuntu.com/security/notices/USN-4936-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23979 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 16:15:00 UTC + 2021-02-26 16:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23979.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979 + https://bugzilla.mozilla.org/buglist.cgi?bug_id=1663222%2C1666607%2C1672120%2C1678463%2C1678927%2C1679560%2C1681297%2C1681684%2C1683490%2C1684377%2C1684902 + https://www.mozilla.org/security/advisories/mfsa2021-07/ + https://ubuntu.com/security/notices/USN-4756-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23980 on Ubuntu 20.04 (focal) - medium. + [mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986251 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23980.html + https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq + https://bugzilla.mozilla.org/show_bug.cgi?id=1689399 + https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13 + https://github.com/mozilla/bleach/commit/d398c89e54ced6b1039d3677689707456ba42dec + + + + + + + + + + CVE-2021-23981 on Ubuntu 20.04 (focal) - medium. + A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-24 00:00:00 UTC + chrisccoulson + Abraruddin Khan and Omair + https://bugzilla.mozilla.org/show_bug.cgi?id=1692832 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23981.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23981 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23981 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981 + https://ubuntu.com/security/notices/USN-4893-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23982 on Ubuntu 20.04 (focal) - medium. + Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-24 00:00:00 UTC + chrisccoulson + Samy Kamkar, Ben Seri, and Gregory Vishnepolsky + https://bugzilla.mozilla.org/show_bug.cgi?id=1677046 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23982.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23982 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23982 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982 + https://ubuntu.com/security/notices/USN-4893-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23983 on Ubuntu 20.04 (focal) - medium. + By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-24 00:00:00 UTC + chrisccoulson + Irvan Kurniawan + https://bugzilla.mozilla.org/show_bug.cgi?id=1692684 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23983.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983 + https://ubuntu.com/security/notices/USN-4893-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23984 on Ubuntu 20.04 (focal) - medium. + A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-25 + chrisccoulson + Rob Wu + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23984.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23984 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23984 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23984 + https://ubuntu.com/security/notices/USN-4893-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23985 on Ubuntu 20.04 (focal) - low. + If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-25 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23985.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985 + https://ubuntu.com/security/notices/USN-4893-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23986 on Ubuntu 20.04 (focal) - medium. + A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-25 + chrisccoulson + Armin Razmjou + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23986.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23986 + https://ubuntu.com/security/notices/USN-4893-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23987 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-25 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23987.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23987 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23987 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23987 + https://ubuntu.com/security/notices/USN-4893-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23988 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-25 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23988.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988 + https://ubuntu.com/security/notices/USN-4893-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23991 on Ubuntu 20.04 (focal) - medium. + If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-13 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23991.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + + + + + + + CVE-2021-23992 on Ubuntu 20.04 (focal) - medium. + Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-13 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23992.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23992 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + + + + + + + CVE-2021-23993 on Ubuntu 20.04 (focal) - medium. + An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-13 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23993.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23993 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + + + + + + + CVE-2021-23994 on Ubuntu 20.04 (focal) - medium. + A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-19 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23994.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23994 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23994 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23994 + https://ubuntu.com/security/notices/USN-4926-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23995 on Ubuntu 20.04 (focal) - medium. + When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-19 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23995.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23995 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23995 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995 + https://ubuntu.com/security/notices/USN-4926-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23996 on Ubuntu 20.04 (focal) - medium. + By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. This vulnerability affects Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-19 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23996.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23996 + https://ubuntu.com/security/notices/USN-4926-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23997 on Ubuntu 20.04 (focal) - medium. + Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-19 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23997.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23997 + https://ubuntu.com/security/notices/USN-4926-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-23998 on Ubuntu 20.04 (focal) - medium. + Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-19 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23998.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23998 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23998 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23998 + https://ubuntu.com/security/notices/USN-4926-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-23999 on Ubuntu 20.04 (focal) - medium. + If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-19 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23999.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23999 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999 + https://ubuntu.com/security/notices/USN-4926-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-24000 on Ubuntu 20.04 (focal) - medium. + A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as &lt;input type="file"&gt;) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-19 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-24000.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24000 + https://ubuntu.com/security/notices/USN-4926-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-24001 on Ubuntu 20.04 (focal) - medium. + A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-19 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-24001.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24001 + https://ubuntu.com/security/notices/USN-4926-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-24002 on Ubuntu 20.04 (focal) - medium. + When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-19 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-24002.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-24002 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-24002 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24002 + https://ubuntu.com/security/notices/USN-4926-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-24031 on Ubuntu 20.04 (focal) - medium. + In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-04 21:15:00 UTC + 2021-02-10 00:00:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404 + https://github.com/facebook/zstd/issues/1630 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-24031.html + https://ubuntu.com/security/notices/USN-4760-1 + + + + + + + + + + CVE-2021-24032 on Ubuntu 20.04 (focal) - medium. + Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-04 21:15:00 UTC + 2021-02-20 00:00:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519 + https://github.com/facebook/zstd/issues/2491 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-24032.html + https://ubuntu.com/security/notices/USN-4760-1 + + + + + + + + + + CVE-2021-24115 on Ubuntu 20.04 (focal) - low. + In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-22 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-24115.html + https://github.com/randombit/botan/pull/2549 + https://botan.randombit.net/news.html + https://github.com/randombit/botan/compare/2.17.2...2.17.3 + + + + + + + + + + CVE-2021-24116 on Ubuntu 20.04 (focal) - low. + In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-24116.html + https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md + https://github.com/wolfSSL/wolfssl/releases + + + + + + + + + + CVE-2021-24119 on Ubuntu 20.04 (focal) - low. + In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-24119.html + https://github.com/ARMmbed/mbedtls/releases + https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md + + + + sarnold> It looks like an entire new class of side-channel-free functions was introduced in newer versions of mbedtls; backporting all of them probably doesn't make sense, this fix only makes sense in context of trying to provide constant-time execution that limits side-channel bandwidth to adversaries on the same machine. + + + + + + + + + CVE-2021-24122 on Ubuntu 20.04 (focal) - negligible. + When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-01-14 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-24122.html + https://lists.apache.org/thread.html/r1595889b083e05986f42b944dc43060d6b083022260b6ea64d2cec52%40%3Cannounce.tomcat.apache.org%3E + + + + leosilva> tomcat6 is out of support , marking tomcat6 for precise as ignored. mdeslaur> probably windows-specific, setting to negligible + + + + + + + + + CVE-2021-25122 on Ubuntu 20.04 (focal) - medium. + When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-01 12:15:00 UTC + https://bz.apache.org/bugzilla/show_bug.cgi?id=64830 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25122.html + https://www.openwall.com/lists/oss-security/2021/03/01/1 + http://www.openwall.com/lists/oss-security/2021/03/01/1 + https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.apache.org%3E + https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cdev.tomcat.apache.org%3E + https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cusers.tomcat.apache.org%3E + https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E + + + + leosilva> tomcat6 is out of support , marking tomcat6 for precise as ignored. mdeslaur> tomcat 8.0 doesn't support HTTP/2, marking as not-affected + + + + + + + + + CVE-2021-25214 on Ubuntu 20.04 (focal) - medium. + In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 01:15:00 UTC + 2021-04-28 + mdeslaur + Greg Kuechle + 2021-04-28 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25214.html + https://kb.isc.org/docs/cve-2021-25214 + https://ubuntu.com/security/notices/USN-4929-1 + + + + mdeslaur> affects 9.8.5+ + + + + + + + + + CVE-2021-25215 on Ubuntu 20.04 (focal) - medium. + In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 01:15:00 UTC + 2021-04-28 + mdeslaur + Siva Kakarla + 2021-04-28 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25215.html + https://kb.isc.org/docs/cve-2021-25215 + https://ubuntu.com/security/notices/USN-4929-1 + + + + + + + + + + CVE-2021-25216 on Ubuntu 20.04 (focal) - medium. + In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 01:15:00 UTC + 2021-04-28 + mdeslaur + 2021-04-28 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25216.html + https://kb.isc.org/docs/cve-2021-25216 + https://ubuntu.com/security/notices/USN-4929-1 + + + + mdeslaur> only affects 9.5.0+ + + + + + + + + + CVE-2021-25217 on Ubuntu 20.04 (focal) - medium. + In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + 2021-05-26 + mdeslaur + Jon Franklin and Pawel Wieczorkiewicz + 2021-05-26 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25217.html + https://kb.isc.org/docs/cve-2021-25217 + https://ubuntu.com/security/notices/USN-4969-1 + https://ubuntu.com/security/notices/USN-4969-2 + + + + + + + + + + CVE-2021-25287 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 16:15:00 UTC + 2021-05-10 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25287.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode + https://ubuntu.com/security/notices/USN-4963-1 + + + + + + + + + + + + + CVE-2021-25288 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 16:15:00 UTC + 2021-05-10 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25288.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode + https://ubuntu.com/security/notices/USN-4963-1 + + + + mdeslaur> same commit as CVE-2021-25287 + + + + + + + + + + + + CVE-2021-25289 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 04:15:00 UTC + 2021-03-03 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25289.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + https://ubuntu.com/security/notices/USN-4763-1 + + + + + + + + + + + + + CVE-2021-25290 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 04:15:00 UTC + 2021-03-03 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25290.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + https://ubuntu.com/security/notices/USN-4763-1 + + + + + + + + + + + + + CVE-2021-25291 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 04:15:00 UTC + 2021-03-03 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25291.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + https://ubuntu.com/security/notices/USN-4763-1 + + + + + + + + + + + + + CVE-2021-25292 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 04:15:00 UTC + 2021-03-03 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25292.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + https://ubuntu.com/security/notices/USN-4763-1 + + + + + + + + + + + + + CVE-2021-25293 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 04:15:00 UTC + 2021-03-03 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25293.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + https://ubuntu.com/security/notices/USN-4763-1 + + + + + + + + + + + + + CVE-2021-25311 on Ubuntu 20.04 (focal) - medium. + condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-27 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25311.html + https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html + + + + + + + + + + CVE-2021-25312 on Ubuntu 20.04 (focal) - medium. + HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-27 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25312.html + https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0001.html + + + + + + + + + + CVE-2021-25319 on Ubuntu 20.04 (focal) - medium. + A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-05 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25319.html + https://www.openwall.com/lists/oss-security/2021/04/26/2 + + + + + + + + + + CVE-2021-25322 on Ubuntu 20.04 (focal) - medium. + A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25322.html + https://bugzilla.suse.com/show_bug.cgi?id=1182373 + + + + + + + + + + CVE-2021-25329 on Ubuntu 20.04 (focal) - low. + The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-01 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25329.html + https://www.openwall.com/lists/oss-security/2021/03/01/2 + http://www.openwall.com/lists/oss-security/2021/03/01/2 + https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E + https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E + https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E + https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E + + + + leosilva> tomcat6 is out of support , marking tomcat6 for precise as ignored. + + + + + + + + + CVE-2021-25631 on Ubuntu 20.04 (focal) - low. + In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-03 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25631.html + https://positive.security/blog/url-open-rce#open-libreoffice + + + + + + + + + + CVE-2021-25735 on Ubuntu 20.04 (focal) - medium. + [Validating Admission Webhook does not observe some previous fields] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-15 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25735.html + https://www.openwall.com/lists/oss-security/2021/04/14/1 + https://github.com/kubernetes/kubernetes/issues/100096 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2021-25737 on Ubuntu 20.04 (focal) - medium. + + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-31 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25737.html + https://www.openwall.com/lists/oss-security/2021/05/18/4 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2021-25740 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-17 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25740.html + https://www.openwall.com/lists/oss-security/2021/07/14/1 + + + + leosilva> kubernates is in fact a kubernetes installer leosilva> that calls snap, not the package it self. + + + + + + + + + CVE-2021-26117 on Ubuntu 20.04 (focal) - medium. + The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-27 19:15:00 UTC + Gregor Tudan + https://issues.apache.org/jira/browse/ARTEMIS-2895 + https://issues.apache.org/jira/browse/AMQ-8035 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26117.html + https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA@mail.gmail.com%3e + + + + + + + + + + CVE-2021-26118 on Ubuntu 20.04 (focal) - medium. + While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-27 19:15:00 UTC + https://issues.apache.org/jira/browse/ARTEMIS-2964 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26118.html + https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E + + + + + + + + + + CVE-2021-26119 on Ubuntu 20.04 (focal) - medium. + Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-22 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26119.html + https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md + + + + + + + + + + CVE-2021-26120 on Ubuntu 20.04 (focal) - medium. + Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-22 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26120.html + https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md + + + + + + + + + + CVE-2021-26220 on Ubuntu 20.04 (focal) - medium. + The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26220.html + + + + + + + + + + + + + + + CVE-2021-26221 on Ubuntu 20.04 (focal) - medium. + The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26221.html + + + + + + + + + + + + + + + CVE-2021-26222 on Ubuntu 20.04 (focal) - medium. + The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26222.html + + + + + + + + + + + + + + + + CVE-2021-26252 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989437 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26252.html + https://github.com/michaelrsweet/htmldoc/issues/412 + https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc + + + + + + + + + + CVE-2021-26259 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989437 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26259.html + https://github.com/michaelrsweet/htmldoc/issues/417 + https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5 + + + + + + + + + + CVE-2021-26260 on Ubuntu 20.04 (focal) - low. + An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 12:15:00 UTC + 2021-06-08 12:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26260.html + https://access.redhat.com/security/cve/CVE-2021-26260 + https://github.com/AcademySoftwareFoundation/openexr/pull/894 + https://ubuntu.com/security/notices/USN-4996-1 + https://ubuntu.com/security/notices/USN-4996-2 + + + + + + + + + + CVE-2021-26271 on Ubuntu 20.04 (focal) - medium. + It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26271.html + https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 + + + + + + + + + + CVE-2021-26272 on Ubuntu 20.04 (focal) - medium. + It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26272.html + https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 + + + + + + + + + + CVE-2021-26291 on Ubuntu 20.04 (focal) - medium. + Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-23 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26291.html + https://www.openwall.com/lists/oss-security/2021/04/23/5 + https://issues.apache.org/jira/browse/MNG-7118 + https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f (3.8.x) + https://github.com/apache/maven/commit/67125676eef313e592da6424a9be0c90c5e6bca5 (master) + https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00%40%3Cusers.maven.apache.org%3E + https://lists.apache.org/thread.html/r06db4057b74e0598a412734f693a34a8836ac6f06d16d139e5e1027c@%3Cdev.maven.apache.org%3E + https://lists.apache.org/thread.html/r9a027668558264c4897633e66bcb7784099fdec9f9b22c38c2442f00@%3Cusers.maven.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/04/23/5 + + + + + + + + + + CVE-2021-26313 on Ubuntu 20.04 (focal) - medium. + Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26313.html + https://xenbits.xen.org/xsa/advisory-375.html + https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 + http://www.openwall.com/lists/oss-security/2021/06/09/2 + http://xenbits.xen.org/xsa/advisory-375.html + http://www.openwall.com/lists/oss-security/2021/06/10/1 + http://www.openwall.com/lists/oss-security/2021/06/10/11 + http://www.openwall.com/lists/oss-security/2021/06/10/10 + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2021-26314 on Ubuntu 20.04 (focal) - medium. + Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26314.html + https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 + http://www.openwall.com/lists/oss-security/2021/06/09/2 + http://www.openwall.com/lists/oss-security/2021/06/10/1 + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2021-26675 on Ubuntu 20.04 (focal) - medium. + A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-09 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26675.html + https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb + https://bugzilla.suse.com/show_bug.cgi?id=1181751 + https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog + https://www.openwall.com/lists/oss-security/2021/02/08/2 + + + + + + + + + + CVE-2021-26676 on Ubuntu 20.04 (focal) - medium. + gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-09 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26676.html + https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa + https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 + https://bugzilla.suse.com/show_bug.cgi?id=1181751 + https://git.kernel.org/pub/scm/network/connman/connman.git/tree/ChangeLog + https://www.openwall.com/lists/oss-security/2021/02/08/2 + + + + + + + + + + CVE-2021-26690 on Ubuntu 20.04 (focal) - medium. + Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 07:15:00 UTC + 2021-06-10 07:15:00 UTC + mdeslaur + Antonio Morales + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26690.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690 + https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865@%3Cannounce.httpd.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/06/10/6 + https://ubuntu.com/security/notices/USN-4994-1 + https://ubuntu.com/security/notices/USN-4994-2 + + + + + + + + + + CVE-2021-26691 on Ubuntu 20.04 (focal) - medium. + In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 07:15:00 UTC + 2021-06-10 07:15:00 UTC + mdeslaur + Christophe Jaillet + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26691.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691 + https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/06/10/7 + https://ubuntu.com/security/notices/USN-4994-1 + https://ubuntu.com/security/notices/USN-4994-2 + + + + + + + + + + CVE-2021-26708 on Ubuntu 20.04 (focal) - high. + A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. Alexander Popov discovered that multiple race conditions existed in the AF_VSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-02-05 14:15:00 UTC + 2021-02-05 14:15:00 UTC + Alexander Popov + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1914668 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26708.html + https://www.openwall.com/lists/oss-security/2021/02/04/5 + https://git.kernel.org/linus/c518adafa39f37858697ac9309c6cf1805581446 + http://www.openwall.com/lists/oss-security/2021/02/05/6 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446 + https://ubuntu.com/security/notices/USN-4727-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-26712 on Ubuntu 20.04 (focal) - medium. + Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-18 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26712.html + http://packetstormsecurity.com/files/161473/Asterisk-Project-Security-Advisory-AST-2021-003.html + http://seclists.org/fulldisclosure/2021/Feb/59 + https://downloads.asterisk.org/pub/security/ + https://downloads.asterisk.org/pub/security/AST-2021-003.html + https://issues.asterisk.org/jira/browse/ASTERISK-29260 + + + + + + + + + + CVE-2021-26719 on Ubuntu 20.04 (focal) - medium. + A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor (with certain credentials) can perform a registration step such that crafted TAR archives lead to extraction of files into arbitrary filesystem locations. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-09 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26719.html + https://security.gradle.com/advisory/CVE-2021-26719 + + + + + + + + + + CVE-2021-26720 on Ubuntu 20.04 (focal) - low. + avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 22:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982796 + https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1870824 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26720.html + https://www.openwall.com/lists/oss-security/2021/02/15/2 + + + + mdeslaur> the script was removed in the 0.7-4ubuntu7 package in focal. mdeslaur> for bionic and earlier, we can't simply remove the script as mdeslaur> libnss-mdns is too old there. + + + + + + + + + CVE-2021-26813 on Ubuntu 20.04 (focal) - medium. + markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26813.html + https://github.com/trentm/python-markdown2/pull/387 + + + + + + + + + + CVE-2021-26825 on Ubuntu 20.04 (focal) - medium. + An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26825.html + https://github.com/godotengine/godot/pull/45702 + https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 + https://github.com/godotengine/godot/pull/45702/files + + + + + + + + + + CVE-2021-26826 on Ubuntu 20.04 (focal) - medium. + A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26826.html + https://github.com/godotengine/godot/pull/45701 + https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a + https://github.com/godotengine/godot/pull/45701/commits/403e4fd08b0b212e96f53d926e6273e0745eaa5a + + + + + + + + + + CVE-2021-26910 on Ubuntu 20.04 (focal) - medium. + Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-08 20:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26910.html + https://www.openwall.com/lists/oss-security/2021/02/08/5 + https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt + https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/ + http://www.openwall.com/lists/oss-security/2021/02/09/1 + https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b + https://github.com/netblue30/firejail/releases/tag/0.9.64.4 + + + + + + + + + + CVE-2021-26925 on Ubuntu 20.04 (focal) - medium. + Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-09 09:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26925.html + https://roundcube.net/news/2021/02/08/security-update-1.4.11 + https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596 + + + + + + + + + + CVE-2021-26930 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 01:15:00 UTC + 2021-02-17 01:15:00 UTC + Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26930.html + http://xenbits.xen.org/xsa/advisory-365.html + https://www.openwall.com/lists/oss-security/2021/02/16/6 + https://ubuntu.com/security/notices/USN-4904-1 + https://ubuntu.com/security/notices/USN-4909-1 + https://ubuntu.com/security/notices/USN-4946-1 + https://ubuntu.com/security/notices/USN-4949-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-26931 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 02:15:00 UTC + 2021-02-17 02:15:00 UTC + Jan Beulich + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26931.html + https://xenbits.xen.org/xsa/advisory-362.html + https://www.openwall.com/lists/oss-security/2021/02/16/4 + https://ubuntu.com/security/notices/USN-4904-1 + https://ubuntu.com/security/notices/USN-4909-1 + https://ubuntu.com/security/notices/USN-4946-1 + https://ubuntu.com/security/notices/USN-4949-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-26932 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. break-fix: - a35f2ef3b7376bfd0a57f7844bd7454389aae1fc break-fix: - b512e1b077e5ccdbd6e225b15d934ab12453b70a break-fix: - dbe5283605b3bc12ca45def09cc721a0a5c853a2 break-fix: - ebee0eab08594b2bd5db716288a4f1ae5936e9bc break-fix: - 36bf1dfb8b266e089afa9b7b984217f17027bf35 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 02:15:00 UTC + Jan Beulich + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26932.html + https://xenbits.xen.org/xsa/advisory-361.html + https://www.openwall.com/lists/oss-security/2021/02/16/3 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-26933 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 02:15:00 UTC + Julien Grall + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26933.html + https://www.openwall.com/lists/oss-security/2021/02/16/5 + https://xenbits.xen.org/xsa/advisory-364.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2021-26934 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 02:15:00 UTC + Jan Beulich + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26934.html + https://www.openwall.com/lists/oss-security/2021/02/16/2 + https://xenbits.xen.org/xsa/advisory-363.html + + + + sbeattie| the "fix" proposed by Xen is to annotate that this is not a supported configuration. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-26945 on Ubuntu 20.04 (focal) - low. + An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 12:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31221 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31228 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26945.html + https://access.redhat.com/security/cve/CVE-2021-26945 + https://github.com/AcademySoftwareFoundation/openexr/pull/930 + + + + mdeslaur> it looks like the fix for this issue actually went into the mdeslaur> exrcheck tool used by the fuzzer + + + + + + + + + CVE-2021-26948 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989437 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26948.html + https://github.com/michaelrsweet/htmldoc/issues/410 + https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2 + + + + + + + + + + CVE-2021-27097 on Ubuntu 20.04 (focal) - medium. + The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27097.html + https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 + https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b + https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 + + + + + + + + + + CVE-2021-27138 on Ubuntu 20.04 (focal) - medium. + The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27138.html + https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917 + https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4 + https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 + + + + + + + + + + CVE-2021-27211 on Ubuntu 20.04 (focal) - low. + steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-15 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27211.html + https://github.com/b4shfire/stegcrack + https://github.com/StefanoDeVuono/steghide + https://sourceforge.net/projects/steghide/files/steghide/0.5.1/ + + + + + + + + + + CVE-2021-27212 on Ubuntu 20.04 (focal) - medium. + In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-14 03:15:00 UTC + 2021-02-14 03:15:00 UTC + mdeslaur + Pasi Saarinen + https://bugs.openldap.org/show_bug.cgi?id=9454 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27212.html + https://ubuntu.com/security/notices/USN-4744-1 + + + + + + + + + + CVE-2021-27216 on Ubuntu 20.04 (focal) - medium. + Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-04 13:30:00 UTC + mdeslaur + 2021-05-04 13:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27216.html + https://ubuntu.com/security/notices/USN-4934-1 + https://ubuntu.com/security/notices/USN-4934-2 + + + + + + + + + + CVE-2021-27218 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-15 17:15:00 UTC + 2021-02-15 17:15:00 UTC + mdeslaur + Krzesimir Nowak + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982779 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27218.html + https://ubuntu.com/security/notices/USN-4759-1 + + + + + + + + + + CVE-2021-27219 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-15 17:15:00 UTC + 2021-02-15 17:15:00 UTC + mdeslaur + Kevin Backhouse + https://gitlab.gnome.org/GNOME/glib/-/issues/2319 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982778 + https://gitlab.gnome.org/GNOME/glib/-/issues/2323 (regression) + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27219.html + https://ubuntu.com/security/notices/USN-4759-1 + + + + mdeslaur> see gnome bug for multiple regression fixes solved in 2.66.7 mdeslaur> Upstream fixed this in 2.67 by adding a new g_memdup2() function mdeslaur> and deprecating g_memdup(). For the 2.66 stable release, they mdeslaur> added g_memdup2(), but in a private manner so that internal uses mdeslaur> of g_memdup() could be switched, but this won't fix external mdeslaur> applications. + + + + + + + + + CVE-2021-27229 on Ubuntu 20.04 (focal) - medium. + Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-16 04:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27229.html + https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648 + https://github.com/mumble-voip/mumble/pull/4733 + https://github.com/mumble-voip/mumble/compare/1.3.3...1.3.4 + + + + + + + + + + CVE-2021-27290 on Ubuntu 20.04 (focal) - medium. + ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-12 22:15:00 UTC + Ben Caller + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27290.html + https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf + https://npmjs.com + + + + + + + + + + CVE-2021-27291 on Ubuntu 20.04 (focal) - medium. + In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-17 13:15:00 UTC + 2021-03-17 13:15:00 UTC + mdeslaur + Ben Caller + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27291.html + https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce + https://ubuntu.com/security/notices/USN-4897-1 + + + + avital> eric looks to contain a vendored copy of pygments + + + + + + + + + + + + CVE-2021-27292 on Ubuntu 20.04 (focal) - medium. + ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-17 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27292.html + https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76 + https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14 + + + + + + + + + + CVE-2021-27345 on Ubuntu 20.04 (focal) - low. + A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27345.html + https://github.com/ckolivas/lrzip/issues/164 + + + + + + + + + + CVE-2021-27347 on Ubuntu 20.04 (focal) - medium. + Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27347.html + https://github.com/ckolivas/lrzip/issues/165 + + + + + + + + + + CVE-2021-27351 on Ubuntu 20.04 (focal) - low. + The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27351.html + https://0ffsecninja.github.io/Telegram:CVE-2021-2735.html + + + + + + + + + + CVE-2021-27363 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-07 04:15:00 UTC + 2021-03-07 04:15:00 UTC + Adam Nichols + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27363.html + https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa + http://www.openwall.com/lists/oss-security/2021/03/06/1 + https://bugzilla.suse.com/show_bug.cgi?id=1182716 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa + https://ubuntu.com/security/notices/USN-4883-1 + https://ubuntu.com/security/notices/USN-4887-1 + https://ubuntu.com/security/notices/USN-4889-1 + https://ubuntu.com/security/notices/USN-4901-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-27364 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-07 05:15:00 UTC + 2021-03-07 05:15:00 UTC + Adam Nichols + https://bugzilla.suse.com/show_bug.cgi?id=1182717 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-27364 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27364.html + https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=688e8128b7a92df982709a4137ea4588d16f24aa + https://www.openwall.com/lists/oss-security/2021/03/06/1 + https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.03.12-linux-iscsi + https://ubuntu.com/security/notices/USN-4883-1 + https://ubuntu.com/security/notices/USN-4887-1 + https://ubuntu.com/security/notices/USN-4889-1 + https://ubuntu.com/security/notices/USN-4901-1 + + + + sbeattie| Reading the discoverers article, it looks like the CVE was assigned for the out of bounds read vulnerability addressed by f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5, not 688e8128b7a92d as described by Marcus in his oss-security posting. However, 688e8128b7a92d commit requiring CAP_SYS_ADMIN for netlink access also mitigates the vulnerability. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-27365 on Ubuntu 20.04 (focal) - high. + An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-03-07 05:15:00 UTC + 2021-03-07 05:15:00 UTC + Adam Nichols + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27365.html + https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee + https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5 + https://bugzilla.suse.com/show_bug.cgi?id=1182715 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec98ea7070e94cc25a422ec97d1421e28d97b7ee + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5 + https://www.openwall.com/lists/oss-security/2021/03/06/1 + https://ubuntu.com/security/notices/USN-4883-1 + https://ubuntu.com/security/notices/USN-4887-1 + https://ubuntu.com/security/notices/USN-4889-1 + https://ubuntu.com/security/notices/USN-4901-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-27379 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-18 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27379.html + https://xenbits.xen.org/xsa/advisory-366.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2021-27515 on Ubuntu 20.04 (focal) - low. + url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-22 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27515.html + https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0 + https://github.com/unshiftio/url-parse/pull/197 + https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.0 + + + + + + + + + + CVE-2021-27577 on Ubuntu 20.04 (focal) - medium. + Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-29 12:15:00 UTC + Iustin Ladunca + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990303 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27577.html + https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + https://github.com/apache/trafficserver/pull/7945 (8.1.x) + https://github.com/apache/trafficserver/commit/2b13eb33794574e62249997b4ba654d943a10f2d (master) + https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) + + + + + + + + + + CVE-2021-27645 on Ubuntu 20.04 (focal) - low. + The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-02-24 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983479 + https://sourceware.org/bugzilla/show_bug.cgi?id=27462 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27645.html + + + + mdeslaur> introduced in 2.29 by: mdeslaur> https://sourceware.org/git/?p=glibc.git;a=commit;h=745664bd798ec8fd50438605948eea594179fba1 mdeslaur> introduced in 2.28-1 debian packaging by: mdeslaur> https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919 + + + + + + + + + CVE-2021-27737 on Ubuntu 20.04 (focal) - low. + Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin. sbeattie> slicer plugin is in the trafficserver-experimental-plugins package + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-14 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27737.html + https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E + https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525@%3Cdev.trafficserver.apache.org%3E + https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525@%3Cannounce.trafficserver.apache.org%3E + https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525@%3Cusers.trafficserver.apache.org%3E + + + + + + + + + + CVE-2021-27807 on Ubuntu 20.04 (focal) - medium. + A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 16:15:00 UTC + Fabian Meumertzheim + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27807.html + https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d3885c1e2db398bc55cfb%40%3Cusers.pdfbox.apache.org%3E + https://lists.apache.org/thread.html/r818058ff1e4b9f6bef4e5a2e74faff38cb3d3885c1e2db398bc55cfb@%3Cusers.pdfbox.apache.org%3E + + + + + + + + + + + + + CVE-2021-27847 on Ubuntu 20.04 (focal) - low. + Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27847.html + https://github.com/libvips/libvips/issues/1236 + https://github.com/libvips/libvips/commit/2fb81b8ed6a4a6b2385f3efbb0412f24f80163c4 (v8.8.0-rc1) + https://github.com/libvips/libvips/commit/65a259a0258b2036b168cdeff6e9db434471225a (v8.8.0-rc1) + + + + + + + + + + CVE-2021-27905 on Ubuntu 20.04 (focal) - medium. + The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-13 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27905.html + https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E + + + + + + + + + + CVE-2021-27906 on Ubuntu 20.04 (focal) - medium. + A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 16:15:00 UTC + Fabian Meumertzheim + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27906.html + https://lists.apache.org/thread.html/rf35026148ccc0e1af133501c0d003d052883fcc65107b3ff5d3b61cd%40%3Cusers.pdfbox.apache.org%3E + https://lists.apache.org/thread.html/rf35026148ccc0e1af133501c0d003d052883fcc65107b3ff5d3b61cd@%3Cusers.pdfbox.apache.org%3E + + + + + + + + + + + + + CVE-2021-27918 on Ubuntu 20.04 (focal) - medium. + encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-11 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27918.html + https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + CVE-2021-27919 on Ubuntu 20.04 (focal) - medium. + archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-11 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27919.html + https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + CVE-2021-27921 on Ubuntu 20.04 (focal) - medium. + Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 09:15:00 UTC + 2021-03-03 09:15:00 UTC + mdeslaur + Jiayi Lin, Luke Shaffer, Xinran Xie, Akshay Ajayan + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27921.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + https://ubuntu.com/security/notices/USN-4763-1 + + + + mdeslaur> while this is mentioned in the 8.1.1 release notes, it doesn't mdeslaur> seem to be mentioned in the CHANGES file, and I can't seem to mdeslaur> locate the commits that fix this in 8.1.1 vs 8.1.0 mdeslaur> This was actually fixed in 8.1.2. + + + + + + + + + + + + CVE-2021-27922 on Ubuntu 20.04 (focal) - medium. + Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 09:15:00 UTC + 2021-03-03 09:15:00 UTC + mdeslaur + Jiayi Lin, Luke Shaffer, Xinran Xie, Akshay Ajayan + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27922.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + https://ubuntu.com/security/notices/USN-4763-1 + + + + mdeslaur> while this is mentioned in the 8.1.1 release notes, it doesn't mdeslaur> seem to be mentioned in the CHANGES file, and I can't seem to mdeslaur> locate the commits that fix this in 8.1.1 vs 8.1.0 mdeslaur> This was actually fixed in 8.1.2. + + + + + + + + + + + + CVE-2021-27923 on Ubuntu 20.04 (focal) - medium. + Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 09:15:00 UTC + 2021-03-03 09:15:00 UTC + mdeslaur + Jiayi Lin, Luke Shaffer, Xinran Xie, Akshay Ajayan + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27923.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + https://ubuntu.com/security/notices/USN-4763-1 + + + + mdeslaur> while this is mentioned in the 8.1.1 release notes, it doesn't mdeslaur> seem to be mentioned in the CHANGES file, and I can't seem to mdeslaur> locate the commits that fix this in 8.1.1 vs 8.1.0 mdeslaur> This was actually fixed in 8.1.2. + + + + + + + + + + + + CVE-2021-27927 on Ubuntu 20.04 (focal) - medium. + In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user with sufficient privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27927.html + https://support.zabbix.com/browse/ZBX-18942 + + + + + + + + + + CVE-2021-27928 on Ubuntu 20.04 (focal) - medium. + A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 03:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/mariadb-10.1/+bug/1926926 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27928.html + https://jira.mariadb.org/browse/MDEV-25179 + https://mariadb.com/kb/en/mariadb-10237-release-notes/ + https://mariadb.com/kb/en/mariadb-10328-release-notes/ + https://mariadb.com/kb/en/mariadb-10418-release-notes/ + https://mariadb.com/kb/en/mariadb-1059-release-notes/ + https://mariadb.com/kb/en/security/ + + + + + + + + + + CVE-2021-28038 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-05 18:15:00 UTC + 2021-03-05 18:15:00 UTC + Jan Beulich + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28038.html + https://xenbits.xen.org/xsa/advisory-367.html + http://www.openwall.com/lists/oss-security/2021/03/05/1 + http://xenbits.xen.org/xsa/advisory-367.html + https://ubuntu.com/security/notices/USN-4904-1 + https://ubuntu.com/security/notices/USN-4911-1 + https://ubuntu.com/security/notices/USN-4945-1 + https://ubuntu.com/security/notices/USN-4946-1 + https://ubuntu.com/security/notices/USN-4945-2 + https://ubuntu.com/security/notices/USN-4984-1 + + + + sbeattie> kernels where the fix for CVE-2021-26931 had not landed yet are not affected by this issue. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28039 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-05 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28039.html + https://xenbits.xen.org/xsa/advisory-369.html + http://www.openwall.com/lists/oss-security/2021/03/05/2 + http://xenbits.xen.org/xsa/advisory-369.html + + + + sbeattie> both CONFIG options are enabled for linux-oem-5.10 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28053 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-16 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28053.html + https://docs.centreon.com/current/en/ + https://redshell.co + https://github.com/centreon/centreon/releases/tag/20.04.13 + + + + + + + + + + CVE-2021-28054 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-16 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28054.html + https://docs.centreon.com/current/en/ + https://redshell.co + https://github.com/centreon/centreon/releases/tag/20.04.13 + + + + + + + + + + CVE-2021-28089 on Ubuntu 20.04 (focal) - medium. + Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 05:15:00 UTC + Roger Dingledine + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28089.html + https://blog.torproject.org/node/2009 + https://bugs.torproject.org/tpo/core/tor/40286 + + + + + + + + + + CVE-2021-28090 on Ubuntu 20.04 (focal) - medium. + Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28090.html + https://blog.torproject.org/node/2009 + https://bugs.torproject.org/tpo/core/tor/40316 + + + + + + + + + + CVE-2021-28091 on Ubuntu 20.04 (focal) - medium. + Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-04 15:15:00 UTC + 2021-06-01 12:00:00 UTC + amurray + 2021-06-01 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28091.html + https://git.entrouvert.org/lasso.git/commit/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a + https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html + https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html + https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html + https://ubuntu.com/security/notices/USN-4974-1 + + + + + + + + + + CVE-2021-28116 on Ubuntu 20.04 (focal) - medium. + Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 22:15:00 UTC + https://bugs.squid-cache.org/show_bug.cgi?id=5131 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28116.html + https://www.zerodayinitiative.com/advisories/ZDI-21-157/ + http://www.squid-cache.org/Versions/ + https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82 + + + + mdeslaur> as of 2021-07-05, there are no details on a fix from upstream mdeslaur> for this issue + + + + + + + + + CVE-2021-28117 on Ubuntu 20.04 (focal) - low. + libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-20 21:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/plasma-discover/+bug/1918681 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28117.html + https://kde.org/info/security/advisory-20210310-1.txt + + + + + + + + + + CVE-2021-28153 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-11 22:15:00 UTC + 2021-03-11 22:15:00 UTC + mdeslaur + https://gitlab.gnome.org/GNOME/glib/-/issues/2325 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28153.html + https://ubuntu.com/security/notices/USN-4764-1 + + + + + + + + + + CVE-2021-28156 on Ubuntu 20.04 (focal) - medium. + HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-20 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28156.html + https://bugzilla.redhat.com/show_bug.cgi?id=1950492 + https://github.com/hashicorp/consul/pull/10030 + https://www.hashicorp.com/blog/category/consul + https://discuss.hashicorp.com/t/hcsec-2021-08-consul-enterprise-audit-log-bypass-for-http-events/23369 + + + + + + + + + + CVE-2021-28163 on Ubuntu 20.04 (focal) - untriaged. + In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28163.html + https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq + + + + + + + + + + CVE-2021-28164 on Ubuntu 20.04 (focal) - untriaged. + In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28164.html + https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 + + + + + + + + + + CVE-2021-28165 on Ubuntu 20.04 (focal) - untriaged. + In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28165.html + https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w + + + + + + + + + + CVE-2021-28166 on Ubuntu 20.04 (focal) - medium. + In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-07 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986701 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28166.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608 + + + + + + + + + + CVE-2021-28169 on Ubuntu 20.04 (focal) - medium. + For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28169.html + https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq + + + + + + + + + + CVE-2021-28210 on Ubuntu 20.04 (focal) - medium. + An unlimited recursion in DxeCore in EDK II. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 16:15:00 UTC + 2021-03-16 00:00:00 UTC + mdeslaur + Laszlo Ersek + https://bugzilla.tianocore.org/show_bug.cgi?id=1743 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28210.html + https://github.com/tianocore/edk2/pull/1137 + https://ubuntu.com/security/notices/USN-4923-1 + + + + + + + + + + CVE-2021-28211 on Ubuntu 20.04 (focal) - medium. + A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 16:15:00 UTC + 2021-03-16 00:00:00 UTC + mdeslaur + Satoshi Tanda + https://bugzilla.tianocore.org/show_bug.cgi?id=1816 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28211.html + https://github.com/tianocore/edk2/pull/1138 + https://ubuntu.com/security/notices/USN-4923-1 + + + + + + + + + + CVE-2021-28213 on Ubuntu 20.04 (focal) - medium. + Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 16:15:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=1866 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28213.html + + + + mdeslaur> as of 2021-06-15, upstream bug is private + + + + + + + + + CVE-2021-28300 on Ubuntu 20.04 (focal) - medium. + NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-14 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28300.html + https://github.com/gpac/gpac/issues/1702 + + + + + + + + + + CVE-2021-28302 on Ubuntu 20.04 (focal) - medium. + A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-12 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28302.html + https://github.com/pupnp/pupnp/issues/249 + + + + + + + + + + CVE-2021-28374 on Ubuntu 20.04 (focal) - medium. + The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-15 05:15:00 UTC + PICCORO McKAY Lenz + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984810 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28374.html + https://bugs.debian.org/984810 + + + + + + + + + + CVE-2021-28375 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. It was discovered that the fastrpc driver in the Linux kernel did not prevent user space applications from sending kernel RPC messages. A local attacker could possibly use this to gain elevated privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-15 05:15:00 UTC + 2021-03-15 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28375.html + https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6 (5.12-rc3) + https://lore.kernel.org/stable/YD03ew7+6v0XPh6l@kroah.com + https://ubuntu.com/security/notices/USN-4911-1 + https://ubuntu.com/security/notices/USN-4945-1 + https://ubuntu.com/security/notices/USN-4947-1 + https://ubuntu.com/security/notices/USN-4949-1 + https://ubuntu.com/security/notices/USN-4945-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28651 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 12:15:00 UTC + 2021-05-27 12:15:00 UTC + mdeslaur + Joshua Rogers + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988893 + https://bugs.squid-cache.org/show_bug.cgi?id=5104 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28651.html + https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4 + https://ubuntu.com/security/notices/USN-4981-1 + + + + + + + + + + CVE-2021-28652 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 12:15:00 UTC + 2021-05-27 12:15:00 UTC + mdeslaur + Joshua Rogers + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988892 + https://bugs.squid-cache.org/show_bug.cgi?id=5106 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28652.html + https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 + https://ubuntu.com/security/notices/USN-4981-1 + + + + mdeslaur> this issue only affects the Cache Manager, which is usually mdeslaur> restricted to trusted clients only. mdeslaur> The patch is intrusive to backport to 3.x versions, so we will mdeslaur> not be fixing this issue in older releases. We recommend setting mdeslaur> appropriate access control to limit connections from trusted mdeslaur> clients. + + + + + + + + + CVE-2021-28657 on Ubuntu 20.04 (focal) - medium. + A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28657.html + https://www.openwall.com/lists/oss-security/2021/03/30/3 + https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E + + + + + + + + + + CVE-2021-28658 on Ubuntu 20.04 (focal) - low. + In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 15:15:00 UTC + 2021-04-06 08:00:00 UTC + mdeslaur + Dennis Brinkrolf + 2021-04-06 08:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28658.html + https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ + https://ubuntu.com/security/notices/USN-4902-1 + + + + + + + + + + CVE-2021-28660 on Ubuntu 20.04 (focal) - medium. + rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-17 15:15:00 UTC + 2021-03-17 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28660.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7 + https://ubuntu.com/security/notices/USN-4945-1 + https://ubuntu.com/security/notices/USN-4945-2 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28662 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 12:15:00 UTC + 2021-05-27 12:15:00 UTC + mdeslaur + Joshua Rogers + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988891 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28662.html + https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h + https://ubuntu.com/security/notices/USN-4981-1 + + + + mdeslaur> per upstream, all Squid older than 4.0 are not vulnerable. + + + + + + + + + CVE-2021-28675 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 15:15:00 UTC + 2021-05-10 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28675.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin + https://ubuntu.com/security/notices/USN-4963-1 + + + + + + + + + + + + + CVE-2021-28676 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 16:15:00 UTC + 2021-05-10 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28676.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos + https://ubuntu.com/security/notices/USN-4963-1 + + + + + + + + + + + + + CVE-2021-28677 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 16:15:00 UTC + 2021-05-10 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28677.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open + https://ubuntu.com/security/notices/USN-4963-1 + + + + + + + + + + + + + CVE-2021-28678 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 16:15:00 UTC + 2021-05-10 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28678.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos + https://ubuntu.com/security/notices/USN-4963-1 + + + + + + + + + + + + + CVE-2021-28688 on Ubuntu 20.04 (focal) - low. + The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. It was discovered that the Xen paravirtualization backend in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 19:15:00 UTC + 2021-04-06 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28688.html + https://xenbits.xen.org/xsa/advisory-371.html + https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432 + https://ubuntu.com/security/notices/USN-4946-1 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28689 on Ubuntu 20.04 (focal) - low. + x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to virtualization. In AMD64, Xen had to use a different implementation approach, so Xen does not use ring 1 to support 64-bit guests. With the focus now being on 64-bit systems, and the availability of explicit hardware support for virtualization, fixing speculation issues in ring 1 is not a priority for processor companies. Indirect Branch Restricted Speculation (IBRS) is an architectural x86 extension put together to combat speculative execution sidechannel attacks, including Spectre v2. It was retrofitted in microcode to existing CPUs. For more details on Spectre v2, see: http://xenbits.xen.org/xsa/advisory-254.html However, IBRS does not architecturally protect ring 0 from predictions learnt in ring 1. For more details, see: https://software.intel.com/security-software-guidance/deep-dives/deep-dive-indirect-branch-restricted-speculation Similar situations may exist with other mitigations for other kinds of speculative execution attacks. The situation is quite likely to be similar for speculative execution attacks which have yet to be discovered, disclosed, or mitigated. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28689.html + https://xenbits.xen.org/xsa/advisory-370.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2021-28690 on Ubuntu 20.04 (focal) - medium. + x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-29 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28690.html + https://xenbits.xen.org/xsa/advisory-377.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2021-28691 on Ubuntu 20.04 (focal) - medium. + Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-29 12:15:00 UTC + 2021-06-29 12:15:00 UTC + Michael Brown + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28691.html + https://xenbits.xen.org/xsa/advisory-374.html + https://ubuntu.com/security/notices/USN-5015-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28692 on Ubuntu 20.04 (focal) - medium. + inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28692.html + https://xenbits.xen.org/xsa/advisory-373.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2021-28693 on Ubuntu 20.04 (focal) - medium. + xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28693.html + https://xenbits.xen.org/xsa/advisory-372.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2021-28831 on Ubuntu 20.04 (focal) - low. + decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 05:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28831.html + + + + + + + + + + CVE-2021-28834 on Ubuntu 20.04 (focal) - medium. + Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28834.html + https://github.com/gettalong/kramdown/compare/REL_2_3_0...REL_2_3_1 + https://github.com/gettalong/kramdown/pull/708 + https://gitlab.com/gitlab-org/gitlab/-/commit/179329b5c3c118924fb242dc449d06b4ed6ccb66 + + + + + + + + + + + + + CVE-2021-28875 on Ubuntu 20.04 (focal) - medium. + In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-11 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28875.html + https://github.com/rust-lang/rust/issues/80894 + https://github.com/rust-lang/rust/pull/80895 + + + + + + + + + + CVE-2021-28876 on Ubuntu 20.04 (focal) - medium. + In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-11 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28876.html + https://github.com/rust-lang/rust/issues/81740 + https://github.com/rust-lang/rust/pull/81741 + + + + + + + + + + CVE-2021-28877 on Ubuntu 20.04 (focal) - medium. + In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-11 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28877.html + https://github.com/rust-lang/rust/pull/80670 + + + + + + + + + + CVE-2021-28878 on Ubuntu 20.04 (focal) - medium. + In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-11 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28878.html + https://github.com/rust-lang/rust/issues/82291 + https://github.com/rust-lang/rust/pull/82292 + + + + + + + + + + CVE-2021-28879 on Ubuntu 20.04 (focal) - medium. + In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-11 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28879.html + https://github.com/rust-lang/rust/issues/82282 + https://github.com/rust-lang/rust/pull/82289 + + + + + + + + + + CVE-2021-28899 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28899.html + http://lists.live555.com/pipermail/live-devel/2021-March/021891.html + + + + + + + + + + CVE-2021-28902 on Ubuntu 20.04 (focal) - low. + In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-20 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28902.html + https://github.com/CESNET/libyang/issues/1454 + + + + + + + + + + CVE-2021-28903 on Ubuntu 20.04 (focal) - low. + A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-20 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28903.html + https://github.com/CESNET/libyang/issues/1453 + + + + sbeattie> fix introduces hard recursion limit + + + + + + + + + CVE-2021-28904 on Ubuntu 20.04 (focal) - low. + In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-20 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28904.html + https://github.com/CESNET/libyang/issues/1451 + + + + + + + + + + CVE-2021-28905 on Ubuntu 20.04 (focal) - low. + In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-20 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28905.html + https://github.com/CESNET/libyang/issues/1452 + + + + + + + + + + CVE-2021-28906 on Ubuntu 20.04 (focal) - low. + In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-20 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28906.html + https://github.com/CESNET/libyang/issues/1455 + + + + + + + + + + CVE-2021-28940 on Ubuntu 20.04 (focal) - medium. + Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28940.html + https://github.com/kellan/magpierss/blob/04d2a88b97fdba5813d01dc0d56c772d97360bb5/extlib/Snoopy.class.inc#L660 + https://pastebin.com/kpzHKKJu + + + + + + + + + + CVE-2021-28941 on Ubuntu 20.04 (focal) - medium. + Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28941.html + https://github.com/kellan/magpierss/blob/04d2a88b97fdba5813d01dc0d56c772d97360bb5/extlib/Snoopy.class.inc#L660 + https://pastebin.com/kpzHKKJu + + + + + + + + + + CVE-2021-28950 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. It was discovered that the fuse user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-20 20:15:00 UTC + 2021-03-20 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28950.html + https://git.kernel.org/linus/775c5033a0d164622d9d10dd0f0a5531639ed3ed + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=775c5033a0d164622d9d10dd0f0a5531639ed3ed + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD/ + https://ubuntu.com/security/notices/USN-4911-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28951 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. It was discovered that the io_uring subsystem in the Linux kernel contained a race condition leading to a deadlock condition. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-20 20:15:00 UTC + 2021-03-20 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28951.html + https://git.kernel.org/linus/3ebba796fa251d042be42b929a2d916ee5c34a49 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3ebba796fa251d042be42b929a2d916ee5c34a49 + https://ubuntu.com/security/notices/USN-4948-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28952 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) John Stultz discovered that the audio driver for Qualcomm SDM845 systems in the Linux kernel did not properly validate port ID numbers. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-20 21:15:00 UTC + 2021-03-20 21:15:00 UTC + John Stultz + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28952.html + https://git.kernel.org/linus/1c668e1c0a0f74472469cd514f40c9012b324c31 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1c668e1c0a0f74472469cd514f40c9012b324c31 + https://lore.kernel.org/alsa-devel/20210309142129.14182-2-srinivas.kandagatla@linaro.org/ + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28963 on Ubuntu 20.04 (focal) - medium. + Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service provider allowed content injection due to allowing attacker-controlled parameters in error or other status pages. An attacker could use this to inject malicious content. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-22 08:15:00 UTC + 2021-03-22 08:15:00 UTC + Toni Huttunen and Fraktal Oy + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985405 + https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp/+bug/1919419 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28963.html + https://shibboleth.net/community/advisories/secadv_20210317.txt + https://issues.shibboleth.net/jira/browse/SSPCPP-922 + https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 + https://bugs.debian.org/985405 + https://www.debian.org/security/2021/dsa-4872 + https://ubuntu.com/security/notices/USN-4925-1 + + + + + + + + + + CVE-2021-28964 on Ubuntu 20.04 (focal) - medium. + A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-22 09:15:00 UTC + 2021-03-22 09:15:00 UTC + Zygo Blaxell + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28964.html + https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbcc7d57bffc0c8cac9dac11bec548597d59a6a5 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28965 on Ubuntu 20.04 (focal) - medium. + The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 07:15:00 UTC + 2021-04-12 00:00:00 UTC + mdeslaur + Juho Nurminen + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986807 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986806 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28965.html + https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ + https://ubuntu.com/security/notices/USN-4922-1 + https://ubuntu.com/security/notices/USN-4922-2 + + + + + + + + + + CVE-2021-28971 on Ubuntu 20.04 (focal) - medium. + In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. Vince Weaver discovered that the perf subsystem in the Linux kernel did not properly handle certain PEBS records properly for some Intel Haswell processors. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-22 17:15:00 UTC + 2021-03-22 17:15:00 UTC + Vince Weaver + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28971.html + https://git.kernel.org/linus/d88d05a9e0b6d9356e97129d4ff9942d765f46ea + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28972 on Ubuntu 20.04 (focal) - medium. + In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-22 17:15:00 UTC + 2021-03-22 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28972.html + https://git.kernel.org/linus/cc7a0bb058b85ea03db87169c60c7cfdd5d34678 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc7a0bb058b85ea03db87169c60c7cfdd5d34678 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-28994 on Ubuntu 20.04 (focal) - untriaged. + kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28994.html + https://www.openwall.com/lists/oss-security/2021/03/19/6 + + + + + + + + + + CVE-2021-29060 on Ubuntu 20.04 (focal) - medium. + A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-21 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29060.html + https://github.com/yetingli/SaveResults/blob/main/js/color-string.js + https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md + https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3 + https://www.npmjs.com/package/color-string + + + + + + + + + + CVE-2021-29063 on Ubuntu 20.04 (focal) - medium. + A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-21 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29063.html + https://github.com/npm/hosted-git-info/pull/76 + https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md + https://github.com/yetingli/SaveResults/blob/main/js/hosted-git-info.js + https://www.npmjs.com/package/hosted-git-info + + + + + + + + + + CVE-2021-29136 on Ubuntu 20.04 (focal) - medium. + Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29136.html + https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v + https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7) + http://www.openwall.com/lists/oss-security/2021/04/06/2 + https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 + + + + + + + + + + CVE-2021-29154 on Ubuntu 20.04 (focal) - high. + BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-04-08 21:15:00 UTC + 2021-04-08 15:30:00 UTC + cascardo + Piotr Krysiuk + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29154.html + https://www.openwall.com/lists/oss-security/2021/04/08/1 + https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098 + https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049 + https://ubuntu.com/security/notices/USN-4912-1 + https://ubuntu.com/security/notices/USN-4916-1 + https://ubuntu.com/security/notices/USN-4917-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29155 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. Piotr Krysiuk and Benedict Schlueter discovered that the eBPF implementation in the Linux kernel performed out of bounds speculation on pointer arithmetic. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-20 16:15:00 UTC + 2021-04-20 16:15:00 UTC + Piotr Krysiuk and Benedict Schlueter + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29155.html + https://www.openwall.com/lists/oss-security/2021/04/18/4 + https://www.kernel.org + https://ubuntu.com/security/notices/USN-4977-1 + https://ubuntu.com/security/notices/USN-4983-1 + https://ubuntu.com/security/notices/USN-4999-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29256 on Ubuntu 20.04 (focal) - medium. + . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29256.html + https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver + + + + seth-arnold> I couldn't find information about this; I just saw the Linux kernel has some files with names that suggest they are related. This may or may not affect Ubuntu's Linux packages. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29264 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. It was discovered that the Freescale Gianfar Ethernet driver for the Linux kernel did not properly handle receive queue overrun when jumbo frames were enabled in some situations. An attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 22:15:00 UTC + 2021-03-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29264.html + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f + https://ubuntu.com/security/notices/USN-4946-1 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4949-1 + https://ubuntu.com/security/notices/USN-4982-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29265 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. It was discovered that the USB/IP driver in the Linux kernel contained race conditions during the update of local and shared status. An attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 22:15:00 UTC + 2021-03-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29265.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9380afd6df70e24eacbdbde33afc6a3950965d22 + https://ubuntu.com/security/notices/USN-4945-1 + https://ubuntu.com/security/notices/USN-4946-1 + https://ubuntu.com/security/notices/USN-4949-1 + https://ubuntu.com/security/notices/USN-4945-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29266 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0. It was discovered that the vDPA backend virtio driver in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 22:15:00 UTC + 2021-03-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29266.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.9 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4949-1 + + + + sbeattie> likely requires write access to /dev/virtio-vdpa-* devices + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29279 on Ubuntu 20.04 (focal) - medium. + There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987323 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29279.html + https://github.com/gpac/gpac/commit/da69ad1f970a7e17c865eaec9af98cc84df10d5b + https://github.com/gpac/gpac/issues/1718 + + + + + + + + + + CVE-2021-29338 on Ubuntu 20.04 (focal) - low. + Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-14 14:15:00 UTC + https://github.com/uclouvain/openjpeg/issues/1338 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29338.html + https://github.com/uclouvain/openjpeg/pull/1346 + + + + mdeslaur> no upstream fix available as of 2021-04-16 sbeattie> fix is being worked in pull request 1346. + + + + + + + + + + + + + + + CVE-2021-29376 on Ubuntu 20.04 (focal) - medium. + ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29376.html + http://www.eterna.com.au/ircii/ + https://www.openwall.com/lists/oss-security/2021/03/24/2 + + + + + + + + + + CVE-2021-29421 on Ubuntu 20.04 (focal) - medium. + models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29421.html + https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a + + + + + + + + + + CVE-2021-29424 on Ubuntu 20.04 (focal) - medium. + The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986135 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29424.html + https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ + https://metacpan.org/changes/distribution/Net-Netmask#L11-22 + https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163 + https://github.com/jmaslak/Net-Netmask/commit/6b60b4eb3e98ee7548c13ecb7cb02c626f948a40 + https://github.com/jmaslak/Net-Netmask/commit/30d82695e32bc3b1615c7cd08d34528252363436 + + + + seth-arnold> blog.urth.org reports many perl modules affected; I don't know if this CVE number applies to something else entirely, all of them, or just one of these packages. + + + + + + + + + + + + CVE-2021-29425 on Ubuntu 20.04 (focal) - medium. + In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-13 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29425.html + https://www.openwall.com/lists/oss-security/2021/04/12/1 + https://issues.apache.org/jira/browse/IO-556 + + + + + + + + + + CVE-2021-29428 on Ubuntu 20.04 (focal) - medium. + In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-13 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29428.html + https://docs.gradle.org/7.0/release-notes.html#security-advisories + https://github.com/gradle/gradle/pull/15240 + https://github.com/gradle/gradle/pull/15654 + https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 + + + + + + + + + + CVE-2021-29447 on Ubuntu 20.04 (focal) - low. + Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-15 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29447.html + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh + https://wordpress.org/news/category/security/ + + + + ebarretto> only an issue when running with php 8. + + + + + + + + + CVE-2021-29450 on Ubuntu 20.04 (focal) - low. + Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-15 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29450.html + https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq + https://wordpress.org/news/category/security/ + + + + ebarretto> only an issue when running with php 8. + + + + + + + + + CVE-2021-29457 on Ubuntu 20.04 (focal) - medium. + Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + 2021-04-19 19:15:00 UTC + leosilva + https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1923479 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29457.html + https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm + https://github.com/Exiv2/exiv2/issues/1529 + https://github.com/Exiv2/exiv2/pull/1534 + https://ubuntu.com/security/notices/USN-4941-1 + + + + + + + + + + CVE-2021-29458 on Ubuntu 20.04 (focal) - medium. + Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + 2021-04-19 19:15:00 UTC + leosilva + https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1923479 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29458.html + https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5 + https://github.com/Exiv2/exiv2/issues/1530 + https://github.com/Exiv2/exiv2/pull/1536 + https://ubuntu.com/security/notices/USN-4941-1 + + + + + + + + + + CVE-2021-29462 on Ubuntu 20.04 (focal) - medium. + The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-20 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987326 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29462.html + https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg + https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4 + https://www.openwall.com/lists/oss-security/2021/04/20/4 + http://www.openwall.com/lists/oss-security/2021/04/20/4 + + + + + + + + + + CVE-2021-29463 on Ubuntu 20.04 (focal) - low. + Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-30 19:15:00 UTC + 2021-04-30 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29463.html + https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr + https://ubuntu.com/security/notices/USN-4964-1 + + + + + + + + + + CVE-2021-29464 on Ubuntu 20.04 (focal) - low. + Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-30 19:15:00 UTC + 2021-04-30 19:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29464.html + https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p + https://ubuntu.com/security/notices/USN-4964-1 + + + + + + + + + + CVE-2021-29469 on Ubuntu 20.04 (focal) - medium. + Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-23 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29469.html + https://github.com/NodeRedis/node-redis/issues/1569 + https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3 + https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e + https://github.com/NodeRedis/node-redis/releases/tag/v3.1.1 + + + + + + + + + + CVE-2021-29470 on Ubuntu 20.04 (focal) - medium. + Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-23 19:15:00 UTC + 2021-04-23 19:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29470.html + https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj + https://github.com/Exiv2/exiv2/pull/1581 + https://ubuntu.com/security/notices/USN-4941-1 + + + + + + + + + + CVE-2021-29471 on Ubuntu 20.04 (focal) - medium. + Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including `event_match`, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events. The issue is patched in version 1.33.2. A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29471.html + https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85 + https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c (v1.33.2) + https://github.com/matrix-org/synapse/releases/tag/v1.33.2 + + + + + + + + + + CVE-2021-29472 on Ubuntu 20.04 (focal) - medium. + Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, e.g. Composer plugins. The main impact is to services passing user input to Composer, including Packagist.org and Private Packagist. This allowed users to trigger remote code execution. The vulnerability has been patched on Packagist.org and Private Packagist within 12h of receiving the initial vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives may also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29472.html + https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx + https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf + https://getcomposer.org/ + + + + + + + + + + CVE-2021-29473 on Ubuntu 20.04 (focal) - medium. + Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-26 19:15:00 UTC + 2021-04-26 19:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987736 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29473.html + https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2 + https://github.com/Exiv2/exiv2/pull/1587 + https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b + https://github.com/Exiv2/exiv2/commit/f0ff11f044b2c8ddf4792415beb91fd815c633a1 + https://github.com/Exiv2/exiv2/security/policy + https://github.com/github/advisory-review/pull/1587 + https://ubuntu.com/security/notices/USN-4964-1 + + + + + + + + + + CVE-2021-29476 on Ubuntu 20.04 (focal) - medium. + Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29476.html + https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54 + https://github.com/rmccue/Requests/pull/421 + https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3 + + + + + + + + + + CVE-2021-29477 on Ubuntu 20.04 (focal) - medium. + Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-04 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988045 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29477.html + https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ + https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9 + https://redis.io/ + https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g + + + + + + + + + + CVE-2021-29478 on Ubuntu 20.04 (focal) - medium. + Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-04 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988045 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29478.html + https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ + https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592 + https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3 + https://redis.io/ + + + + + + + + + + CVE-2021-29488 on Ubuntu 20.04 (focal) - medium. + SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-07 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29488.html + https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp + + + + + + + + + + CVE-2021-29495 on Ubuntu 20.04 (focal) - medium. + Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-07 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29495.html + https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr + + + + + + + + + + CVE-2021-29499 on Ubuntu 20.04 (focal) - medium. + SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade. As a workaround, users passing CreateInfo struct should ensure the `ID` field is generated using a version of `github.com/satori/go.uuid` that is not vulnerable to this issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-07 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29499.html + https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg + + + + + + + + + + CVE-2021-29505 on Ubuntu 20.04 (focal) - medium. + XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29505.html + https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc + + + + + + + + + + CVE-2021-29507 on Ubuntu 20.04 (focal) - medium. + GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29507.html + https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f + + + + + + + + + + CVE-2021-29509 on Ubuntu 20.04 (focal) - medium. + Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29509.html + https://rubygems.org/gems/puma + https://github.com/puma/puma/security/policy + https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5 + + + + + + + + + + CVE-2021-29510 on Ubuntu 20.04 (focal) - medium. + Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patched with fixes available in the following versions: v1.8.2, v1.7.4, v1.6.2. All these versions are available on pypi(https://pypi.org/project/pydantic/#history), and will be available on conda-forge(https://anaconda.org/conda-forge/pydantic) soon. See the changelog(https://pydantic-docs.helpmanual.io/) for details. If you absolutely can't upgrade, you can work around this risk using a validator(https://pydantic-docs.helpmanual.io/usage/validators/) to catch these values. This is not an ideal solution (in particular you'll need a slightly different function for datetimes), instead of a hack like this you should upgrade pydantic. If you are not using v1.8.x, v1.7.x or v1.6.x and are unable to upgrade to a fixed version of pydantic, please create an issue at https://github.com/samuelcolvin/pydantic/issues requesting a back-port, and we will endeavour to release a patch for earlier versions of pydantic. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29510.html + + + + + + + + + + CVE-2021-29623 on Ubuntu 20.04 (focal) - low. + Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 17:15:00 UTC + 2021-05-13 17:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29623.html + https://github.com/Exiv2/exiv2/pull/1627 + https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v + https://ubuntu.com/security/notices/USN-4964-1 + + + + + + + + + + CVE-2021-29625 on Ubuntu 20.04 (focal) - medium. + Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-19 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988886 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29625.html + https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc + https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7 + https://sourceforge.net/p/adminer/bugs-and-features/797/ + + + + + + + + + + CVE-2021-29629 on Ubuntu 20.04 (focal) - medium. + In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29629.html + https://security.FreeBSD.org/advisories/FreeBSD-SA-21:12.libradius.asc + + + + + + + + + + CVE-2021-29646 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. It was discovered that the TIPC protocol implementation in the Linux kernel did not properly validate passed encryption key sizes. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 21:15:00 UTC + 2021-03-30 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29646.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0217ed2848e8538bcf9172d97ed2eeb4a26041bb + https://ubuntu.com/security/notices/USN-4947-1 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4949-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29647 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. It was discovered that the Qualcomm IPC router implementation in the Linux kernel did not properly initialize memory passed to user space. A local attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 21:15:00 UTC + 2021-03-30 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29647.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50535249f624d0072cd885bcdce4e4b6fb770160 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29648 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29648.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29649 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. It was discovered that the BPF user mode driver implementation in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 21:15:00 UTC + 2021-03-30 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29649.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f60a85cad677c4f9bb4cadd764f1d106c38c7cf8 + https://ubuntu.com/security/notices/USN-4948-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29650 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 21:15:00 UTC + 2021-03-30 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29650.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=175e476b8cdf2a4de7432583b49c871345e4f8a1 + https://ubuntu.com/security/notices/USN-4945-1 + https://ubuntu.com/security/notices/USN-4946-1 + https://ubuntu.com/security/notices/USN-4947-1 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4949-1 + https://ubuntu.com/security/notices/USN-4945-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29657 on Ubuntu 20.04 (focal) - medium. + [KVM: SVM: load control fields from VMCB12 before checking them] Felix Wilhelm discovered that the KVM implementation in the Linux kernel for AMD processors contained race conditions on nested VMCB controls. A local attacker in a guest vm could possibly use this to gain elevated privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-03 00:00:00 UTC + 2021-04-03 00:00:00 UTC + Felix Wilhelm + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29657.html + https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134 + https://ubuntu.com/security/notices/USN-4948-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-29662 on Ubuntu 20.04 (focal) - medium. + The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29662.html + https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e + + + + + + + + + + CVE-2021-29921 on Ubuntu 20.04 (focal) - medium. + In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-06 13:15:00 UTC + mdeslaur + https://bugs.python.org/issue36384 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29921.html + https://github.com/python/cpython/pull/25099 + https://sick.codes/sick-2021-014 + https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html + https://github.com/sickcodes + https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md + https://github.com/python/cpython/pull/12577 + https://docs.python.org/3/library/ipaddress.html + https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst + https://ubuntu.com/security/notices/USN-4973-1 + + + + mdeslaur> introduced in v3.8.0a4 + + + + + + + + + + + + CVE-2021-29945 on Ubuntu 20.04 (focal) - medium. + The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-22 14:54:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29945.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29945 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29945 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29945 + https://access.redhat.com/security/cve/CVE-2021-29945 + https://ubuntu.com/security/notices/USN-4926-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29946 on Ubuntu 20.04 (focal) - medium. + Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-22 14:54:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29946.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29946 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29946 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29946 + https://access.redhat.com/security/cve/CVE-2021-29946 + https://ubuntu.com/security/notices/USN-4926-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29947 on Ubuntu 20.04 (focal) - medium. + Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-26 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29947.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29947 + https://ubuntu.com/security/notices/USN-4926-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-29948 on Ubuntu 20.04 (focal) - low. + Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-22 14:54:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29948.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29948 + https://access.redhat.com/security/cve/CVE-2021-29948 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + + + + + + + CVE-2021-29949 on Ubuntu 20.04 (focal) - low. + When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-22 14:54:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29949.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-29949 + https://access.redhat.com/security/cve/CVE-2021-29949 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + + + + + + + CVE-2021-29950 on Ubuntu 20.04 (focal) - low. + Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-04-22 14:54:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29950.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950 + https://access.redhat.com/security/cve/CVE-2021-29950 + https://ubuntu.com/security/notices/USN-4936-1 + + + + + + + + + + CVE-2021-29952 on Ubuntu 20.04 (focal) - medium. + When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-05-07 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29952.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29952 + https://ubuntu.com/security/notices/USN-4942-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29955 on Ubuntu 20.04 (focal) - medium. + A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29955.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-29955 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-29955 + https://www.mozilla.org/security/advisories/mfsa2021-11/ + https://www.mozilla.org/security/advisories/mfsa2021-10/ + https://bugzilla.mozilla.org/show_bug.cgi?id=1692972 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29956 on Ubuntu 20.04 (focal) - medium. + OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-05-28 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29956.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29956 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + + + + + + + CVE-2021-29957 on Ubuntu 20.04 (focal) - medium. + If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-05-28 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29957.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29957 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + + + + + + + CVE-2021-29959 on Ubuntu 20.04 (focal) - medium. + When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-06-02 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29959.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29959 + https://ubuntu.com/security/notices/USN-4978-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29960 on Ubuntu 20.04 (focal) - medium. + Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-06-02 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29960.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29960 + https://ubuntu.com/security/notices/USN-4978-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29961 on Ubuntu 20.04 (focal) - medium. + When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-06-02 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29961.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29961 + https://ubuntu.com/security/notices/USN-4978-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29962 on Ubuntu 20.04 (focal) - medium. + Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29962.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29962 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-29963 on Ubuntu 20.04 (focal) - medium. + Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29963.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29963 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-29964 on Ubuntu 20.04 (focal) - medium. + A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29964.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29964 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-29965 on Ubuntu 20.04 (focal) - medium. + A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29965.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29965 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-29966 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 89. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-06-02 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29966.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29966 + https://ubuntu.com/security/notices/USN-4978-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29967 on Ubuntu 20.04 (focal) - medium. + Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 14:15:00 UTC + 2021-06-02 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29967.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29967 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29967 + https://ubuntu.com/security/notices/USN-4978-1 + https://ubuntu.com/security/notices/USN-4995-1 + https://ubuntu.com/security/notices/USN-4995-2 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29969 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29969.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29969 + + + + + + + + + + CVE-2021-29970 on Ubuntu 20.04 (focal) - medium. + security update + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 00:00:00 UTC + 2021-07-14 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29970.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29970 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29970 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29970 + https://ubuntu.com/security/notices/USN-5011-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29971 on Ubuntu 20.04 (focal) - negligible. + [Unknown description] + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29971.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-29972 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + 2021-07-15 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29972.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29972 + https://ubuntu.com/security/notices/USN-5011-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29973 on Ubuntu 20.04 (focal) - negligible. + [Unknown description] + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29973.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29973 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + CVE-2021-29974 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + 2021-07-15 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29974.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29974 + https://ubuntu.com/security/notices/USN-5011-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29975 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + 2021-07-15 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29975.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29975 + https://ubuntu.com/security/notices/USN-5011-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29976 on Ubuntu 20.04 (focal) - medium. + security update + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 00:00:00 UTC + 2021-07-14 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29976.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29976 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29976 + https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29976 + https://ubuntu.com/security/notices/USN-5011-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-29977 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + 2021-07-15 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29977.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977 + https://ubuntu.com/security/notices/USN-5011-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + + + CVE-2021-30002 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. Arnd Bergmann discovered that the video4linux subsystem in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-02 05:15:00 UTC + 2021-04-02 05:15:00 UTC + Arnd Bergmann + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30002.html + https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899 + https://bugzilla.suse.com/show_bug.cgi?id=1184120 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899 + https://ubuntu.com/security/notices/USN-4945-1 + https://ubuntu.com/security/notices/USN-4946-1 + https://ubuntu.com/security/notices/USN-4947-1 + https://ubuntu.com/security/notices/USN-4945-2 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-30014 on Ubuntu 20.04 (focal) - medium. + There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987323 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30014.html + https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 + https://github.com/gpac/gpac/issues/1721 + + + + + + + + + + CVE-2021-30015 on Ubuntu 20.04 (focal) - medium. + There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987323 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30015.html + https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ec + https://github.com/gpac/gpac/issues/1719 + + + + + + + + + + CVE-2021-30019 on Ubuntu 20.04 (focal) - medium. + In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987323 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30019.html + https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc + https://github.com/gpac/gpac/issues/1723 + + + + + + + + + + CVE-2021-30020 on Ubuntu 20.04 (focal) - medium. + In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987323 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30020.html + https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 + https://github.com/gpac/gpac/issues/1722 + + + + + + + + + + CVE-2021-30022 on Ubuntu 20.04 (focal) - medium. + There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987323 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30022.html + https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 + https://github.com/gpac/gpac/issues/1720 + + + + + + + + + + CVE-2021-30027 on Ubuntu 20.04 (focal) - medium. + md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987799 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30027.html + https://github.com/mity/md4c/issues/155 + https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19 + + + + + + + + + + CVE-2021-30130 on Ubuntu 20.04 (focal) - medium. + phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30130.html + https://github.com/phpseclib/phpseclib/pull/1635 + https://github.com/phpseclib/phpseclib/releases/tag/2.0.31 + https://github.com/phpseclib/phpseclib/releases/tag/3.0.7 + + + + + + + + + + CVE-2021-30145 on Ubuntu 20.04 (focal) - medium. + A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986839 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30145.html + https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b + + + + + + + + + + CVE-2021-30146 on Ubuntu 20.04 (focal) - medium. + Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30146.html + https://github.com/Security-AVS/CVE-2021-30146 + + + + + + + + + + CVE-2021-30147 on Ubuntu 20.04 (focal) - medium. + DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-07 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30147.html + http://dmasoftlab.com/ + https://github.com/1d8/publications/tree/main/cve-2021-30147 + + + + + + + + + + CVE-2021-30151 on Ubuntu 20.04 (focal) - medium. + Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30151.html + https://github.com/mperham/sidekiq/issues/4852 + https://github.com/mperham/sidekiq/commit/2a57abc5e5571369ecc203c95ef21df3c1aa771e + + + + + + + + + + CVE-2021-30152 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-09 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30152.html + https://phabricator.wikimedia.org/T270713 + https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html + https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/27ba9e0ef0c7ec76331fd92bc549bb2c0d60979a + + + + + + + + + + CVE-2021-30154 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30154.html + https://phabricator.wikimedia.org/T278014 + https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/ + + + + + + + + + + CVE-2021-30156 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-09 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30156.html + https://phabricator.wikimedia.org/T276306 + https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/63559cc944efeb514ba9e011c824c3698fb397f2%5E%21/ + + + + + + + + + + CVE-2021-30158 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30158.html + https://phabricator.wikimedia.org/T277009 + https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546 + + + + + + + + + + CVE-2021-30159 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-09 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30159.html + https://phabricator.wikimedia.org/T272386 + https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html + https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/49ce7dd2143d01cffd4dfd2f2af79b2b93672eac%5E%21/ + + + + + + + + + + CVE-2021-30163 on Ubuntu 20.04 (focal) - medium. + Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30163.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2021-30164 on Ubuntu 20.04 (focal) - medium. + Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-06 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30164.html + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2021-30178 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-07 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30178.html + https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=919f4ebc598701670e80e31573a58f1f2d2bf918 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-30184 on Ubuntu 20.04 (focal) - medium. + GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-07 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986801 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30184.html + https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html + https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html + + + + + + + + + + CVE-2021-30199 on Ubuntu 20.04 (focal) - low. + In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987323 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30199.html + https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dca + https://github.com/gpac/gpac/issues/1728 + + + + + + + + + + CVE-2021-30458 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-09 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30458.html + https://phabricator.wikimedia.org/T279451 + https://www.mediawiki.org/wiki/Parsoid + + + + + + + + + + CVE-2021-30465 on Ubuntu 20.04 (focal) - high. + runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 13:15:00 UTC + 2021-05-19 10:00:00 UTC + mdeslaur + Etienne Champetier + 2021-05-19 10:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30465.html + https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r + https://ubuntu.com/security/notices/USN-4960-1 + + + + mdeslaur> 1.0.0-rc94 is also affected + + + + + + + + + CVE-2021-30469 on Ubuntu 20.04 (focal) - medium. + A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30469.html + https://sourceforge.net/p/podofo/tickets/129/ + + + + + + + + + + CVE-2021-30470 on Ubuntu 20.04 (focal) - medium. + A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30470.html + https://sourceforge.net/p/podofo/tickets/130/ + + + + + + + + + + CVE-2021-30471 on Ubuntu 20.04 (focal) - medium. + A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30471.html + https://sourceforge.net/p/podofo/tickets/131/ + + + + + + + + + + CVE-2021-30472 on Ubuntu 20.04 (focal) - medium. + A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30472.html + https://sourceforge.net/p/podofo/tickets/132/ + + + + + + + + + + CVE-2021-30473 on Ubuntu 20.04 (focal) - medium. + aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30473.html + https://aomedia.googlesource.com/aom/+/4efe20e99dcd9b6f8eadc8de8acc825be7416578 + https://bugs.chromium.org/p/aomedia/issues/detail?id=2998 + + + + + + + + + + CVE-2021-30474 on Ubuntu 20.04 (focal) - low. + aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30474.html + https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e + https://bugs.chromium.org/p/aomedia/issues/detail?id=3000 + + + + + + + + + + CVE-2021-30475 on Ubuntu 20.04 (focal) - medium. + aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-04 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30475.html + https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0 + https://bugs.chromium.org/p/aomedia/issues/detail?id=2999 + + + + + + + + + + CVE-2021-30485 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-11 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30485.html + + + + + + + + + + + + + + + + CVE-2021-30498 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + leosilva + https://bugs.launchpad.net/ubuntu/+source/libcaca/+bug/1923273 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30498.html + https://github.com/cacalabs/libcaca/issues/53 + + + + + + + + + + CVE-2021-30499 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 00:15:00 UTC + leosilva + https://bugs.launchpad.net/ubuntu/+source/libcaca/+bug/1923273 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30499.html + https://github.com/cacalabs/libcaca/issues/54 + + + + + + + + + + CVE-2021-30500 on Ubuntu 20.04 (focal) - medium. + Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30500.html + https://github.com/upx/upx/issues/485 + https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc + + + + + + + + + + CVE-2021-30501 on Ubuntu 20.04 (focal) - negligible. + An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30501.html + https://github.com/upx/upx/issues/486 + https://github.com/upx/upx/pull/487 + https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46 + https://bugzilla.redhat.com/show_bug.cgi?id=1948696 + + + + + + + + + + CVE-2021-30547 on Ubuntu 20.04 (focal) - medium. + Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-15 22:15:00 UTC + 2021-06-15 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30547.html + https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-30547 + https://ubuntu.com/security/notices/USN-5011-1 + + + + amurray> The Debian chromium source package is called chromium-browser in Ubuntu mdeslaur> starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap + + + + + + + + + CVE-2021-30639 on Ubuntu 20.04 (focal) - medium. + A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once a non-blocking I/O error occurred, all future requests handled by that request object would fail. Users were able to trigger non-blocking I/O errors, e.g. by dropping a connection, thereby creating the possibility of triggering a DoS. Applications that do not use non-blocking I/O are not exposed to this vulnerability. This issue affects Apache Tomcat 10.0.3 to 10.0.4; 9.0.44; 8.5.64. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-12 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30639.html + https://bz.apache.org/bugzilla/show_bug.cgi?id=65203 + https://github.com/apache/tomcat/commit/8ece47c4a9fb9349e8862c84358a4dd23c643a24 (9.0.45) + https://github.com/apache/tomcat/commit/411caf29ac1c16e6ac291b6e5543b2371dbd25e2 (8.5.65) + https://lists.apache.org/thread.html/rd84fae1f474597bdf358f5bdc0a5c453c507bd527b83e8be6b5ea3f4%40%3Cannounce.tomcat.apache.org%3E + https://lists.apache.org/thread.html/r79a7c019712b39aedf7cf4da9276d80610f04441b2a4f6506cb2daaf@%3Cusers.tomcat.apache.org%3E + https://lists.apache.org/thread.html/r79a7c019712b39aedf7cf4da9276d80610f04441b2a4f6506cb2daaf@%3Cdev.tomcat.apache.org%3E + + + + + + + + + + CVE-2021-30640 on Ubuntu 20.04 (focal) - medium. + A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-12 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30640.html + https://bz.apache.org/bugzilla/show_bug.cgi?id=65224 + https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb (9.0.46) + https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434 (9.0.46) + https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e (9.0.46) + https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56 (9.0.46) + https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862 (9.0.46) + https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43 (9.0.46) + https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0 (9.0.46) + https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945 (9.0.46) + https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c (8.5.66) + https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100 (8.5.66) + https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822 (8.5.66) + https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe (8.5.66) + https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b (8.5.66) + https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972 (8.5.66) + https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38 (8.5.66) + https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375 (8.5.66) + https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E + + + + + + + + + + CVE-2021-30641 on Ubuntu 20.04 (focal) - medium. + Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 07:15:00 UTC + 2021-06-10 07:15:00 UTC + mdeslaur + Christoph Anton Mitterer + https://bugzilla.redhat.com/show_bug.cgi?id=1966743 + https://bz.apache.org/bugzilla/show_bug.cgi?id=65238 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-30641.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 + https://lists.apache.org/thread.html/r2b4773944d83d2799de9fbaeee7fe0f3fd72669467787e02f434cb10@%3Cannounce.httpd.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/06/10/8 + https://ubuntu.com/security/notices/USN-4994-1 + https://ubuntu.com/security/notices/USN-4994-2 + + + + mdeslaur> looks like this was introduced in the patch for CVE-2019-0220, mdeslaur> which was backported to bionic. + + + + + + + + + CVE-2021-3114 on Ubuntu 20.04 (focal) - medium. + In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:16:00 UTC + https://github.com/golang/go/issues/43786 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3114.html + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + CVE-2021-31162 on Ubuntu 20.04 (focal) - medium. + In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-14 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31162.html + https://github.com/rust-lang/rust/issues/83618 + https://github.com/rust-lang/rust/pull/83629 + + + + + + + + + + CVE-2021-3121 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3121.html + https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc + https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 + + + + + + + + + + CVE-2021-31215 on Ubuntu 20.04 (focal) - medium. + SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 06:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988439 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31215.html + https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7) + https://lists.schedmd.com/pipermail/slurm-announce/2021/000055.html + https://www.schedmd.com/news.php?id=248#OPT_248 + + + + + + + + + + CVE-2021-31229 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-15 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31229.html + + + + + + + + + + + + + + + + CVE-2021-31254 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31254.html + https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8 + https://github.com/gpac/gpac/issues/1703 + + + + + + + + + + CVE-2021-31255 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31255.html + https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5 + https://github.com/gpac/gpac/issues/1733 + + + + + + + + + + CVE-2021-31256 on Ubuntu 20.04 (focal) - low. + Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31256.html + https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e + https://github.com/gpac/gpac/issues/1705 + + + + + + + + + + CVE-2021-31257 on Ubuntu 20.04 (focal) - low. + The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31257.html + https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0 + https://github.com/gpac/gpac/issues/1734 + + + + + + + + + + CVE-2021-31258 on Ubuntu 20.04 (focal) - medium. + The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31258.html + https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e + https://github.com/gpac/gpac/issues/1706 + + + + + + + + + + CVE-2021-31259 on Ubuntu 20.04 (focal) - low. + The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31259.html + https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8 + https://github.com/gpac/gpac/issues/1735 + + + + + + + + + + CVE-2021-31260 on Ubuntu 20.04 (focal) - low. + The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31260.html + https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9 + https://github.com/gpac/gpac/issues/1736 + + + + + + + + + + CVE-2021-31261 on Ubuntu 20.04 (focal) - medium. + The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31261.html + https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65 + https://github.com/gpac/gpac/issues/1737 + + + + + + + + + + CVE-2021-31262 on Ubuntu 20.04 (focal) - medium. + The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31262.html + https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50 + https://github.com/gpac/gpac/issues/1738 + + + + + + + + + + CVE-2021-31315 on Ubuntu 20.04 (focal) - medium. + Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988885 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31315.html + https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/ + + + + + + + + + + CVE-2021-31317 on Ubuntu 20.04 (focal) - medium. + Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated sticker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988885 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31317.html + https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion/ + + + + + + + + + + CVE-2021-31318 on Ubuntu 20.04 (focal) - medium. + Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988885 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31318.html + https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/ + + + + + + + + + + CVE-2021-31319 on Ubuntu 20.04 (focal) - medium. + Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988885 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31319.html + https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow/ + + + + + + + + + + CVE-2021-31320 on Ubuntu 20.04 (focal) - medium. + Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim device via a malicious animated sticker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988885 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31320.html + https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow/ + + + + + + + + + + CVE-2021-31321 on Ubuntu 20.04 (focal) - medium. + Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988885 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31321.html + https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/ + + + + + + + + + + CVE-2021-31322 on Ubuntu 20.04 (focal) - medium. + Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988885 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31322.html + https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow/ + + + + + + + + + + CVE-2021-31323 on Ubuntu 20.04 (focal) - medium. + Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988885 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31323.html + https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/ + + + + + + + + + + CVE-2021-31347 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31347.html + + + + + + + + + + + + + + + + CVE-2021-31348 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-16 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31348.html + + + + + + + + + + + + + + + CVE-2021-3139 on Ubuntu 20.04 (focal) - medium. + In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-13 16:15:00 UTC + 2021-01-13 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3139.html + https://www.openwall.com/lists/oss-security/2021/01/13/5 + https://ubuntu.com/security/notices/USN-4707-1 + + + + amurray| Related to CVE-2020-28374 + + + + + + + + + CVE-2021-31440 on Ubuntu 20.04 (focal) - medium. + This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. Manfred Paul discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel contained an out-of-bounds vulnerability. A local attacker could use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 15:15:00 UTC + 2021-05-21 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31440.html + https://git.kernel.org/linus/10bf4e83167cc68595b85fd73bb91e8f2c086e36 + https://www.zerodayinitiative.com/advisories/ZDI-21-503/ + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10bf4e83167cc68595b85fd73bb91e8f2c086e36 + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5001-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-31523 on Ubuntu 20.04 (focal) - medium. + The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-21 19:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987149 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31523.html + https://www.openwall.com/lists/oss-security/2021/04/17/1 + https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 + http://www.openwall.com/lists/oss-security/2021/04/21/3 + + + + + + + + + + CVE-2021-31525 on Ubuntu 20.04 (focal) - low. + net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 13:15:00 UTC + Guido Vranken + https://github.com/golang/go/issues/45710 + https://github.com/golang/go/issues/45711 (1.15 backport) + https://github.com/golang/go/issues/45712 (1.16 backport) + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31525.html + + + + amurray| google-guest-agent contains a vendored copy of golang-golang-x-net + + + + + + + + + + + + + CVE-2021-31535 on Ubuntu 20.04 (focal) - medium. + LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 13:15:00 UTC + 2021-05-18 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31535.html + https://www.openwall.com/lists/oss-security/2021/05/18/2 + https://www.openwall.com/lists/oss-security/2021/05/18/3 + https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt + https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ + https://ubuntu.com/security/notices/USN-4966-1 + https://ubuntu.com/security/notices/USN-4966-2 + + + + + + + + + + CVE-2021-31542 on Ubuntu 20.04 (focal) - medium. + In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-05 15:15:00 UTC + 2021-05-04 09:00:00 UTC + mdeslaur + 2021-05-04 09:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31542.html + https://ubuntu.com/security/notices/USN-4932-1 + https://ubuntu.com/security/notices/USN-4932-2 + + + + + + + + + + CVE-2021-3155 on Ubuntu 20.04 (focal) - medium. + snapd does not enforce that the per-snap user data directory ~/snap/<snap-name> is private. This could expose sensitive secrets or tokens to other local users + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-13 00:00:00 UTC + James Troup + https://bugs.launchpad.net/bugs/1910298 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3155.html + + + + mdeslaur> as of 2021-06-23, patch is still incomplete + + + + + + + + + CVE-2021-31597 on Ubuntu 20.04 (focal) - medium. + The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-23 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31597.html + https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2 + https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt + https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1 + + + + + + + + + + CVE-2021-31598 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-24 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989363 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989364 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31598.html + + + + + + + + + + + + + + + CVE-2021-31615 on Ubuntu 20.04 (focal) - medium. + Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link. When applied against devices establishing or using encrypted links, crafted packets may be used to terminate an existing link, but will not compromise the confidentiality or integrity of the link. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-25 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31615.html + https://bluetooth.com + https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/injectable/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-31684 on Ubuntu 20.04 (focal) - medium. + A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31684.html + https://github.com/netplex/json-smart-v1/issues/10 + https://github.com/netplex/json-smart-v1/pull/11 + https://github.com/netplex/json-smart-v2/issues/67 + https://github.com/netplex/json-smart-v2/pull/68 + + + + + + + + + + CVE-2021-3177 on Ubuntu 20.04 (focal) - medium. + Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-19 06:15:00 UTC + 2021-01-19 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3177.html + https://bugs.python.org/issue42938 + https://github.com/python/cpython/pull/24239 + https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html + https://ubuntu.com/security/notices/USN-4754-1 + https://ubuntu.com/security/notices/USN-4754-2 (regression in python2.7) + https://ubuntu.com/security/notices/USN-4754-4 + https://ubuntu.com/security/notices/USN-4754-3 + + + + mdeslaur> on Ubuntu, binaries are compiled with Fortify Source, so mdeslaur> exploiting this issue will likely only cause Python to crash, mdeslaur> leading to a denial of service. + + + + + + + + + + + + + CVE-2021-3178 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-01-19 07:15:00 UTC + 2021-01-19 07:15:00 UTC + 吴异 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3178.html + https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/ + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51b2ee7d006a736a9126e8111d1f24e4fd0afaa6 + https://ubuntu.com/security/notices/USN-4876-1 + https://ubuntu.com/security/notices/USN-4877-1 + https://ubuntu.com/security/notices/USN-4878-1 + https://ubuntu.com/security/notices/USN-4910-1 + https://ubuntu.com/security/notices/USN-4912-1 + + + + mdeslaur> security relevance is disputed + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-31799 on Ubuntu 20.04 (focal) - medium. + [A command injection vulnerability in RDoc] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31799.html + https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/ + https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e (master) + https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7) + + + + + + + + + + CVE-2021-31800 on Ubuntu 20.04 (focal) - medium. + Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-05 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31800.html + https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f + https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008 + https://github.com/SecureAuthCorp/impacket/releases + https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876 + https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958 + https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485 + + + + + + + + + + CVE-2021-31804 on Ubuntu 20.04 (focal) - medium. + LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-26 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31804.html + https://github.com/leozide/leocad/issues/645 + + + + + + + + + + CVE-2021-31806 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 13:15:00 UTC + 2021-05-27 13:15:00 UTC + mdeslaur + Joshua Rogers + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989043 + https://bugzilla.suse.com/show_bug.cgi?id=1185916 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31806.html + https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf + https://ubuntu.com/security/notices/USN-4981-1 + + + + + + + + + + CVE-2021-31807 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 20:15:00 UTC + 2021-05-28 00:00:00 UTC + mdeslaur + Joshua Rogers + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989043 + https://bugzilla.suse.com/show_bug.cgi?id=1185916 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31807.html + https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf + https://ubuntu.com/security/notices/USN-4981-1 + + + + mdeslaur> same commit as CVE-2021-31806 + + + + + + + + + CVE-2021-31808 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 14:15:00 UTC + 2021-05-27 14:15:00 UTC + mdeslaur + Joshua Rogers + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989043 + https://bugzilla.suse.com/show_bug.cgi?id=1185916 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31808.html + https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf + https://ubuntu.com/security/notices/USN-4981-1 + + + + mdeslaur> same commit as CVE-2021-31806 + + + + + + + + + CVE-2021-31810 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-13 13:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31810.html + https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/ + https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (2.7) + https://hackerone.com/reports/1145454 + + + + leosilva> for xenial, the backport can be kind of intrusive. for now ignoring it. + + + + + + + + + CVE-2021-31811 on Ubuntu 20.04 (focal) - low. + In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31811.html + https://www.openwall.com/lists/oss-security/2021/06/12/2 + https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f71402809baa81548fc20e%40%3Cusers.pdfbox.apache.org%3E + https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f71402809baa81548fc20e@%3Cusers.pdfbox.apache.org%3E + https://lists.apache.org/thread.html/rf937c2236e6c79cdb99f76a70690dd345e53dbe0707cb506a202e43e@%3Cannounce.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/06/12/2 + https://lists.apache.org/thread.html/re0cacd3fb337cdf8469853913ed2b4ddd8f8bfc52ff0ddbe61c1dfba@%3Ccommits.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r179cc3b6822c167702ab35fe36093d5da4c99af44238c8a754c6860f@%3Ccommits.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r2090789e4dcc2c87aacbd87d5f18e2d64dcb9f6eb7c47f5cf7d293cb@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/rfe26bcaba564deb505c32711ba68df7ec589797dcd96ff3389a8aaba@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/rd4b6db6c3b8ab3c70f1c3bbd725a40920896453ffc2744ade6afd9fb@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r143fd8445e0e778f4a85187bd79438630b96b8040e9401751fdb8aea@%3Ccommits.ofbiz.apache.org%3E + + + + + + + + + + + + + CVE-2021-31812 on Ubuntu 20.04 (focal) - low. + In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 10:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31812.html + https://www.openwall.com/lists/oss-security/2021/06/12/1 + https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E + https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e@%3Cusers.pdfbox.apache.org%3E + https://lists.apache.org/thread.html/rf251f6c358087107f8c23473468b279d59d50a75db6b4768165c78d3@%3Cannounce.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/06/12/1 + https://lists.apache.org/thread.html/re0cacd3fb337cdf8469853913ed2b4ddd8f8bfc52ff0ddbe61c1dfba@%3Ccommits.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r179cc3b6822c167702ab35fe36093d5da4c99af44238c8a754c6860f@%3Ccommits.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r2090789e4dcc2c87aacbd87d5f18e2d64dcb9f6eb7c47f5cf7d293cb@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/rfe26bcaba564deb505c32711ba68df7ec589797dcd96ff3389a8aaba@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/rd4b6db6c3b8ab3c70f1c3bbd725a40920896453ffc2744ade6afd9fb@%3Cnotifications.ofbiz.apache.org%3E + https://lists.apache.org/thread.html/r143fd8445e0e778f4a85187bd79438630b96b8040e9401751fdb8aea@%3Ccommits.ofbiz.apache.org%3E + + + + + + + + + + + + + CVE-2021-31826 on Ubuntu 20.04 (focal) - medium. + Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-27 04:15:00 UTC + https://bugs.launchpad.net/bugs/1926250 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987608 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31826.html + https://shibboleth.net/community/advisories/secadv_20210426.txt + https://issues.shibboleth.net/jira/browse/SSPCPP-927 + https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec + https://bugs.debian.org/987608 + https://www.debian.org/security/2021/dsa-4905 + + + + sbeattie> does not affect src:shibboleth-sp2 + + + + + + + + + CVE-2021-31829 on Ubuntu 20.04 (focal) - medium. + kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 16:15:00 UTC + 2021-05-06 16:15:00 UTC + Piotr Krysiuk + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31829.html + https://www.openwall.com/lists/oss-security/2021/05/04/4 + https://ubuntu.com/security/notices/USN-4983-1 + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5018-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3185 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3185.html + https://bugzilla.redhat.com/show_bug.cgi?id=1917192 + https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc + https://www.openwall.com/lists/oss-security/2021/01/20/1 + + + + + + + + + + CVE-2021-31855 on Ubuntu 20.04 (focal) - medium. + KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989438 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31855.html + https://kde.org/info/security/advisory-20210429-1.txt + https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799 + + + + + + + + + + CVE-2021-31863 on Ubuntu 20.04 (focal) - medium. + Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-28 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31863.html + https://www.redmine.org/news/131 + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2021-31864 on Ubuntu 20.04 (focal) - medium. + Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-28 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31864.html + https://www.redmine.org/news/131 + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2021-31865 on Ubuntu 20.04 (focal) - medium. + Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-28 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31865.html + https://www.redmine.org/news/131 + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2021-31866 on Ubuntu 20.04 (focal) - medium. + Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-28 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31866.html + https://www.redmine.org/news/131 + https://www.redmine.org/projects/redmine/wiki/Security_Advisories + + + + + + + + + + CVE-2021-31870 on Ubuntu 20.04 (focal) - low. + An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-30 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31870.html + https://kernel.org/pub/linux/libs/klibc/2.0/ + https://lists.zytor.com/archives/klibc/2021-April/004593.html + + + + mdeslaur> only used in initramfs, doesn't parse untrusted data + + + + + + + + + CVE-2021-31871 on Ubuntu 20.04 (focal) - low. + An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-30 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31871.html + https://kernel.org/pub/linux/libs/klibc/2.0/ + https://lists.zytor.com/archives/klibc/2021-April/004593.html + + + + mdeslaur> only used in initramfs, doesn't parse untrusted data + + + + + + + + + CVE-2021-31872 on Ubuntu 20.04 (focal) - low. + An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-30 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31872.html + https://kernel.org/pub/linux/libs/klibc/2.0/ + https://lists.zytor.com/archives/klibc/2021-April/004593.html + + + + mdeslaur> only used in initramfs, doesn't parse untrusted data + + + + + + + + + CVE-2021-31873 on Ubuntu 20.04 (focal) - low. + An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-30 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31873.html + https://kernel.org/pub/linux/libs/klibc/2.0/ + https://lists.zytor.com/archives/klibc/2021-April/004593.html + + + + mdeslaur> only used in initramfs, doesn't parse untrusted data + + + + + + + + + CVE-2021-31879 on Ubuntu 20.04 (focal) - medium. + GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-29 05:15:00 UTC + https://savannah.gnu.org/bugs/?56909 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31879.html + https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html + + + + mdeslaur> no upstream fix as of 2021-07-05 mdeslaur> also see previous upstream bug from 2019 + + + + + + + + + CVE-2021-31916 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 17:15:00 UTC + 2021-04-30 00:00:00 UTC + Dan Carpenter + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31916.html + https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a + https://www.openwall.com/lists/oss-security/2021/03/28/1 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-31924 on Ubuntu 20.04 (focal) - medium. + Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature verification to be bypassed, so an attacker would still need to physically possess and interact with the YubiKey or another enrolled authenticator. If pam-u2f is configured to require PIN authentication, and the application using pam-u2f allows the user to submit NULL as the PIN, pam-u2f will attempt to perform a FIDO2 authentication without PIN. If this authentication is successful, the PIN requirement is bypassed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31924.html + https://www.yubico.com/support/security-advisories/ysa-2021-03 + https://developers.yubico.com/pam-u2f/ + + + + + + + + + + CVE-2021-31997 on Ubuntu 20.04 (focal) - medium. + a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31997.html + https://bugzilla.suse.com/show_bug.cgi?id=1182407 + + + + + + + + + + CVE-2021-31998 on Ubuntu 20.04 (focal) - medium. + A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-31998.html + https://bugzilla.suse.com/show_bug.cgi?id=1182321 + + + + + + + + + + CVE-2021-3200 on Ubuntu 20.04 (focal) - medium. + Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3200.html + https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/PoC-testcase_read-2334 + https://github.com/openSUSE/libsolv/issues/416 + + + + + + + + + + CVE-2021-32027 on Ubuntu 20.04 (focal) - medium. + A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 14:15:00 UTC + 2021-05-14 + Tom Lane + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32027.html + https://ubuntu.com/security/notices/USN-4972-1 + + + + leosilva> PostgreSQL 9.1 is end of life upstream, and no updates are leosilva> are available. Marking as ignored in precise. leosilva> PostgreSQL 9.3 is end of life upstream, and no updates are leosilva> are available. Marking as deferred in -esm-main releases. + + + + + + + + + CVE-2021-32028 on Ubuntu 20.04 (focal) - medium. + Fix mishandling of “junk” columns in INSERT ... ON CONFLICT ... UPDATE target lists + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 00:00:00 UTC + 2021-05-13 00:00:00 UTC + Andres Freund + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32028.html + https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ + https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f (REL_13_3) + https://ubuntu.com/security/notices/USN-4972-1 + + + + leosilva> PostgreSQL 9.1 is end of life upstream, and no updates are leosilva> are available. Marking as ignored in precise. leosilva> PostgreSQL 9.3 is end of life upstream, and no updates are leosilva> are available. Marking as deferred in -esm-main releases. + + + + + + + + + CVE-2021-32029 on Ubuntu 20.04 (focal) - medium. + Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 00:00:00 UTC + 2021-05-13 00:00:00 UTC + Tom Lane + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32029.html + https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ + https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3 (REL_13_3) + https://ubuntu.com/security/notices/USN-4972-1 + + + + leosilva> PostgreSQL 9.1 is end of life upstream, and no updates are leosilva> are available. Marking as ignored in precise. leosilva> PostgreSQL 9.3 is end of life upstream, and no updates are leosilva> are available. Marking as deferred in -esm-main releases. avital> Affects versions 11 - 13 + + + + + + + + + CVE-2021-32052 on Ubuntu 20.04 (focal) - medium. + In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 16:15:00 UTC + 2021-05-06 16:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988136 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32052.html + https://www.djangoproject.com/weblog/2021/may/06/security-releases/ + https://docs.djangoproject.com/en/3.2/releases/security/ + http://www.openwall.com/lists/oss-security/2021/05/06/1 + https://groups.google.com/forum/#!forum/django-announce + https://ubuntu.com/security/notices/USN-4975-1 + + + + amurray| Requires Python 3.9.5 or greater which is only present in impish+ mdeslaur> Python 3.9.5 is now being backported to focal+, so this now mdeslaur> needs to be fixed + + + + + + + + + CVE-2021-32055 on Ubuntu 20.04 (focal) - low. + Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-05 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988106 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988107 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32055.html + https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5 + https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc + http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html + + + + + + + + + + + + + CVE-2021-32056 on Ubuntu 20.04 (focal) - medium. + Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-10 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32056.html + https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995 + https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released + https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html + https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html + https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released + + + + + + + + + + CVE-2021-32062 on Ubuntu 20.04 (focal) - medium. + MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32062.html + https://github.com/mapserver/mapserver/issues/6313 + https://github.com/MapServer/MapServer/pull/6314 + https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6) + https://github.com/mapserver/mapserver/commit/7db7cbb26b6bc6e651db268e9536836a56e6825a (branch-7-2) + https://github.com/mapserver/mapserver/commit/82a3eb5f6c8f75cedd095b909cc4990f3d8a99e1 (branch-7-0) + https://mapserver.org/development/changelog/changelog-7-6.html + https://mapserver.org/development/changelog/changelog-7-0.html + https://mapserver.org/development/changelog/changelog-7-4.html + https://mapserver.org/development/changelog/changelog-7-2.html + + + + + + + + + + CVE-2021-32066 on Ubuntu 20.04 (focal) - medium. + [A StartTLS stripping vulnerability in Net::IMAP] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32066.html + https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/ + https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (2.7) + + + + + + + + + + CVE-2021-32078 on Ubuntu 20.04 (focal) - negligible. + An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-06-17 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32078.html + https://kirtikumarar.com/CVE-2021-32078.txt + https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1) + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f + https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-32399 on Ubuntu 20.04 (focal) - medium. + net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-10 22:15:00 UTC + 2021-05-10 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32399.html + https://www.openwall.com/lists/oss-security/2021/05/11/2 + https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80 + http://www.openwall.com/lists/oss-security/2021/05/11/2 + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + https://ubuntu.com/security/notices/USN-5018-1 + https://ubuntu.com/security/notices/USN-5016-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-32490 on Ubuntu 20.04 (focal) - medium. + A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 19:15:00 UTC + 2021-05-11 00:00:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1943408 + https://bugzilla.redhat.com/show_bug.cgi?id=1943693 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32490.html + https://ubuntu.com/security/notices/USN-4957-1 + https://ubuntu.com/security/notices/USN-4957-2 + + + + mdeslaur> This is 0003-djvulibre-fedora-Patch8-djvulibre-3.5.27-check-image.patch + + + + + + + + + CVE-2021-32491 on Ubuntu 20.04 (focal) - medium. + A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 19:15:00 UTC + 2021-05-11 00:00:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1943409 + https://bugzilla.redhat.com/show_bug.cgi?id=1943684 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32491.html + https://bugzilla.redhat.com/show_bug.cgi?id=1943409 + https://ubuntu.com/security/notices/USN-4957-1 + https://ubuntu.com/security/notices/USN-4957-2 + + + + mdeslaur> This is 0004-djvulibre-fedora-Patch9-djvulibre-3.5.27-interger-ov.patch + + + + + + + + + CVE-2021-32492 on Ubuntu 20.04 (focal) - low. + A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 19:15:00 UTC + 2021-05-11 00:00:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1943410 + https://bugzilla.redhat.com/show_bug.cgi?id=1943686 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32492.html + https://ubuntu.com/security/notices/USN-4957-1 + https://ubuntu.com/security/notices/USN-4957-2 + + + + mdeslaur> This is 0005-djvulibre-fedora-Patch10-djvulibre-3.5.27-check-inpu.patch + + + + + + + + + CVE-2021-32493 on Ubuntu 20.04 (focal) - medium. + A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 19:15:00 UTC + 2021-05-11 00:00:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1943424 + https://bugzilla.redhat.com/show_bug.cgi?id=1943690 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32493.html + https://ubuntu.com/security/notices/USN-4957-1 + https://ubuntu.com/security/notices/USN-4957-2 + + + + mdeslaur> This is 0007-djvulibre-fedora-Patch12-djvulibre-3.5.27-unsigned-s.patch + + + + + + + + + CVE-2021-32547 on Ubuntu 20.04 (focal) - medium. + It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32547.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32548 on Ubuntu 20.04 (focal) - medium. + It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32548.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32549 on Ubuntu 20.04 (focal) - medium. + It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32549.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32550 on Ubuntu 20.04 (focal) - medium. + It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32550.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32551 on Ubuntu 20.04 (focal) - medium. + It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32551.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32552 on Ubuntu 20.04 (focal) - medium. + It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32552.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32553 on Ubuntu 20.04 (focal) - medium. + It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32553.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32554 on Ubuntu 20.04 (focal) - medium. + It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32554.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32555 on Ubuntu 20.04 (focal) - medium. + It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32555.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32556 on Ubuntu 20.04 (focal) - medium. + It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32556.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32557 on Ubuntu 20.04 (focal) - medium. + It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-12 04:15:00 UTC + 2021-05-25 + mdeslaur + Maik Münch (maik@secfault-security.com)(@fktio) + 2021-05-25 + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32557.html + https://ubuntu.com/security/notices/USN-4965-1 + https://ubuntu.com/security/notices/USN-4965-2 + + + + + + + + + + CVE-2021-32563 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 05:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/thunar/+bug/1931510 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988394 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32563.html + https://www.openwall.com/lists/oss-security/2021/05/09/2 + https://gitlab.xfce.org/xfce/thunar/-/tags + https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b + https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 + http://www.openwall.com/lists/oss-security/2021/05/11/3 + + + + + + + + + + CVE-2021-32565 on Ubuntu 20.04 (focal) - medium. + Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-29 12:15:00 UTC + Mattias Grenfeldt + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990303 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32565.html + https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + https://github.com/apache/trafficserver/pull/7945 (8.1.x) + https://github.com/apache/trafficserver/commit/668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca (master) + https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) + + + + + + + + + + CVE-2021-32566 on Ubuntu 20.04 (focal) - medium. + Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 08:15:00 UTC + Katsutoshi Ikenoya + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990303 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32566.html + https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + https://github.com/apache/trafficserver/pull/7945 (8.1.x) + https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) + https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) + + + + + + + + + + CVE-2021-32567 on Ubuntu 20.04 (focal) - medium. + Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 08:15:00 UTC + Masaori Koshiba + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990303 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32567.html + https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + https://github.com/apache/trafficserver/pull/7945 (8.1.x) + https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) + https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) + + + + + + + + + + CVE-2021-32575 on Ubuntu 20.04 (focal) - medium. + HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32575.html + https://www.hashicorp.com/blog/category/nomad + https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296 + + + + + + + + + + CVE-2021-32606 on Ubuntu 20.04 (focal) - high. + In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.) + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 23:15:00 UTC + Norbert Slusarek + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32606.html + https://www.openwall.com/lists/oss-security/2021/05/11/16 + http://www.openwall.com/lists/oss-security/2021/05/12/1 + https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-32606/cve-2021-32606.md + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-32613 on Ubuntu 20.04 (focal) - medium. + In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-14 13:15:00 UTC + Burak ÇARIKÇI + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32613.html + https://github.com/radareorg/radare2/issues/18679 + https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc + https://bugzilla.redhat.com/show_bug.cgi?id=1959939 + + + + + + + + + + CVE-2021-32614 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By providing a length smaller than 0xCC, memcpy reaches out of the malloc'ed bound. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + Anshunkang Zhou + https://github.com/Lekensteyn/dmg2img/issues/11 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32614.html + + + + + + + + + + CVE-2021-32617 on Ubuntu 20.04 (focal) - low. + Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-17 18:15:00 UTC + 2021-05-17 18:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988731 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32617.html + https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj + https://github.com/Exiv2/exiv2/pull/1657 + https://ubuntu.com/security/notices/USN-4964-1 + + + + + + + + + + CVE-2021-32618 on Ubuntu 20.04 (focal) - low. + The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views (e.g. /login) by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc (network location) as the requesting URL. This check utilizes Pythons urlsplit library. However many browsers are very lenient on the kind of URL they accept and 'fill in the blanks' when presented with a possibly incomplete URL. As a concrete example - setting http://login?next=\\\github.com will pass FS's relative URL check however many browsers will gladly convert this to http://github.com. Thus an attacker could send such a link to an unwitting user, using a legitimate site and have it redirect to whatever site they want. This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute. It is possible for application writers to modify this default behavior by setting the 'autocorrect_location_header=False`. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-17 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32618.html + https://github.com/Flask-Middleware/flask-security/issues/486 + https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-6qmf-fj6m-686c + + + + + + + + + + CVE-2021-32640 on Ubuntu 20.04 (focal) - medium. + ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32640.html + https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693 + https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff + + + + + + + + + + CVE-2021-32642 on Ubuntu 20.04 (focal) - medium. + radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32642.html + https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af + https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner + https://github.com/radsecproxy/radsecproxy/security/advisories/GHSA-56gw-9rj9-55rc + + + + + + + + + + CVE-2021-32693 on Ubuntu 20.04 (focal) - medium. + Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the application could be considered authenticated on the rest of the application. Starting in version 5.3.2, a patch ensures that the authenticated token is only available for the firewall that generates it. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-17 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32693.html + https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728 + https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq + https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129 + https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one + + + + + + + + + + CVE-2021-32718 on Ubuntu 20.04 (focal) - low. + RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-28 15:15:00 UTC + Christian Rellmann + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32718.html + https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 + https://github.com/rabbitmq/rabbitmq-server/pull/3028 + + + + + + + + + + CVE-2021-32719 on Ubuntu 20.04 (focal) - low. + RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-28 16:15:00 UTC + Fahimhusain Raydurg + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32719.html + https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x + https://github.com/rabbitmq/rabbitmq-server/pull/3122 + + + + + + + + + + CVE-2021-32723 on Ubuntu 20.04 (focal) - medium. + Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-28 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32723.html + https://github.com/PrismJS/prism/security/advisories/GHSA-gj77-59wh-66hg + https://github.com/PrismJS/prism/pull/2688 + https://github.com/PrismJS/prism/pull/2774 + + + + + + + + + + CVE-2021-32739 on Ubuntu 20.04 (focal) - medium. + Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32739.html + https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ + https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5 + https://icinga.com/blog/2021/07/02/releasing-icinga-2-12-5-2-11-10/ + + + + + + + + + + CVE-2021-32740 on Ubuntu 20.04 (focal) - low. + Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-06 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990791 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32740.html + https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g + https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76 + https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc + + + + + + + + + + CVE-2021-32743 on Ubuntu 20.04 (focal) - medium. + Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. An attacker who obtains these credentials can impersonate Icinga to these services and add, modify and delete information there. If credentials with more permissions are in use, this increases the impact accordingly. Starting with the 2.11.10 and 2.12.5 releases, these passwords are no longer exposed via the API. As a workaround, API user permissions can be restricted to not allow querying of any affected objects, either by explicitly listing only the required object types for object query permissions, or by applying a filter rule. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32743.html + https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ + https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 + + + + + + + + + + CVE-2021-32746 on Ubuntu 20.04 (focal) - low. + Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the `doc` module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, an administrator may disable the `doc` module or revoke permission to use it from all users. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-12 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991116 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32746.html + https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43 + https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5 + https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3 + https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0 + + + + + + + + + + CVE-2021-32747 on Ubuntu 20.04 (focal) - medium. + Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga 2. These are commonly used to reference secrets in other configurations such as check commands to be able to authenticate with a service being checked. Icinga Web 2 displays these custom variables to logged in users with access to said hosts or services. In order to protect the secrets from being visible to anyone, it's possible to setup protection rules and blacklists in a user's role. Protection rules result in `***` being shown instead of the original value, the key will remain. Backlists will hide a custom variable entirely from the user. Besides using the UI, custom variables can also be accessed differently by using an undocumented URL parameter. By adding a parameter to the affected routes, Icinga Web 2 will show these columns additionally in the respective list. This parameter is also respected when exporting to JSON or CSV. Protection rules and blacklists however have no effect in this case. Custom variables are shown as-is in the result. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, one may set up a restriction to hide hosts and services with the custom variable in question. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-12 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991116 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32747.html + https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx + https://github.com/Icinga/icingaweb2/releases/tag/v2.7.5 + https://github.com/Icinga/icingaweb2/releases/tag/v2.8.3 + https://github.com/Icinga/icingaweb2/releases/tag/v2.9.0 + + + + + + + + + + CVE-2021-32749 on Ubuntu 20.04 (focal) - medium. + fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32749.html + https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm + https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 (0.9) + https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 (0.10, 0.11, 1.0) + https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 + https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 + + + + + + + + + + CVE-2021-32760 on Ubuntu 20.04 (focal) - high. + A bug was found in containerd where pulling and extracting a specially- crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-07-19 12:00:00 PT + 2021-07-19 12:00:00 PT + mdeslaur + 2021-07-19 12:00:00 PT + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32760.html + https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w + https://ubuntu.com/security/notices/USN-5012-1 + + + + + + + + + + CVE-2021-32823 on Ubuntu 20.04 (focal) - medium. + In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32823.html + https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency + https://github.com/rubysec/ruby-advisory-db/issues/476 + https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323 + https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18- + https://rubygems.org/gems/bindata + + + + + + + + + + CVE-2021-3283 on Ubuntu 20.04 (focal) - medium. + HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-01 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3283.html + https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332 + + + + + + + + + + CVE-2021-32917 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32917.html + https://www.openwall.com/lists/oss-security/2021/05/13/1 + https://prosody.im/security/advisory_20210512.txt + https://hg.prosody.im/trunk/rev/65dcc175ef5b + https://blog.prosody.im/prosody-0.11.9-released/ + + + + + + + + + + CVE-2021-32918 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 16:15:00 UTC + Travis Burtrum + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32918.html + https://www.openwall.com/lists/oss-security/2021/05/13/1 + https://prosody.im/security/advisory_20210512.txt + https://hg.prosody.im/trunk/rev/db8e41eb6eff + https://hg.prosody.im/trunk/rev/b0d8920ed5e5 + https://hg.prosody.im/trunk/rev/929de6ade6b6 + https://hg.prosody.im/trunk/rev/63fd4c8465fb + https://hg.prosody.im/trunk/rev/1937b3c3efb5 + https://hg.prosody.im/trunk/rev/3413fea9e6db + https://blog.prosody.im/prosody-0.11.9-released/ + + + + + + + + + + CVE-2021-32919 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32919.html + https://www.openwall.com/lists/oss-security/2021/05/13/1 + https://prosody.im/security/advisory_20210512.txt + https://hg.prosody.im/trunk/rev/6be890ca492e + https://hg.prosody.im/trunk/rev/d0e9ffccdef9 + https://blog.prosody.im/prosody-0.11.9-released/ + + + + + + + + + + CVE-2021-32920 on Ubuntu 20.04 (focal) - medium. + Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 16:15:00 UTC + Kim Alvefur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32920.html + https://www.openwall.com/lists/oss-security/2021/05/13/1 + https://prosody.im/security/advisory_20210512.txt + https://hg.prosody.im/trunk/rev/55ef50d6cf65 + https://hg.prosody.im/trunk/rev/5a484bd050a7 + https://hg.prosody.im/trunk/rev/aaf9c6b6d18d + https://blog.prosody.im/prosody-0.11.9-released/ + + + + + + + + + + CVE-2021-32921 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 16:15:00 UTC + Matthew Wild + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-32921.html + https://www.openwall.com/lists/oss-security/2021/05/13/1 + https://prosody.im/security/advisory_20210512.txt + https://hg.prosody.im/trunk/rev/c98aebe601f9 + https://hg.prosody.im/trunk/rev/13b84682518e + https://hg.prosody.im/trunk/rev/6f56170ea986 + https://blog.prosody.im/prosody-0.11.9-released/ + + + + + + + + + + CVE-2021-33026 on Ubuntu 20.04 (focal) - medium. + The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-13 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33026.html + https://github.com/sh4nks/flask-caching/pull/209 + + + + + + + + + + CVE-2021-33033 on Ubuntu 20.04 (focal) - medium. + The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-14 23:15:00 UTC + 2021-05-14 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33033.html + https://git.kernel.org/linus/ad5d07f4a9cd671233ae20983848874731102c08 + https://git.kernel.org/linus/1165affd484889d4986cf3b724318935a0b120d8 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7 + https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt + https://syzkaller.appspot.com/bug?id=96e7d345748d8814901c91cd92084ed04b46701e + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + sbeattie> looks to be introduced primarily in d7cce01504a0 sbeattie> 1165affd484889d4986cf3b724318935a0b120d8 seems like an unrelated separate issue? + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-33034 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-14 23:15:00 UTC + 2021-05-14 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33034.html + https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3 + https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1 + https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + https://ubuntu.com/security/notices/USN-5018-1 + https://ubuntu.com/security/notices/USN-5016-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-33037 on Ubuntu 20.04 (focal) - medium. + Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-12 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33037.html + https://github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e (9.0.47) + https://github.com/apache/tomcat/commit/05f9e8b00f5d9251fcd3c95dcfd6cf84177f46c8 (9.0.47) + https://github.com/apache/tomcat/commit/a2c3dc4c96168743ac0bab613709a5bbdaec41d0 (9.0.47) + https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67) + https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67) + https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67) + https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E + + + + + + + + + + CVE-2021-33038 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989183 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33038.html + https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa + https://gitlab.com/mailman/hyperkitty/-/issues/380 + + + + + + + + + + CVE-2021-33054 on Ubuntu 20.04 (focal) - medium. + SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-04 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989479 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33054.html + https://www.sogo.nu/news/2021/saml-vulnerability.html + https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html + https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html + https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html + https://github.com/inverse-inc/sogo/blob/master/CHANGELOG.md + https://www.sogo.nu/news.html + + + + + + + + + + CVE-2021-33194 on Ubuntu 20.04 (focal) - medium. + golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 15:15:00 UTC + Andrew Thornton + https://github.com/golang/go/issues/46288 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33194.html + https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ + https://groups.google.com/g/golang-announce/c/wPunbCPkWUg + + + + amurray| google-guest-agent contains a vendored copy of golang-golang-x-net + + + + + + + + + CVE-2021-33195 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33195.html + https://github.com/golang/go/issues/46241 + https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + + + + + + + + + + CVE-2021-33196 on Ubuntu 20.04 (focal) - medium. + [archive/zip: malformed archive may cause panic or memory exhaustion] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-29 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33196.html + https://github.com/golang/go/issues/46242 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912 + + + + + + + + + + CVE-2021-33197 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33197.html + https://github.com/golang/go/issues/46313 + https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + + + + + + + + + + CVE-2021-33198 on Ubuntu 20.04 (focal) - low. + [Unknown description] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33198.html + https://github.com/golang/go/issues/44910 + https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + + + + + + + + + + CVE-2021-33200 on Ubuntu 20.04 (focal) - high. + kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 13:15:00 UTC + 2021-05-27 13:15:00 UTC + cascardo + Piotr Krysiuk + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33200.html + https://www.openwall.com/lists/oss-security/2021/05/27/1 + https://ubuntu.com/security/notices/USN-4983-1 + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5018-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-33203 on Ubuntu 20.04 (focal) - low. + Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 18:15:00 UTC + 2021-06-02 09:00:00 UTC + mdeslaur + Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen + 2021-06-02 09:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33203.html + https://www.djangoproject.com/weblog/2021/jun/02/security-releases/ + https://ubuntu.com/security/notices/USN-4975-1 + https://ubuntu.com/security/notices/USN-4975-2 + + + + + + + + + + CVE-2021-33204 on Ubuntu 20.04 (focal) - medium. + In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-19 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988917 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33204.html + https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3 + https://github.com/pgpartman/pg_partman/compare/v4.5.0...v4.5.1 + + + + + + + + + + CVE-2021-3326 on Ubuntu 20.04 (focal) - low. + The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-27 20:15:00 UTC + Tavis Ormandy + https://sourceware.org/bugzilla/show_bug.cgi?id=27256 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981198 + https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1929105 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3326.html + https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html + + + + + + + + + + CVE-2021-3336 on Ubuntu 20.04 (focal) - medium. + DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-29 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3336.html + https://github.com/wolfSSL/wolfssl/pull/3676 + + + + + + + + + + CVE-2021-3347 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-29 17:15:00 UTC + 2021-01-29 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3347.html + https://www.openwall.com/lists/oss-security/2021/01/29/1 + https://ubuntu.com/security/notices/USN-4878-1 + https://ubuntu.com/security/notices/USN-4884-1 + https://ubuntu.com/security/notices/USN-4907-1 + https://ubuntu.com/security/notices/USN-4910-1 + + + + sbeattie| the commits with no breaks entries are prerequisite fixes for the final patch. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-33477 on Ubuntu 20.04 (focal) - medium. + rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-20 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988763 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33477.html + https://www.openwall.com/lists/oss-security/2021/05/17/1 + https://git.enlightenment.org/apps/eterm.git/log/ + https://www.openwall.com/lists/oss-security/2017/05/01/20 + https://sourceforge.net/projects/rxvt/files/rxvt-dev/ + http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 + https://packetstormsecurity.com/files/162621/rxvt-2.7.0-rxvt-unicode-9.22-Code-Execution.html + https://sourceforge.net/projects/materm/files/mrxvt%20source/ + http://cvs.schmorp.de/rxvt-unicode/Changes?view=log + + + + + + + + + + + + + CVE-2021-33479 on Ubuntu 20.04 (focal) - low. + [stack-based buffer overflow in measure_pitch() in pgm2asc.c] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-29 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33479.html + https://sourceforge.net/p/jocr/bugs/39/ + + + + + + + + + + CVE-2021-3348 on Ubuntu 20.04 (focal) - medium. + nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. It was discovered that the network block device (nbd) driver in the Linux kernel contained a use-after-free vulnerability during device setup. A local attacker with access to the nbd device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-01 04:15:00 UTC + 2021-02-01 04:15:00 UTC + ADLab of venustech + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3348.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b98e762e3d71e893b221f871825dc64694cfb258 + https://www.openwall.com/lists/oss-security/2021/01/28/3 + https://ubuntu.com/security/notices/USN-4884-1 + https://ubuntu.com/security/notices/USN-4907-1 + https://ubuntu.com/security/notices/USN-4909-1 + https://ubuntu.com/security/notices/USN-4910-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-33480 on Ubuntu 20.04 (focal) - low. + [use-after-free in context_correction() in pgm2asc.c] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-29 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33480.html + https://sourceforge.net/p/jocr/bugs/40/ + https://sourceforge.net/p/jocr/bugs/41/ + + + + + + + + + + CVE-2021-33481 on Ubuntu 20.04 (focal) - low. + [stack-based buffer overflow in try_to_divide_boxes() in pgm2asc.c] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-29 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33481.html + https://sourceforge.net/p/jocr/bugs/42/ + + + + + + + + + + CVE-2021-3349 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-01 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3349.html + https://dev.gnupg.org/T4735 + https://gitlab.gnome.org/GNOME/evolution/-/issues/299 + https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html + + + + + + + + + + CVE-2021-33500 on Ubuntu 20.04 (focal) - low. + PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-21 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33500.html + https://docs.ssh-mitm.at/puttydos.html + https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html + https://github.com/ssh-mitm/ssh-mitm-plugins/blob/main/ssh_mitm_plugins/ssh/putty_dos.py + + + + + + + + + + CVE-2021-33502 on Ubuntu 20.04 (focal) - medium. + The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33502.html + https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1 + + + + + + + + + + + + + CVE-2021-33503 on Ubuntu 20.04 (focal) - low. + An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-29 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33503.html + https://github.com/advisories/GHSA-q2q7-5pp4-w6pg + https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec + + + + mdeslaur> the python-pip package bundles python-urllib3 binaries mdeslaur> when built. After updating python-urllib3, a no-change mdeslaur> rebuild of python-pip is required. + + + + + + + + + + + + CVE-2021-33515 on Ubuntu 20.04 (focal) - medium. + The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-28 13:15:00 UTC + 2021-06-21 12:00:00 UTC + mdeslaur + Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences + 2021-06-21 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33515.html + https://dovecot.org/pipermail/dovecot-news/2021-June/000457.html + https://dovecot.org/pipermail/dovecot-news/2021-June/000459.html + https://ubuntu.com/security/notices/USN-4993-1 + + + + mdeslaur> per upstream, this affects 2.3.0-2.3.14 + + + + + + + + + CVE-2021-33516 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 15:15:00 UTC + 2021-05-24 15:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989098 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33516.html + https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 + https://gitlab.gnome.org/GNOME/gupnp/-/issues/24 + https://ubuntu.com/security/notices/USN-4970-1 + + + + + + + + + + CVE-2021-33560 on Ubuntu 20.04 (focal) - low. + Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 11:15:00 UTC + https://dev.gnupg.org/T5328 (not yet public) + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33560.html + + + + + + + + + + CVE-2021-33571 on Ubuntu 20.04 (focal) - medium. + In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 18:15:00 UTC + 2021-06-02 09:00:00 UTC + mdeslaur + 2021-06-02 09:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33571.html + https://www.djangoproject.com/weblog/2021/jun/02/security-releases/ + https://ubuntu.com/security/notices/USN-4975-1 + + + + mdeslaur> Python earlier than 3.8.0 is not vulnerable to CVE-2021-29921, mdeslaur> so django in bionic and earlier do not require fixes + + + + + + + + + CVE-2021-33574 on Ubuntu 20.04 (focal) - low. + The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989147 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33574.html + https://sourceware.org/bugzilla/show_bug.cgi?id=27896 + + + + + + + + + + CVE-2021-33586 on Ubuntu 20.04 (focal) - medium. + InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 05:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989144 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33586.html + https://docs.inspircd.org/security/2021-01/ + https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d + + + + + + + + + + CVE-2021-33587 on Ubuntu 20.04 (focal) - medium. + The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33587.html + https://github.com/fb55/css-what/releases/tag/v5.0.1 + + + + + + + + + + CVE-2021-33620 on Ubuntu 20.04 (focal) - medium. + Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 12:15:00 UTC + 2021-05-28 12:15:00 UTC + mdeslaur + Joshua Rogers + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33620.html + https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f + https://ubuntu.com/security/notices/USN-4981-1 + + + + + + + + + + CVE-2021-33622 on Ubuntu 20.04 (focal) - medium. + Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-15 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33622.html + https://medium.com/sylabs + https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622- + + + + + + + + + + CVE-2021-33623 on Ubuntu 20.04 (focal) - medium. + The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33623.html + https://www.npmjs.com/package/trim-newlines + https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1 + + + + + + + + + + CVE-2021-33624 on Ubuntu 20.04 (focal) - medium. + In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-23 16:15:00 UTC + cascardo + Ofek Kirzner, Adam Morrison, Benedict Schlueter, Piotr Krysiuk + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33624.html + https://www.openwall.com/lists/oss-security/2021/06/21/1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d203b0fd863a2261e5d00b97f3d060c4c2a6db71 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe9a5ca7e370e613a9a75a13008a3845ea759d6e + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9183671af6dbf60a1219371d4ed73e23f43b49db + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=973377ffe8148180b2651825b92ae91988141b05 + + + + amurray| According to the oss-sec post 9183671af6dbf60a1219371d4ed73e23f43b49db is the main patch which is needed but I suspect we should take all 4 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3377 on Ubuntu 20.04 (focal) - medium. + The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-05 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984667 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3377.html + https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf + https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27 + + + + + + + + + + CVE-2021-33813 on Ubuntu 20.04 (focal) - low. + An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-16 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33813.html + https://github.com/hunterhacker/jdom/pull/188 + https://github.com/hunterhacker/jdom/releases + https://alephsecurity.com/vulns/aleph-2021003 + + + + + + + + + + + + + CVE-2021-33833 on Ubuntu 20.04 (focal) - medium. + ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 18:15:00 UTC + Mike Evdokimov + 2021-06-09 08:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33833.html + https://seclists.org/oss-sec/2021/q2/196 + + + + + + + + + + CVE-2021-33880 on Ubuntu 20.04 (focal) - medium. + The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-06 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989561 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33880.html + https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 + + + + + + + + + + CVE-2021-33896 on Ubuntu 20.04 (focal) - medium. + Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-07 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33896.html + https://www.openwall.com/lists/oss-security/2021/06/07/2 + + + + + + + + + + CVE-2021-33909 on Ubuntu 20.04 (focal) - high. + size_t-to-int vulnerability in Linux's filesystem layer It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-07-20 12:00:00 UTC + 2021-07-20 12:00:00 UTC + cascardo + 2021-07-20 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33909.html + https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt + https://www.openwall.com/lists/oss-security/2021/07/20/1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b + https://ubuntu.com/security/notices/USN-5018-1 + https://ubuntu.com/security/notices/USN-5017-1 + https://ubuntu.com/security/notices/USN-5016-1 + https://ubuntu.com/security/notices/USN-5015-1 + https://ubuntu.com/security/notices/USN-5014-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-33910 on Ubuntu 20.04 (focal) - high. + Denial of service (stack exhaustion) in systemd (PID 1) + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-07-20 12:00:00 UTC + 2021-07-20 12:00:00 UTC + mdeslaur + 2021-07-20 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-33910.html + https://ubuntu.com/security/notices/USN-5013-1 + https://ubuntu.com/security/notices/USN-5013-2 + + + + + + + + + + CVE-2021-3392 on Ubuntu 20.04 (focal) - low. + A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 20:15:00 UTC + 2021-03-23 20:15:00 UTC + Cheolwoo Myung + https://bugs.launchpad.net/qemu/+bug/1914236 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3392.html + https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-3402 on Ubuntu 20.04 (focal) - medium. + An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-14 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3402.html + https://www.openwall.com/lists/oss-security/2021/01/29/2 + https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/ + + + + + + + + + + CVE-2021-3403 on Ubuntu 20.04 (focal) - medium. + In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-04 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3403.html + https://github.com/Yeraze/ytnef/issues/85 + + + + + + + + + + CVE-2021-3404 on Ubuntu 20.04 (focal) - medium. + In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-04 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3404.html + https://github.com/Yeraze/ytnef/issues/86 + + + + + + + + + + CVE-2021-3405 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3405.html + https://github.com/Matroska-Org/libebml/issues/74 + + + + + + + + + + CVE-2021-3407 on Ubuntu 20.04 (focal) - medium. + A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3407.html + http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a + https://bugs.ghostscript.com/show_bug.cgi?id=703366 (not public yet) + + + + + + + + + + CVE-2021-3409 on Ubuntu 20.04 (focal) - medium. + The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 21:15:00 UTC + 2021-03-23 21:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1928146 + https://bugs.launchpad.net/qemu/+bug/1909418 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3409.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-02/msg02910.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-02/msg03102.html + https://www.openwall.com/lists/oss-security/2021/03/09/1 + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-3411 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Adam Zabrocki discovered that the kprobes subsystem in the Linux kernel did not properly detect linker padding in some situations. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 20:15:00 UTC + 2021-03-09 20:15:00 UTC + Adam Zabrocki + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3411.html + https://www.openwall.com/lists/oss-security/2021/02/19/6 + https://lore.kernel.org/lkml/20201209215001.GA8593@pi3.com.pl/ + https://lists.openwall.net/linux-kernel/2020/12/11/265 + http://blog.pi3.com.pl/?p=831 + https://ubuntu.com/security/notices/USN-4912-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3416 on Ubuntu 20.04 (focal) - low. + A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-18 20:15:00 UTC + 2021-03-18 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3416.html + https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html + https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html + https://www.openwall.com/lists/oss-security/2021/02/26/1 + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-34183 on Ubuntu 20.04 (focal) - negligible. + ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-06-25 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34183.html + https://github.com/ImageMagick/ImageMagick/issues/3767 + + + + + + + + + + CVE-2021-3420 on Ubuntu 20.04 (focal) - medium. + A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-05 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3420.html + https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e + + + + + + + + + + CVE-2021-3421 on Ubuntu 20.04 (focal) - low. + A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-19 14:15:00 UTC + Demi M. Obenour + https://bugzilla.redhat.com/show_bug.cgi?id=1927747 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985308 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3421.html + + + + seth-arnold> Only debugedit and librpmio9 binary packages are in main, and triaged with view to how they are used in the build process as described in https://bugs.launchpad.net/ubuntu/+source/rpm/+bug/1913871 + + + + + + + + + CVE-2021-3426 on Ubuntu 20.04 (focal) - low. + There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-20 13:15:00 UTC + David Schwörer + https://bugs.python.org/issue42988 + https://bugzilla.redhat.com/show_bug.cgi?id=1935913 + https://bugzilla.redhat.com/show_bug.cgi?id=1917807 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3426.html + https://python-security.readthedocs.io/vuln/pydoc-getfile.html + https://github.com/python/cpython/pull/24337 + https://github.com/python/cpython/pull/24285 + + + + mdeslaur> getfile introduced in 3.2.0 + + + + + + + + + + + + CVE-2021-3428 on Ubuntu 20.04 (focal) - low. + kernel: integer overflow in ext4_es_cache_extent Wolfgang Frisch discovered that the ext4 file system implementation in the Linux kernel contained an integer overflow when handling metadata inode extents. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-15 00:00:00 UTC + 2021-03-15 00:00:00 UTC + Wolfgang Frisch + https://bugzilla.suse.com/show_bug.cgi?id=1173485 + https://bugzilla.redhat.com/show_bug.cgi?id=1936786 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3428.html + https://www.openwall.com/lists/oss-security/2021/03/17/1 + https://www.openwall.com/lists/oss-security/2021/03/17/5 + https://www.openwall.com/lists/oss-security/2021/03/17/13 + https://ubuntu.com/security/notices/USN-4979-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-34363 on Ubuntu 20.04 (focal) - medium. + The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34363.html + https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31) + https://github.com/nvbn/thefuck/pull/1206 + https://vuln.ryotak.me/advisories/48 + https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 + https://github.com/nvbn/thefuck/releases/tag/3.31 + + + + + + + + + + CVE-2021-34428 on Ubuntu 20.04 (focal) - low. + For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-22 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34428.html + https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6 + https://github.com/eclipse/jetty.project/issues/6277 + + + + + + + + + + CVE-2021-3444 on Ubuntu 20.04 (focal) - high. + The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 18:15:00 UTC + 2021-03-23 17:00:00 UTC + cascardo + De4dCr0w of 360 Alpha Lab + 2021-03-23 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3444.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809309163dda2d044d9e94a3c0248a3 + https://www.openwall.com/lists/oss-security/2021/03/23/2 + https://ubuntu.com/security/notices/USN-4887-1 + + + + sbeattie> both f6b1b3bf0d5f681631a293cfe1ca934b81716f1e and 468f6eafa6c4 are needed for a system to be vulnerable. sbeattie> e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 is likely needed as a prerequisite fix as well + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3447 on Ubuntu 20.04 (focal) - medium. + A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 18:15:00 UTC + John Barker, Felix Fontein, and Chen Zhi + https://bugzilla.redhat.com/show_bug.cgi?id=1939349 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3447.html + + + + + + + + + + CVE-2021-3448 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-08 23:15:00 UTC + 2021-04-08 23:15:00 UTC + mdeslaur + Petr Mensik + https://bugzilla.redhat.com/show_bug.cgi?id=1939368 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3448.html + https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html + https://ubuntu.com/security/notices/USN-4976-1 + + + + + + + + + + CVE-2021-34548 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-29 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34548.html + https://blog.torproject.org/node/2041 + https://bugs.torproject.org/tpo/core/tor/40389 + + + + + + + + + + CVE-2021-34549 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-29 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34549.html + https://blog.torproject.org/node/2041 + + + + + + + + + + CVE-2021-34550 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-29 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34550.html + https://blog.torproject.org/node/2041 + + + + + + + + + + CVE-2021-34552 on Ubuntu 20.04 (focal) - medium. + Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-13 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34552.html + https://pillow.readthedocs.io/en/stable/releasenotes/index.html + https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow + + + + + + + + + + + + + CVE-2021-34555 on Ubuntu 20.04 (focal) - low. + OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34555.html + https://github.com/trusteddomainproject/OpenDMARC/issues/179 + https://github.com/trusteddomainproject/OpenDMARC/pull/178 + + + + + + + + + + CVE-2021-34557 on Ubuntu 20.04 (focal) - medium. + XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989508 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34557.html + https://www.openwall.com/lists/oss-security/2021/06/05/1 + https://www.openwall.com/lists/oss-security/2021/06/05/2 + https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch + https://github.com/QubesOS/qubes-issues/issues/6595 + https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt + + + + + + + + + + CVE-2021-34558 on Ubuntu 20.04 (focal) - medium. + The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34558.html + https://github.com/golang/go/issues/47143 + https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x) + https://groups.google.com/g/golang-announce + https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ + https://golang.org/doc/devel/release#go1.16.minor + + + + mdeslaur> Packages built using golang need to be rebuilt once the mdeslaur> vulnerability has been fixed. This CVE entry does not mdeslaur> list packages that need rebuilding outside of the main mdeslaur> repository or the Ubuntu variants with PPA overlays. + + + + + + + + + + + + + CVE-2021-3468 on Ubuntu 20.04 (focal) - medium. + A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 16:15:00 UTC + 2021-06-02 16:15:00 UTC + mdeslaur + Thomas Kremer + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 + https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3468.html + https://ubuntu.com/security/notices/USN-5008-1 + https://ubuntu.com/security/notices/USN-5008-2 + + + + mdeslaur> as of 2021-07-06, the proposed patch has not been commited mdeslaur> upstream + + + + + + + + + CVE-2021-34693 on Ubuntu 20.04 (focal) - low. + net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-14 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34693.html + https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/ + https://www.openwall.com/lists/oss-security/2021/06/15/1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3470 on Ubuntu 20.04 (focal) - medium. + A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3470.html + https://github.com/redis/redis/pull/7963 + https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95 + https://bugzilla.redhat.com/show_bug.cgi?id=1943623 + + + + + + + + + + CVE-2021-3472 on Ubuntu 20.04 (focal) - medium. + A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-26 15:15:00 UTC + 2021-04-13 14:00:00 UTC + mdeslaur + Jan-Niklas Sohn + 2021-04-13 14:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3472.html + https://ubuntu.com/security/notices/USN-4905-1 + https://ubuntu.com/security/notices/USN-4905-2 + + + + mdeslaur> xorg server is actually the xorg-server package mdeslaur> the xorg package only contains docs amurray| Also known as ZDI-CAN-12549 + + + + + + + + + CVE-2021-3474 on Ubuntu 20.04 (focal) - medium. + There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 18:15:00 UTC + 2021-03-30 18:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831 + https://bugzilla.redhat.com/show_bug.cgi?id=1939142 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3474.html + https://ubuntu.com/security/notices/USN-4900-1 + + + + + + + + + + CVE-2021-3475 on Ubuntu 20.04 (focal) - medium. + There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 18:15:00 UTC + 2021-03-30 18:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297 + https://bugzilla.redhat.com/show_bug.cgi?id=1939144 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3475.html + https://ubuntu.com/security/notices/USN-4900-1 + + + + + + + + + + CVE-2021-3476 on Ubuntu 20.04 (focal) - medium. + A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 18:15:00 UTC + 2021-03-30 18:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787 + https://bugzilla.redhat.com/show_bug.cgi?id=1939145 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3476.html + https://ubuntu.com/security/notices/USN-4900-1 + + + + + + + + + + CVE-2021-3477 on Ubuntu 20.04 (focal) - low. + There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-31 14:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956 + https://bugzilla.redhat.com/show_bug.cgi?id=1939159 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3477.html + https://ubuntu.com/security/notices/USN-4900-1 + + + + + + + + + + CVE-2021-3478 on Ubuntu 20.04 (focal) - medium. + There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-31 14:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409 + https://bugzilla.redhat.com/show_bug.cgi?id=1939160 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3478.html + https://ubuntu.com/security/notices/USN-4900-1 + + + + + + + + + + CVE-2021-3479 on Ubuntu 20.04 (focal) - medium. + There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-31 14:15:00 UTC + 2021-03-31 14:15:00 UTC + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370 + https://bugzilla.redhat.com/show_bug.cgi?id=1939149 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3479.html + https://ubuntu.com/security/notices/USN-4900-1 + + + + + + + + + + CVE-2021-3480 on Ubuntu 20.04 (focal) - medium. + A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-20 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3480.html + https://bugzilla.redhat.com/show_bug.cgi?id=1944640 + https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master + + + + sbeattie> + + + + + + + + + CVE-2021-3481 on Ubuntu 20.04 (focal) - low. + Out of bounds read in function QRadialFetchSimd from crafted svg file + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-03 00:00:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1931444 + https://bugreports.qt.io/browse/QTBUG-91507 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3481.html + https://codereview.qt-project.org/c/qt/qtsvg/+/337587 + + + + + + + + + + CVE-2021-34813 on Ubuntu 20.04 (focal) - medium. + Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build configurations. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-16 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34813.html + https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b + https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3 + https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolm + + + + + + + + + + CVE-2021-3482 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-08 23:15:00 UTC + 2021-04-08 23:15:00 UTC + leosilva + https://github.com/Exiv2/exiv2/issues/1522 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3482.html + https://ubuntu.com/security/notices/USN-4941-1 + + + + + + + + + + CVE-2021-34825 on Ubuntu 20.04 (focal) - medium. + Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-17 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-34825.html + https://github.com/quassel/quassel/pull/581 + https://bugs.quassel-irc.org/issues/1728 + + + + + + + + + + CVE-2021-3483 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-17 12:15:00 UTC + 2021-04-07 00:00:00 UTC + 马哲宇 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3483.html + https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915fa + https://www.openwall.com/lists/oss-security/2021/04/07/1 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4979-1 + https://ubuntu.com/security/notices/USN-4982-1 + https://ubuntu.com/security/notices/USN-4984-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3487 on Ubuntu 20.04 (focal) - low. + There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-04-15 14:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=26946 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3487.html + + + + + + + + + + CVE-2021-3489 on Ubuntu 20.04 (focal) - high. + The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1). Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-06-04 02:15:00 UTC + 2021-05-11 17:00:00 +0000 + Cascardo + Ryota Shiga + 2021-05-11 17:00:00 +0000 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3489.html + https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea + https://www.openwall.com/lists/oss-security/2021/05/11/10 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4949-1 + https://ubuntu.com/security/notices/USN-4950-1 + + + + sbeattie> introduced in v5.8-rc1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3490 on Ubuntu 20.04 (focal) - high. + The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1). Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-06-04 02:15:00 UTC + 2021-05-11 17:00:00 +0000 + cascardo + Manfred Paul + 2021-05-11 17:00:00 +0000 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3490.html + https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e + https://www.openwall.com/lists/oss-security/2021/05/11/11 + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4949-1 + https://ubuntu.com/security/notices/USN-4950-1 + + + + sbeattie> introduced in v5.7-rc1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3491 on Ubuntu 20.04 (focal) - high. + The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1). Billy Jheng Bing-Jhong discovered that the io_uring implementation of the Linux kernel did not properly enforce the MAX_RW_COUNT limit in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-06-04 02:15:00 UTC + 2021-05-11 17:00:00 +0000 + cascardo + Billy Jheng Bing-Jhong (@st424204) of STAR Labs working with Trend Micro's Zero Day Initiative + 2021-05-11 17:00:00 +0000 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3491.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db + https://ubuntu.com/security/notices/USN-4948-1 + https://ubuntu.com/security/notices/USN-4949-1 + https://ubuntu.com/security/notices/USN-4950-1 + https://www.openwall.com/lists/oss-security/2021/05/11/13 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3492 on Ubuntu 20.04 (focal) - high. + Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. Vincent Dehors discovered that the shiftfs file system in the Ubuntu Linux kernel did not properly handle faults in copy_from_user() when passing through ioctls to an underlying file system. A local attacker could use this to cause a denial of service (memory exhaustion) or execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-04-17 05:15:00 UTC + 2021-04-15 17:00:00 UTC + cascardo + Vincent Dehors + 2021-04-15 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3492.html + https://ubuntu.com/security/notices/USN-4915-1 + https://ubuntu.com/security/notices/USN-4917-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3493 on Ubuntu 20.04 (focal) - high. + The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-04-17 05:15:00 UTC + 2021-04-15 17:00:00 UTC + cascardo + 2021-04-15 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3493.html + https://ubuntu.com/security/notices/USN-4915-1 + https://ubuntu.com/security/notices/USN-4916-1 + https://ubuntu.com/security/notices/USN-4917-1 + + + + sbeattie> issue is specific to Ubuntu or any other distribution that patched the kernel to allow unprivileged overlay mounts, prior to the 5.11 commit (459c7c565ac36b) that permits it upstream. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3496 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-22 19:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1923538 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3496.html + https://github.com/Matthias-Wandel/jhead/issues/33 + + + + + + + + + + CVE-2021-3500 on Ubuntu 20.04 (focal) - low. + A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-24 19:15:00 UTC + 2021-04-30 00:00:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1943685 + https://bugzilla.redhat.com/show_bug.cgi?id=1943411 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988215 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3500.html + https://ubuntu.com/security/notices/USN-4957-1 + https://ubuntu.com/security/notices/USN-4957-2 + + + + mdeslaur> This is 0006-djvulibre-fedora-Patch11-djvulibre-3.5.27-djvuport-s.patch + + + + + + + + + CVE-2021-3501 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. Reiji Watanabe discovered that the KVM VMX implementation in the Linux kernel did not properly prevent user space from tampering with an array index value, leading to a potential out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 13:15:00 UTC + 2021-05-06 13:15:00 UTC + Reiji Watanabe + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3501.html + https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a + https://ubuntu.com/security/notices/USN-4977-1 + https://ubuntu.com/security/notices/USN-4983-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-35039 on Ubuntu 20.04 (focal) - medium. + kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-07 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35039.html + https://seclists.org/oss-sec/2021/q3/6 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3504 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988024 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3504.html + https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html + https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381 + + + + + + + + + + CVE-2021-3506 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 22:15:00 UTC + 2021-04-19 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3506.html + https://www.openwall.com/lists/oss-security/2021/03/28/2 + https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/ + https://bugzilla.redhat.com/show_bug.cgi?id=1944298 + https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + https://ubuntu.com/security/notices/USN-5016-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3507 on Ubuntu 20.04 (focal) - low. + A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-06 16:15:00 UTC + Alexander Bulekov + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987410 + https://bugzilla.redhat.com/show_bug.cgi?id=1951118 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3507.html + + + + mdeslaur> as of 2021-07-08, there is no upstream patch available + + + + + + + + + CVE-2021-3508 on Ubuntu 20.04 (focal) - medium. + A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-28 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3508.html + https://github.com/enferex/pdfresurrect/issues/17 + https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370 + + + + + + + + + + CVE-2021-3509 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability. Sergey Bobrov discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 00:15:00 UTC + 2021-05-27 00:15:00 UTC + Sergey Bobrov + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3509.html + https://www.openwall.com/lists/oss-security/2021/05/14/4 + https://ubuntu.com/security/notices/USN-4998-1 + + + + mdeslaur> this is fixed in 16.2.4 in hirsute-proposed but has not been mdeslaur> pushed to the security pocket sbeattie> incomplete fix for CVE-2020-27839. + + + + + + + + + CVE-2021-3514 on Ubuntu 20.04 (focal) - medium. + When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3514.html + https://github.com/389ds/389-ds-base/issues/4711 + + + + + + + + + + CVE-2021-3515 on Ubuntu 20.04 (focal) - medium. + A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription(). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3515.html + https://bugzilla.redhat.com/show_bug.cgi?id=1954112 + https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5 + + + + + + + + + + CVE-2021-3516 on Ubuntu 20.04 (focal) - medium. + There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 14:15:00 UTC + 2021-06-01 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3516.html + https://gitlab.gnome.org/GNOME/libxml2/-/issues/230 + https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539 + https://ubuntu.com/security/notices/USN-4991-1 + + + + + + + + + + CVE-2021-3517 on Ubuntu 20.04 (focal) - medium. + There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-19 14:15:00 UTC + 2021-05-19 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3517.html + https://gitlab.gnome.org/GNOME/libxml2/-/issues/235 + https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 + https://ubuntu.com/security/notices/USN-4991-1 + + + + + + + + + + CVE-2021-3518 on Ubuntu 20.04 (focal) - medium. + There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 12:15:00 UTC + 2021-05-18 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3518.html + https://gitlab.gnome.org/GNOME/libxml2/-/issues/237 + https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7 + https://ubuntu.com/security/notices/USN-4991-1 + + + + + + + + + + CVE-2021-35196 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an untrusted project file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-21 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35196.html + https://www.pizzapower.me/2021/06/20/arbitrary-code-execution-in-manuskript-0-12/ + https://github.com/olivierkes/manuskript/issues/891 + + + + + + + + + + CVE-2021-35197 on Ubuntu 20.04 (focal) - low. + In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-02 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35197.html + https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/ + https://phabricator.wikimedia.org/T280226 + + + + + + + + + + CVE-2021-3520 on Ubuntu 20.04 (focal) - medium. + There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 13:15:00 UTC + 2021-04-30 00:00:00 UTC + mdeslaur + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987856 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3520.html + https://github.com/lz4/lz4/pull/972 + https://ubuntu.com/security/notices/USN-4968-1 + https://ubuntu.com/security/notices/USN-4968-2 + + + + + + + + + + CVE-2021-3522 on Ubuntu 20.04 (focal) - medium. + GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 15:15:00 UTC + 2021-04-24 00:00:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3522.html + https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 + https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master) + https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 (1.18.4) + https://gstreamer.freedesktop.org/security/sa-2021-0001.html + https://ubuntu.com/security/notices/USN-4959-1 + + + + + + + + + + CVE-2021-3524 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. Sergey Bobrov discovered that Ceph's RadosGW (Ceph Object Gateway) allowed the injection of HTTP headers in responses to CORS requests. An attacker could use this to violate system integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-17 17:15:00 UTC + 2021-05-17 17:15:00 UTC + Sergey Bobrov + https://bugzilla.redhat.com/show_bug.cgi?id=1951674 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3524.html + https://ubuntu.com/security/notices/USN-4998-1 + + + + mdeslaur> this is fixed in 16.2.4 in hirsute-proposed but has not been mdeslaur> pushed to the security pocket + + + + + + + + + CVE-2021-3527 on Ubuntu 20.04 (focal) - low. + A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + 2021-05-26 22:15:00 UTC + Remy Noel + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3527.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-3531 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. It was discovered that Ceph's RadosGW (Ceph Object Gateway) did not properly handle GET requests for swift URLs in some situations, leading to an application crash. An attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 12:15:00 UTC + 2021-05-18 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3531.html + https://www.openwall.com/lists/oss-security/2021/05/14/5 + https://ubuntu.com/security/notices/USN-4998-1 + + + + mdeslaur> this is fixed in 16.2.4 in hirsute-proposed but has not been mdeslaur> pushed to the security pocket + + + + + + + + + CVE-2021-3532 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3532.html + https://bugzilla.redhat.com/show_bug.cgi?id=1956464 + + + + + + + + + + CVE-2021-3533 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-09 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3533.html + https://bugzilla.redhat.com/show_bug.cgi?id=1956477 + + + + + + + + + + CVE-2021-35331 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated file. NOTE: multiple third parties dispute the significance of this finding. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-07-05 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35331.html + https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2 + https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280 + https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222 + https://sqlite.org/forum/info/7dcd751996c93ec9 + + + + sbeattie> issue is disputed (see github tcl commit) because the format string vuln is in a build helper. + + + + + + + + + CVE-2021-3537 on Ubuntu 20.04 (focal) - medium. + A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-14 20:15:00 UTC + 2021-05-14 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3537.html + https://gitlab.gnome.org/GNOME/libxml2/-/issues/243 + https://gitlab.gnome.org/GNOME/libxml2/-/issues/244 + https://gitlab.gnome.org/GNOME/libxml2/-/issues/245 + https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61 + https://ubuntu.com/security/notices/USN-4991-1 + + + + + + + + + + CVE-2021-3541 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-09 17:15:00 UTC + 2021-05-18 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3541.html + https://bugzilla.redhat.com/show_bug.cgi?id=1950515 + https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e + https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private) + https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/ + https://ubuntu.com/security/notices/USN-4991-1 + + + + avital> Not reproducible in 2.9.4+dfsg1-6.1 and prior + + + + + + + + + CVE-2021-3542 on Ubuntu 20.04 (focal) - low. + Linux kernel: a heap buffer overflow in firedtv driver + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-11 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3542.html + https://seclists.org/oss-sec/2021/q2/46 + https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3543 on Ubuntu 20.04 (focal) - medium. + A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system. Mathias Krause discovered that a null pointer dereference existed in the Nitro Enclaves kernel driver of the Linux kernel. A local attacker could use this issue to cause a denial of service or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 14:15:00 UTC + 2021-06-01 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3543.html + https://git.kernel.org/linus/f1ce3986baa62cffc3c5be156994de87524bab99 + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-5001-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3544 on Ubuntu 20.04 (focal) - low. + Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 14:15:00 UTC + 2021-06-02 14:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1958935 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3544.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01151.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01157.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-3545 on Ubuntu 20.04 (focal) - low. + An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 14:15:00 UTC + 2021-06-02 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3545.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01153.html + https://ubuntu.com/security/notices/USN-5010-1 + + + + mdeslaur> same commits as CVE-2021-3544 + + + + + + + + + CVE-2021-3546 on Ubuntu 20.04 (focal) - medium. + A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 14:15:00 UTC + 2021-06-02 14:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1958978 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3546.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01154.html + https://ubuntu.com/security/notices/USN-5010-1 + + + + mdeslaur> same commits as CVE-2021-3544 + + + + + + + + + CVE-2021-35474 on Ubuntu 20.04 (focal) - medium. + Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 08:15:00 UTC + Masaori Koshiba + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990303 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35474.html + https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + https://github.com/apache/trafficserver/pull/7945 (8.1.x) + https://github.com/apache/trafficserver/commit/5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b (master) + https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) + + + + + + + + + + CVE-2021-3548 on Ubuntu 20.04 (focal) - low. + A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3548.html + https://github.com/Lekensteyn/dmg2img/issues/9 + + + + + + + + + + CVE-2021-3549 on Ubuntu 20.04 (focal) - low. + An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3549.html + https://sourceware.org/bugzilla/show_bug.cgi?id=27294 + https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7 + https://bugzilla.redhat.com/show_bug.cgi?id=1960717 + + + + + + + + + + CVE-2021-3551 on Ubuntu 20.04 (focal) - low. + ML-Date: 2021-06-03 07:07:22, ML-Subject: [RHSA-2021:2235-01] Important: pki-core:10.6 security update + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 07:07:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3551.html + https://bugzilla.redhat.com/show_bug.cgi?id=1959971 + https://rhn.redhat.com/errata/RHSA-2021-2235.html + + + + + + + + + + CVE-2021-35515 on Ubuntu 20.04 (focal) - medium. + When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-13 08:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991041 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35515.html + https://www.openwall.com/lists/oss-security/2021/07/13/1 + https://commons.apache.org/proper/commons-compress/security-reports.html + https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/07/13/1 + + + + + + + + + + CVE-2021-35516 on Ubuntu 20.04 (focal) - medium. + When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-13 08:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991041 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35516.html + https://www.openwall.com/lists/oss-security/2021/07/13/2 + https://commons.apache.org/proper/commons-compress/security-reports.html + https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/07/13/2 + + + + + + + + + + CVE-2021-35517 on Ubuntu 20.04 (focal) - medium. + When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-13 08:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991041 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35517.html + https://www.openwall.com/lists/oss-security/2021/07/13/3 + https://commons.apache.org/proper/commons-compress/security-reports.html + https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/07/13/3 + https://lists.apache.org/thread.html/ra393ffdc7c90a4a37ea023946f390285693795013a642d80fba20203@%3Cannounce.apache.org%3E + https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46@%3Cuser.ant.apache.org%3E + https://lists.apache.org/thread.html/r457b2ed564860996b20d938566fe8bd4bfb7c37be8e205448ccb5975@%3Cannounce.apache.org%3E + + + + + + + + + + CVE-2021-35525 on Ubuntu 20.04 (focal) - low. + PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-28 18:15:00 UTC + Mateusz Jończyk + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990439 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35525.html + https://bugs.gentoo.org/793674 + https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2 + https://github.com/roehling/postsrsd/releases/tag/1.11 + + + + + + + + + + CVE-2021-3559 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-24 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3559.html + https://bugzilla.redhat.com/show_bug.cgi?id=1962306 + + + + mdeslaur> introduced in 6.10.0-rc1, fixed in 7.0.0-rc1 + + + + + + + + + CVE-2021-3560 on Ubuntu 20.04 (focal) - high. + local privilege escalation using polkit_system_bus_name_get_creds_sync() + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 07:00:00 UTC + 2021-06-03 07:00:00 UTC + mdeslaur + Kevin Backhouse + 2021-06-03 07:00:00 UTC + https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 + https://bugzilla.redhat.com/show_bug.cgi?id=1961710 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3560.html + https://ubuntu.com/security/notices/USN-4980-1 + + + + mdeslaur> commit introducing issue was backported to policykit-1 version mdeslaur> in Ubuntu in focal+ + + + + + + + + + CVE-2021-3561 on Ubuntu 20.04 (focal) - low. + An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-26 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3561.html + https://sourceforge.net/p/mcj/tickets/116/ + https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/ + https://bugzilla.redhat.com/show_bug.cgi?id=1955675 + + + + leosilva> shipped fig2dev into transfig for xenial and trusty has not the code affected + + + + + + + + + CVE-2021-3563 on Ubuntu 20.04 (focal) - low. + keystone only verified first 72 characters of secret + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-05-29 00:00:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1962908 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3563.html + + + + mdeslaur> no indication of possible fix from upstream as of 2021-06-01 + + + + + + + + + CVE-2021-3564 on Ubuntu 20.04 (focal) - medium. + A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-08 12:15:00 UTC + 2021-06-08 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3564.html + https://www.openwall.com/lists/oss-security/2021/05/25/1 + https://lore.kernel.org/linux-bluetooth/20210525123902.189012-1-gregkh@linuxfoundation.org/ + https://ubuntu.com/security/notices/USN-5015-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3565 on Ubuntu 20.04 (focal) - medium. + A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-04 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989148 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3565.html + https://bugzilla.redhat.com/show_bug.cgi?id=1964427 + https://github.com/tpm2-software/tpm2-tools/issues/2738 + https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515 + + + + + + + + + + CVE-2021-3567 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-31 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980061 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3567.html + https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060 + https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3 + https://gitlab.gnome.org/GNOME/caribou/-/commit/d41c8e44b12222a290eaca16703406b113a630c6 + + + + + + + + + + CVE-2021-3572 on Ubuntu 20.04 (focal) - low. + [Don&#x27;t split git references on unicode separators #9827] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3572.html + https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1926957 + https://github.com/pypa/pip/pull/9827 + https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e (21.1) + + + + + + + + + + CVE-2021-3573 on Ubuntu 20.04 (focal) - medium. + [UAF vulnerability in function hci_sock_bound_ioctl()] It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-06 13:00:00 UTC + 2021-06-06 13:00:00 UTC + 2021-06-06 13:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3573.html + https://www.openwall.com/lists/oss-security/2021/06/08/2 + https://ubuntu.com/security/notices/USN-5015-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3575 on Ubuntu 20.04 (focal) - low. + heap-buffer-overflow in color.c may lead to DoS + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 00:00:00 UTC + https://github.com/uclouvain/openjpeg/issues/1347 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989775 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3575.html + + + + + + + + + + + + + + + + CVE-2021-3578 on Ubuntu 20.04 (focal) - medium. + [crafted APPENDUID response could cause a heap buffer overflow] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-07 12:00:00 UTC + Lukas Braun + 2021-06-07 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3578.html + https://www.openwall.com/lists/oss-security/2021/06/07/1 + + + + + + + + + + CVE-2021-3580 on Ubuntu 20.04 (focal) - medium. + Remote crash in RSA decryption via manipulated ciphertext + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 00:00:00 UTC + 2021-06-10 00:00:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1967983 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989631 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3580.html + https://ubuntu.com/security/notices/USN-4990-1 + + + + mdeslaur> this fix relies on the RSA refactoring that is required to mdeslaur> fix CVE-2018-16869, which is too intrusive to backport to older mdeslaur> releases + + + + + + + + + CVE-2021-3582 on Ubuntu 20.04 (focal) - medium. + hw/rdma: Fix possible mremap overflow in the pvrdma device + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-18 00:00:00 UTC + 2021-06-18 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3582.html + https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-3583 on Ubuntu 20.04 (focal) - medium. + [Template Injection through yaml multi-line strings with ansible facts used in template] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3583.html + https://bugzilla.redhat.com/show_bug.cgi?id=1968412 + + + + + + + + + + CVE-2021-3587 on Ubuntu 20.04 (focal) - medium. + [nfc: NULL ptr dereference in llcp_sock_getname() after failed connect] It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-31 00:00:00 UTC + 2021-05-31 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3587.html + https://www.openwall.com/lists/oss-security/2021/06/01/1 + https://www.openwall.com/lists/oss-security/2021/06/06/2 + https://www.openwall.com/lists/oss-security/2021/06/08/1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4ac06a1e013cf5fdd963317ffd3b968560f33bba + https://ubuntu.com/security/notices/USN-5015-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3588 on Ubuntu 20.04 (focal) - medium. + The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-10 03:15:00 UTC + 2021-06-10 03:15:00 UTC + mdeslaur + ziming zhang of Ant Security Light-Year Lab + https://github.com/bluez/bluez/issues/70 + https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3588.html + https://ubuntu.com/security/notices/USN-4989-1 + + + + + + + + + + CVE-2021-3592 on Ubuntu 20.04 (focal) - low. + An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-15 21:15:00 UTC + 2021-06-15 21:15:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1970484 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989993 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3592.html + https://ubuntu.com/security/notices/USN-5009-1 + https://ubuntu.com/security/notices/USN-5010-1 + + + + mdeslaur> patches for this introduced a regression that was fixed in 4.6.1 + + + + + + + + + CVE-2021-3593 on Ubuntu 20.04 (focal) - low. + An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-15 21:15:00 UTC + 2021-06-15 21:15:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1970487 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989994 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3593.html + https://ubuntu.com/security/notices/USN-5009-1 + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-35937 on Ubuntu 20.04 (focal) - medium. + [TOCTOU race in checks for unsafe symlinks] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35937.html + https://bugzilla.redhat.com/show_bug.cgi?id=1964125 + + + + seth-arnold> Only debugedit and librpmio9 binary packages are in main, and triaged with view to how they are used in the build process as described in https://bugs.launchpad.net/ubuntu/+source/rpm/+bug/1913871 + + + + + + + + + CVE-2021-35938 on Ubuntu 20.04 (focal) - medium. + [races with chown/chmod/capabilities calls during installation] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35938.html + https://bugzilla.redhat.com/show_bug.cgi?id=1964114 + + + + seth-arnold> Only debugedit and librpmio9 binary packages are in main, and triaged with view to how they are used in the build process as described in https://bugs.launchpad.net/ubuntu/+source/rpm/+bug/1913871 + + + + + + + + + CVE-2021-35939 on Ubuntu 20.04 (focal) - medium. + [checks for unsafe symlinks are not performed for intermediary directories] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35939.html + https://bugzilla.redhat.com/show_bug.cgi?id=1964129 + + + + seth-arnold> Only debugedit and librpmio9 binary packages are in main, and triaged with view to how they are used in the build process as described in https://bugs.launchpad.net/ubuntu/+source/rpm/+bug/1913871 + + + + + + + + + CVE-2021-3594 on Ubuntu 20.04 (focal) - low. + An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-15 21:15:00 UTC + 2021-06-15 21:15:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1970491 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989995 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3594.html + https://ubuntu.com/security/notices/USN-5009-1 + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-35942 on Ubuntu 20.04 (focal) - medium. + [Wild read in wordexp (parse_param)] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-35942.html + https://sourceware.org/bugzilla/show_bug.cgi?id=28011 + https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c + + + + + + + + + + CVE-2021-3595 on Ubuntu 20.04 (focal) - low. + An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-15 21:15:00 UTC + 2021-06-15 21:15:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1970489 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989996 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3595.html + https://ubuntu.com/security/notices/USN-5009-1 + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-3597 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-15 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3597.html + https://bugzilla.redhat.com/show_bug.cgi?id=1970930 + + + + + + + + + + CVE-2021-3598 on Ubuntu 20.04 (focal) - low. + There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-06 15:15:00 UTC + 2021-06-15 00:00:00 UTC + https://github.com/AcademySoftwareFoundation/openexr/issues/1033 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3598.html + https://github.com/AcademySoftwareFoundation/openexr/pull/1037 + https://ubuntu.com/security/notices/USN-4996-1 + https://ubuntu.com/security/notices/USN-4996-2 + + + + + + + + + + CVE-2021-3600 on Ubuntu 20.04 (focal) - high. + It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-06-22 + 2021-06-22 + 2021-06-22 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3600.html + https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 + https://ubuntu.com/security/notices/USN-5003-1 + + + + sbeattie> 4.15 kernels the only ubuntu kernels that have not yet had the fix applied sbeattie> for 4.15 kernels, f6b1b3bf0d5f ("bpf: fix subprog verifier bypass by div/mod by 0 exception") is needed as a prerequisite but introduces CVE-2021-3444 cascardo> Commit f1174f77b50c is also necessary to exploit, and is not present on 4.4 kernels. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3601 on Ubuntu 20.04 (focal) - negligible. + Cert signed by CA with constraint 'CA:FALSE' are considered valid + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2021 Canonical Ltd. + 2021-06-18 00:00:00 UTC + https://github.com/openssl/openssl/issues/5236 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3601.html + + + + mdeslaur> this affects 1.0.2 and earlier only mdeslaur> as of 2019-06-18, upstream will not be fixing this, and no fix mdeslaur> is available + + + + + + + + + CVE-2021-3603 on Ubuntu 20.04 (focal) - medium. + PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-17 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3603.html + https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/ + https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0) + https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 + + + + + + + + + + CVE-2021-3605 on Ubuntu 20.04 (focal) - medium. + Heap buffer overflow in the rleUncompress function + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-17 00:00:00 UTC + 2021-06-17 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3605.html + https://github.com/AcademySoftwareFoundation/openexr/pull/1036 + https://ubuntu.com/security/notices/USN-4996-1 + https://ubuntu.com/security/notices/USN-4996-2 + + + + + + + + + + CVE-2021-3607 on Ubuntu 20.04 (focal) - low. + pvrdma: unchecked malloc size due to integer overflow in init_dev_ring() + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-18 00:00:00 UTC + 2021-06-18 00:00:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1973349 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3607.html + https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-3608 on Ubuntu 20.04 (focal) - low. + pvrdma: uninitialized memory unmap in pvrdma_ring_init() + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-18 00:00:00 UTC + 2021-06-18 00:00:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1973383 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3608.html + https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html + https://ubuntu.com/security/notices/USN-5010-1 + + + + + + + + + + CVE-2021-36081 on Ubuntu 20.04 (focal) - medium. + Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990529 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36081.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml + https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55 + + + + + + + + + + CVE-2021-36082 on Ubuntu 20.04 (focal) - medium. + ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990528 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36082.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml + https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3 + + + + + + + + + + CVE-2021-36083 on Ubuntu 20.04 (focal) - low. + KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990527 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36083.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml + https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f + + + + + + + + + + CVE-2021-36084 on Ubuntu 20.04 (focal) - medium. + The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990526 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36084.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065 + https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml + + + + + + + + + + CVE-2021-36085 on Ubuntu 20.04 (focal) - medium. + The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990526 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36085.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124 + https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml + + + + + + + + + + CVE-2021-36086 on Ubuntu 20.04 (focal) - medium. + The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990526 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36086.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177 + https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml + + + + + + + + + + CVE-2021-36087 on Ubuntu 20.04 (focal) - medium. + The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). NOTE: bad0a746e9f4cf260dedba5828d9645d50176aac is cited in the OSV "fixed" field but does not have a code change. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-01 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990526 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36087.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675 + https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml + + + + + + + + + + CVE-2021-3609 on Ubuntu 20.04 (focal) - high. + [Race condition in net/can/bcm.c leads to local privilege escalation] Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-06-21 00:00:00 UTC + 2021-06-21 00:00:00 UTC + cascardo + Norbert Slusarek + https://launchpad.net/bugs/1932209 + https://launchpad.net/bugs/1931855 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3609.html + https://www.openwall.com/lists/oss-security/2021/06/19/1 + https://lore.kernel.org/netdev/20210619161813.2098382-1-cascardo@canonical.com/T/#u + https://lore.kernel.org/netdev/20210618071532.kr7o2rnx6ia4t6n6@pengutronix.de/T/#t + https://ubuntu.com/security/notices/USN-4997-1 + https://ubuntu.com/security/notices/USN-4999-1 + https://ubuntu.com/security/notices/USN-5000-1 + https://ubuntu.com/security/notices/USN-5001-1 + https://ubuntu.com/security/notices/USN-5002-1 + https://ubuntu.com/security/notices/USN-5003-1 + + + + cascardo> On 4.4 kernels, a CAN device needs to be present. Otherwise, a virtual device cannot be created without manually loading vcan module. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-36090 on Ubuntu 20.04 (focal) - medium. + When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-13 08:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991041 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36090.html + https://www.openwall.com/lists/oss-security/2021/07/13/4 + https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E + https://commons.apache.org/proper/commons-compress/security-reports.html + http://www.openwall.com/lists/oss-security/2021/07/13/4 + https://lists.apache.org/thread.html/r9a23d4dbf4e34d498664080bff59f2893b855eb16dae33e4aa92fa53@%3Cannounce.apache.org%3E + https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38@%3Cuser.ant.apache.org%3E + https://lists.apache.org/thread.html/r0e87177f8e78b4ee453cd4d3d8f4ddec6f10d2c27707dd71e12cafc9@%3Cannounce.apache.org%3E + http://www.openwall.com/lists/oss-security/2021/07/13/6 + + + + + + + + + + CVE-2021-3610 on Ubuntu 20.04 (focal) - medium. + [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-23 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3610.html + https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 + + + + + + + + + + CVE-2021-3611 on Ubuntu 20.04 (focal) - medium. + components for: CVE-2021-3611 QEMU: intel-hda: segmentation fault due to stack overflow + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-22 20:27:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990562 + https://bugs.launchpad.net/qemu/+bug/1907497 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3611.html + https://access.redhat.com/security/cve/CVE-2021-3611 + + + + mdeslaur> introduced in 5.0.0-rc0 by: mdeslaur> https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 mdeslaur> mdeslaur> as of 2021-07-08, there is no fix available from upstream + + + + + + + + + CVE-2021-3612 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-09 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3612.html + https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/T/#u + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-3620 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-28 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3620.html + https://bugzilla.redhat.com/show_bug.cgi?id=1975767 + + + + + + + + + + CVE-2021-3624 on Ubuntu 20.04 (focal) - medium. + [buffer-overflow caused by integer-overflow in foveon_load_camf()] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-29 00:00:00 UTC + Wooseok Kang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3624.html + + + + + + + + + + CVE-2021-3629 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3629.html + https://bugzilla.redhat.com/show_bug.cgi?id=1977362 + + + + + + + + + + CVE-2021-3630 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-30 14:15:00 UTC + 2021-06-30 14:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3630.html + https://sourceforge.net/p/djvu/bugs/302/ + https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/ + https://bugzilla.redhat.com/show_bug.cgi?id=1977427 + https://ubuntu.com/security/notices/USN-5005-1 + + + + + + + + + + CVE-2021-3631 on Ubuntu 20.04 (focal) - low. + [insecure sVirt label generation] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990709 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3631.html + https://gitlab.com/libvirt/libvirt/-/issues/153 + + + + + + + + + + CVE-2021-36367 on Ubuntu 20.04 (focal) - medium. + PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-09 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990901 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36367.html + https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa + https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html + + + + + + + + + + CVE-2021-36373 on Ubuntu 20.04 (focal) - low. + When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36373.html + https://www.openwall.com/lists/oss-security/2021/07/13/5 + https://ant.apache.org/security.html + https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E + + + + + + + + + + CVE-2021-36374 on Ubuntu 20.04 (focal) - low. + When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36374.html + https://www.openwall.com/lists/oss-security/2021/07/13/6 + https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E + https://ant.apache.org/security.html + + + + + + + + + + CVE-2021-36377 on Ubuntu 20.04 (focal) - medium. + Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-12 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36377.html + https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036 + + + + + + + + + + CVE-2021-3638 on Ubuntu 20.04 (focal) - medium. + [ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-15 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3638.html + https://bugzilla.redhat.com/show_bug.cgi?id=1979858 + + + + + + + + + + CVE-2021-3647 on Ubuntu 20.04 (focal) - medium. + URI.js is vulnerable to URL Redirection to Untrusted Site + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-16 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3647.html + https://github.com/medialize/URI.js/commit/ac43ca8f80c042f0256fb551ea5203863dec4481 + https://huntr.dev/bounties/1625558772840-medialize/URI.js + + + + + + + + + + CVE-2021-36740 on Ubuntu 20.04 (focal) - medium. + Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-14 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991040 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36740.html + https://varnish-cache.org/security/VSV00007.html + https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf (6.0.8) + https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be (6.5.2) + https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be + https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf + https://docs.varnish-software.com/security/VSV00007/ + + + + + + + + + + CVE-2021-36980 on Ubuntu 20.04 (focal) - medium. + Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-07-20 07:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991308 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-36980.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 + https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml + https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f + https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3 + https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35 + https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2 + https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575 + https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2 + + + + + + + + + + CVE-2005-1513 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request. It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2005 Canonical Ltd. + 2005-05-11 04:00:00 UTC + 2020-05-24 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2005/CVE-2005-1513.html + https://www.openwall.com/lists/oss-security/2020/05/19/8 + https://www.openwall.com/lists/oss-security/2020/06/16/2 + https://ubuntu.com/security/notices/USN-4556-1 + https://ubuntu.com/security/notices/USN-4621-1 + + + + + + + + + + CVE-2005-1514 on Ubuntu 20.04 (focal) - medium. + commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index. It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2005 Canonical Ltd. + 2005-05-11 04:00:00 UTC + 2020-05-24 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2005/CVE-2005-1514.html + https://www.openwall.com/lists/oss-security/2020/05/19/8 + https://ubuntu.com/security/notices/USN-4556-1 + https://ubuntu.com/security/notices/USN-4621-1 + + + + + + + + + + CVE-2005-1515 on Ubuntu 20.04 (focal) - medium. + Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands. It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2005 Canonical Ltd. + 2005-05-11 04:00:00 UTC + 2020-05-24 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2005/CVE-2005-1515.html + https://www.openwall.com/lists/oss-security/2020/05/19/8 + https://ubuntu.com/security/notices/USN-4556-1 + https://ubuntu.com/security/notices/USN-4621-1 + + + + + + + + + + CVE-2009-4227 on Ubuntu 20.04 (focal) - medium. + Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2009 Canonical Ltd. + 2009-12-08 18:30:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-4227.html + + + + + + + + + + CVE-2011-2716 on Ubuntu 20.04 (focal) - negligible. + The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2012 Canonical Ltd. + 2012-07-03 16:40:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635548 + https://bugs.busybox.net/show_bug.cgi?id=3979 + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2716.html + http://www.openwall.com/lists/oss-security/2011/07/25/3 + + + + mdeslaur> similar to CVE-2011-0997, but for busybox + + + + + + + + + CVE-2011-5325 on Ubuntu 20.04 (focal) - low. + Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-07 17:29:00 UTC + 2017-08-07 + mdeslaur + Tyler Hicks + https://bugs.busybox.net/8411 + https://bugs.busybox.net/show_bug.cgi?id=10941 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802702 + https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1753572 + http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-5325.html + http://openwall.com/lists/oss-security/2015/10/21/4 + https://ubuntu.com/security/notices/USN-3935-1 + + + + mdeslaur> bionic only contains first commit mdeslaur> adding the second commit to bionic introduced a regression in mdeslaur> debootstrep, see LP: #1737662 mdeslaur> new third commit mostly reverses second commit mdeslaur> two new commits are now available that possibly fix further mdeslaur> symlink issues + + + + + + + + + CVE-2012-0862 on Ubuntu 20.04 (focal) - low. + builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2012 Canonical Ltd. + 2012-06-04 20:55:00 UTC + Thomas Swan + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672381 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0862 + https://bugs.launchpad.net/bugs/1016505 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0862.html + http://www.openwall.com/lists/oss-security/2012/05/09/5 + + + + + + + + + + CVE-2012-1088 on Ubuntu 20.04 (focal) - negligible. + iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2014 Canonical Ltd. + 2014-02-15 14:57:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1088.html + + + + tyhicks> Issues are in the configure script and an example script, which doesn't seem to be used anywhere. + + + + + + + + + CVE-2012-2663 on Ubuntu 20.04 (focal) - low. + extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-02-15 14:57:00 UTC + Denys Fedoryshchenko + https://bugzilla.redhat.com/show_bug.cgi?id=826702 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2663.html + http://www.openwall.com/lists/oss-security/2012/05/30/2 + http://www.spinics.net/lists/netfilter-devel/msg21248.html + + + + tyhicks> This is an iptables userspace issue. A kernel CVE may also be assigned, but it will be under a different CVE identifier. mdeslaur> There is no available fix for this issue for iptables, and mdeslaur> changing this would result in an unexpected change in behaviour. mdeslaur> We will not be fixing this in Ubuntu stable releases, marking as mdeslaur> ignored. + + + + + + + + + CVE-2012-4425 on Ubuntu 20.04 (focal) - low. + libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2012 Canonical Ltd. + 2012-09-18 17:55:00 UTC + Sebastian Krahmer + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4425 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689155 + http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4425.html + http://seclists.org/oss-sec/2012/q3/470 + + + + mdeslaur> RedHat has fixed this in spice-gtk itself. mdeslaur> Setting as low, since spice-gtk is probably one of the only mdeslaur> apps to do this. + + + + + + + + + + + + CVE-2013-1429 on Ubuntu 20.04 (focal) - low. + Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-07 22:15:00 UTC + https://bugs.launchpad.net/bugs/1169636 + http://bugs.debian.org/705553 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html + + + + seth-arnold> Since packages can contain arbitrary owners of files, I don't believe the symlink-restriction provides protection here + + + + + + + + + CVE-2013-1813 on Ubuntu 20.04 (focal) - negligible. + util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2013 Canonical Ltd. + 2013-11-23 11:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1813.html + http://www.openwall.com/lists/oss-security/2013/03/03/9 + + + + seth-arnold> "low" because mdev doesn't easily support nested directories + + + + + + + + + CVE-2013-1923 on Ubuntu 20.04 (focal) - low. + rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-01-21 18:55:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=948072 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707401 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1923.html + http://www.openwall.com/lists/oss-security/2013/04/04 + + + + + + + + + + CVE-2013-2124 on Ubuntu 20.04 (focal) - medium. + Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2014 Canonical Ltd. + 2014-05-27 14:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710290 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2124.html + + + + + + + + + + CVE-2013-2596 on Ubuntu 20.04 (focal) - low. + Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2013 Canonical Ltd. + 2013-04-13 02:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2596.html + http://forum.xda-developers.com/showthread.php?t=2255491 + http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b4cbb197c7e7a68dbad0d491242e3ca67420c13e + http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc9bbca8f650e5f738af8806317c0a041a48ae4a + http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 + http://marc.info/?l=linux-kernel&m=136616837923938&w=2 + http://rhn.redhat.com/errata/RHSA-2015-0695.html + http://rhn.redhat.com/errata/RHSA-2015-0782.html + http://rhn.redhat.com/errata/RHSA-2015-0803.html + http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/ + http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/ + http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 + http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 + http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html + https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e + https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a + + + + sbeattie> requires write access to /dev/fb0 and other devices, which is usually on permitted to root and the video group. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2013-4342 on Ubuntu 20.04 (focal) - low. + xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2013 Canonical Ltd. + 2013-10-10 00:55:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4342.html + + + + + + + + + + CVE-2013-4440 on Ubuntu 20.04 (focal) - low. + Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-12-19 15:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726578 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725507 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4440.html + http://www.openwall.com/lists/oss-security/2013/10/16/15 + + + + + + + + + + CVE-2013-4442 on Ubuntu 20.04 (focal) - low. + Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-12-19 15:59:00 UTC + Michael Samuel + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726578 + https://bugs.launchpad.net/ubuntu/+source/pwgen/+bug/1183213 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767008 + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4442.html + http://www.openwall.com/lists/oss-security/2013/10/16/15 + + + + + + + + + + CVE-2013-4577 on Ubuntu 20.04 (focal) - low. + A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2014 Canonical Ltd. + 2014-05-12 14:55:00 UTC + Francesco Poli + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4577.html + http://www.openwall.com/lists/oss-security/2013/11/14 + + + + + + + + + + CVE-2013-7098 on Ubuntu 20.04 (focal) - medium. + OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-13 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7098.html + http://www.infradead.org/openconnect/changelog.html + + + + + + + + + + CVE-2014-5439 on Ubuntu 20.04 (focal) - medium. + Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code. It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-19 16:15:00 UTC + 2019-11-19 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5439.html + http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html + https://ubuntu.com/security/notices/USN-4652-1 + + + + sbeattie> sniffit is not setuid, so this issue only affects configurations where a user is only permitted to run a subset of administrative (e.g. using a sudo configuration that only allows a user to run sniffit). + + + + + + + + + CVE-2014-9621 on Ubuntu 20.04 (focal) - low. + The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-01-21 18:59:00 UTC + 2015-01-21 + Alexander Cherepanov + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9621.html + http://mx.gw.com/pipermail/file/2014/001654.html + https://ubuntu.com/security/notices/USN-3686-1 + + + + mdeslaur> readelf.c not used in php5 mdeslaur> introduced by fix for CVE-2014-9620 + + + + + + + + + CVE-2014-9645 on Ubuntu 20.04 (focal) - low. + The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-12 06:59:00 UTC + 2017-03-12 + mdeslaur + Mathias Krause + https://bugs.busybox.net/show_bug.cgi?id=7652 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776186 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9645.html + https://ubuntu.com/security/notices/USN-3935-1 + + + + + + + + + + CVE-2014-9653 on Ubuntu 20.04 (focal) - low. + readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-03-30 10:59:00 UTC + 2015-03-30 + mdeslaur + Alexander Cherepanov + http://bugs.gw.com/view.php?id=409 + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9653.html + http://mx.gw.com/pipermail/file/2014/001649.html + http://www.openwall.com/lists/oss-security/2015/02/04/13 + https://ubuntu.com/security/notices/USN-3686-1 + + + + tyhicks> readelf.c not used in php5 tyhicks> readelf.c does not use pread() in Precise or Lucid but it looks like short read()'s are still a problem + + + + + + + + + CVE-2014-9862 on Ubuntu 20.04 (focal) - medium. + Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-07-22 02:59:00 UTC + 2016-07-22 02:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9862.html + http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html + https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998 + https://bugs.chromium.org/p/chromium/issues/detail?id=372525 + https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659 + https://support.apple.com/HT206903 + https://ubuntu.com/security/notices/USN-4500-1 + + + + + + + + + + CVE-2014-9913 on Ubuntu 20.04 (focal) - negligible. + Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-01-18 17:59:00 UTC + 2017-01-18 17:59:00 UTC + Martin Carpenter + http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9913.html + http://www.openwall.com/lists/oss-security/2014/11/03/5 + http://openwall.com/lists/oss-security/2016/12/05/20 + https://ubuntu.com/security/notices/USN-4672-1 + + + + tyhicks> In Ubuntu, this is reduced to a DoS thanks to zipinfo being built with -D_FORTIFY_SOURCE=2 tyhicks> See LP: #1643750 for a reproducer + + + + + + + + + CVE-2015-1350 on Ubuntu 20.04 (focal) - low. + The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-05-02 10:59:00 UTC + 2016-05-02 + Ben Harris + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492 + https://launchpad.net/bugs/1415636 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1350.html + https://ubuntu.com/security/notices/USN-3361-1 + https://ubuntu.com/security/notices/USN-4904-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2015-3218 on Ubuntu 20.04 (focal) - low. + The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-10-26 19:59:00 UTC + 2015-10-26 + mdeslaur + Tavis Ormandy + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787932 + https://bugs.freedesktop.org/show_bug.cgi?id=90829 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3218.html + http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html + https://ubuntu.com/security/notices/USN-3717-1 + + + + + + + + + + CVE-2015-4625 on Ubuntu 20.04 (focal) - low. + Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-10-26 19:59:00 UTC + 2015-10-26 + mdeslaur + Tavis Ormandy + https://bugs.freedesktop.org/show_bug.cgi?id=90837 + https://bugs.freedesktop.org/show_bug.cgi?id=90832 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796134 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4625.html + http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html + http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + http://www.openwall.com/lists/oss-security/2015/06/08/3 + https://ubuntu.com/security/notices/USN-3717-1 + + + + + + + + + + CVE-2015-5180 on Ubuntu 20.04 (focal) - low. + res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-27 20:29:00 UTC + 2015-08-10 + Florian Weimer + https://sourceware.org/bugzilla/show_bug.cgi?id=18784 + https://bugzilla.redhat.com/show_bug.cgi?id=1249603 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796106 + https://bugs.launchpad.net/bugs/1674532 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5180.html + https://ubuntu.com/security/notices/USN-3239-1 + https://ubuntu.com/security/notices/USN-3239-2 + + + + tyhicks> See test case in the bug tyhicks> no fix upstream as of 2016-09-09 sbeattie> patch committed upstream on 2016-12-31; renames symbol so backporting may not be easy. sbeattie> commit included in glibc 2.25 release sbeattie> debian fixed this in unstable in 2.24-9 sbeattie> fixing this does indeed break the internal ABI between libnss_dns and libresolv. We're backing out this change. sbeattie> reverted from zesty in 2.24-9ubuntu2 by infinity. sbeattie> For existing releases, DO NOT APPLY THIS PATCH due to ABI breakage. Fix will come in to 17.10 when we get glibc-2.25 as we do not guarantee ABI for libresolv internals across different glibc releases, just for upgrades for same versions e.g. (2.24 -> 2.24) REPEAT: DO NOT APPLY THIS PATCH (UNMODIFIED) IN A STABLE RELEASE mdeslaur> marking this issue as ignored, as we will not be fixing this mdeslaur> in Ubuntu stable releases. + + + + + + + + + CVE-2015-5245 on Ubuntu 20.04 (focal) - low. + CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2015 Canonical Ltd. + 2015-12-03 20:59:00 UTC + http://tracker.ceph.com/issues/12537 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798567 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5245.html + + + + + + + + + + CVE-2015-5602 on Ubuntu 20.04 (focal) - medium. + sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2015 Canonical Ltd. + 2015-11-17 15:59:00 UTC + https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1512781 + https://bugzilla.sudo.ws/show_bug.cgi?id=707 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5602.html + https://www.exploit-db.com/exploits/37710/ + + + + mdeslaur> Backporting the fix for this issue is risky, may introduce mdeslaur> regressions, and will change behaviour for existing users, mdeslaur> possibly preventing them from using their existing mdeslaur> configuration. mdeslaur> mdeslaur> For this reason, we will not be fixing this issue in stable mdeslaur> releases. + + + + + + + + + CVE-2015-6673 on Ubuntu 20.04 (focal) - medium. + Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-20 18:29:00 UTC + 2017-09-20 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-6673.html + http://www.openwall.com/lists/oss-security/2015/08/19/14 + https://sourceforge.net/p/libpgf/code/147/ + https://sourceforge.net/p/libpgf/code/148/ + https://ubuntu.com/security/notices/USN-4554-1 + + + + + + + + + + CVE-2015-8011 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 19:15:00 UTC + 2020-01-28 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8011.html + https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 + http://www.openwall.com/lists/oss-security/2015/10/16/2 + https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000268.html + https://ubuntu.com/security/notices/USN-4691-1 + + + + sbeattie> introduced in 0.5.6 + + + + + + + + + + + + CVE-2015-8629 on Ubuntu 20.04 (focal) - medium. + The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. It was discovered that Kerberos incorrectly handled input strings. A remote authenticated attacker could possibly use this issue to obtain sensitive information or cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-02-13 02:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8629.html + + + + ratliff> use of kadmind by touch and core is not supported + + + + + + + + + CVE-2015-8631 on Ubuntu 20.04 (focal) - medium. + Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. It was discovered that Kerberos incorrectly handled principal names. A remote authenticated attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-02-13 02:59:00 UTC + Simo Sorce + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126 + http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8631.html + + + + ratliff> use of kadmind in core and touch is not supported + + + + + + + + + CVE-2016-0634 on Ubuntu 20.04 (focal) - low. + The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-28 15:29:00 UTC + 2016-09-16 + mdeslaur + Bernd Dietzel + https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0634.html + http://www.openwall.com/lists/oss-security/2016/09/16/8 + https://ubuntu.com/security/notices/USN-3294-1 + + + + + + + + + + CVE-2016-10009 on Ubuntu 20.04 (focal) - low. + Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-05 02:59:00 UTC + 2017-01-04 + mdeslaur + Jann Horn + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848714 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10009.html + https://www.openssh.com/txt/release-7.4 + http://www.openwall.com/lists/oss-security/2016/12/19/2 + https://ubuntu.com/security/notices/USN-3538-1 + + + + + + + + + + CVE-2016-10011 on Ubuntu 20.04 (focal) - low. + authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-05 02:59:00 UTC + 2017-01-04 + mdeslaur + Jann Horn + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848716 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10011.html + https://www.openssh.com/txt/release-7.4 + http://www.openwall.com/lists/oss-security/2016/12/19/2 + https://ubuntu.com/security/notices/USN-3538-1 + + + + + + + + + + CVE-2016-10012 on Ubuntu 20.04 (focal) - low. + The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-05 02:59:00 UTC + 2017-01-04 + mdeslaur + Guido Vranken + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848717 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10012.html + https://www.openssh.com/txt/release-7.4 + http://www.openwall.com/lists/oss-security/2016/12/19/2 + https://ubuntu.com/security/notices/USN-3538-1 + + + + ratliff> Mitigating circumstances noted in the release notes: ratliff> This could potentially allow attacks against the ratliff> privileged monitor process from the sandboxed privilege-separation ratliff> process (a compromise of the latter would be required first). ratliff> also "pre-auth compression has been disabled by default in ratliff> sshd for >10 years." + + + + + + + + + CVE-2016-10155 on Ubuntu 20.04 (focal) - low. + Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 15:59:00 UTC + 2017-03-15 + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852232 + https://bugzilla.redhat.com/show_bug.cgi?id=1415199 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10155.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2016-10254 on Ubuntu 20.04 (focal) - low. + The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-23 16:59:00 UTC + 2017-03-23 + mdeslaur + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10254.html + https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/ + https://ubuntu.com/security/notices/USN-3670-1 + + + + + + + + + + CVE-2016-10255 on Ubuntu 20.04 (focal) - low. + The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-23 16:59:00 UTC + 2017-03-23 + mdeslaur + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10255.html + https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/ + https://ubuntu.com/security/notices/USN-3670-1 + + + + + + + + + + CVE-2016-10708 on Ubuntu 20.04 (focal) - low. + sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-21 22:29:00 UTC + 2018-01-21 + Robert Swiecki + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10708.html + http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html + https://www.openssh.com/releasenotes.html + https://ubuntu.com/security/notices/USN-3809-1 + + + + mdeslaur> rated low as issue only allows crashing the per-connection mdeslaur> process, not the main daemon. + + + + + + + + + CVE-2016-10711 on Ubuntu 20.04 (focal) - medium. + Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. It was discovered that Apsis Pound has a HTTP request smuggling vulnerability. A remote attacker could use it to retrieve some sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-01-29 20:29:00 UTC + 2018-01-29 20:29:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888786 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10711.html + http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000 + https://ubuntu.com/security/notices/USN-4702-1 + + + + + + + + + + CVE-2016-2147 on Ubuntu 20.04 (focal) - low. + Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-09 15:59:00 UTC + 2017-02-09 + mdeslaur + Nico Golde + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818499 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2147.html + https://ubuntu.com/security/notices/USN-3935-1 + + + + + + + + + + CVE-2016-2774 on Ubuntu 20.04 (focal) - low. + ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-03-09 15:59:00 UTC + 2016-03-09 + Konstantin Orekhov + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817158 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2774.html + https://kb.isc.org/article/AA-01354 + https://ubuntu.com/security/notices/USN-3586-1 + + + + mdeslaur> DoS over OMAPI and failover ports only, see ISC kb article mdeslaur> for workarounds, or properly limit access to ports + + + + + + + + + CVE-2016-3119 on Ubuntu 20.04 (focal) - medium. + The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. It was discovered that Kerberos incorrectly handled certain requests. A remote authenticated attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-03-26 01:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3119.html + + + + ratliff> kadmind is not supported in core and touch + + + + + + + + + CVE-2016-3120 on Ubuntu 20.04 (focal) - medium. + The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. It was discovered that Kerberos incorrectly handled certain data structures. A remote authenticated attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2016 Canonical Ltd. + 2016-08-01 02:59:00 UTC + http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832572 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3120.html + + + + ratliff> KDC is not supported for core and touch + + + + + + + + + CVE-2016-3706 on Ubuntu 20.04 (focal) - low. + Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-06-10 15:59:00 UTC + 2016-06-10 + Michael Petlan + https://sourceware.org/bugzilla/show_bug.cgi?id=20010 + https://bugzilla.redhat.com/show_bug.cgi?id=1330887 + https://bugs.launchpad.net/bugs/1674776 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3706.html + https://ubuntu.com/security/notices/USN-3239-1 + https://ubuntu.com/security/notices/USN-3239-3 + + + + sbeattie> other versions of fixes in glibc bug report sbeattie> reverted in Ubuntu 12.04 LTS due to breaking IPv6 name resolution + + + + + + + + + CVE-2016-4476 on Ubuntu 20.04 (focal) - low. + hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-05-09 10:59:00 UTC + 2016-05-09 + mdeslaur + Imre Rad + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4476.html + http://w1.fi/security/2016-1/ + http://w1.fi/security/2016-1/psk-parameter-config-update.txt + https://ubuntu.com/security/notices/USN-3455-1 + + + + + + + + + + CVE-2016-4477 on Ubuntu 20.04 (focal) - low. + wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-05-09 10:59:00 UTC + 2016-05-09 + mdeslaur + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823411 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4477.html + http://w1.fi/security/2016-1/ + http://w1.fi/security/2016-1/psk-parameter-config-update.txt + https://ubuntu.com/security/notices/USN-3455-1 + + + + + + + + + + CVE-2016-5008 on Ubuntu 20.04 (focal) - low. + libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-07-13 15:59:00 UTC + 2016-07-13 + mdeslaur + Vivian Zhang and Christoph Anton Mitterer + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5008.html + https://bugzilla.redhat.com/show_bug.cgi?id=1180092 + http://security.libvirt.org/2016/0001.html + https://ubuntu.com/security/notices/USN-3576-1 + + + + mdeslaur> vnc password authentication isn't strong and isn't recommended mdeslaur> so setting priority to low to bundle with another update leosilva> this CVE was original patched in unstable 2.0.0-1. + + + + + + + + + CVE-2016-5009 on Ubuntu 20.04 (focal) - low. + The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-07-12 19:59:00 UTC + 2016-07-12 + http://tracker.ceph.com/issues/16297 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829661 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5009.html + https://ubuntu.com/security/notices/USN-3452-1 + + + + + + + + + + CVE-2016-5319 on Ubuntu 20.04 (focal) - low. + Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-20 15:59:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842046 + http://bugzilla.maptools.org/show_bug.cgi?id=2562 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5319.html + http://seclists.org/oss-sec/2016/q2/486 + + + + mdeslaur> upstream removed the bmp2tiff utility in 4.0.7 mdeslaur> can't reproduce on trusty and xenial, marking as not-affected + + + + + + + + + CVE-2016-6329 on Ubuntu 20.04 (focal) - low. + OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-01-31 22:59:00 UTC + 2017-01-31 + mdeslaur + Karthikeyan Bhargavan, Gaëtan Leurent + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6329.html + https://community.openvpn.net/openvpn/wiki/SWEET32 + https://sweet32.info/ + https://ubuntu.com/security/notices/USN-3339-1 + + + + mdeslaur> openvpn 2.3 and earlier use BF-CBC by default unless the cipher mdeslaur> is specified manually. 2.3.12 was modified to display a warning mdeslaur> if a 64-bit cipher is selected. mdeslaur> Since this is just a warning, downgrading priority to low sbeattie> fixed in 2.4.0 + + + + + + + + + CVE-2016-7076 on Ubuntu 20.04 (focal) - medium. + sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-29 13:29:00 UTC + 2018-05-29 + mdeslaur + Florian Weimer + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7076.html + https://www.sudo.ws/alerts/noexec_wordexp.html + https://ubuntu.com/security/notices/USN-3968-1 + https://ubuntu.com/security/notices/USN-3968-3 + + + + seth-arnold> See also CVE-2016-7032 seth-arnold> This alert mentions a seccomp-based filter. If we decide to backport that filter for this CVE, and CVE-2016-7032, then 'medium' may continue to be appropriate. If we decide the seccomp-based filter is not suitable for a backport, then perhaps 'negligible' would be appropriate. + + + + + + + + + CVE-2016-8625 on Ubuntu 20.04 (focal) - low. + curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-01 06:29:00 UTC + Christian Heimes + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8625.html + https://curl.haxx.se/docs/adv_20161102K.html + + + + mdeslaur> upstream patch switched from libidn to libidn2 and may be mdeslaur> causing issues, see: mdeslaur> https://curl.haxx.se/mail/lib-2016-11/0033.html mdeslaur> http://seclists.org/oss-sec/2016/q4/333 mdeslaur> mdeslaur> Fixing this is intrusive and is likely to cause regressions in mdeslaur> stable releases. As such, we will not be fixing this issue in mdeslaur> Ubuntu 16.04 LTS and earlier. + + + + + + + + + CVE-2016-8667 on Ubuntu 20.04 (focal) - low. + The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-11-04 21:59:00 UTC + 2016-11-04 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840950 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8667.html + https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html + https://ubuntu.com/security/notices/USN-3261-1 + https://ubuntu.com/security/notices/USN-3268-1 + + + + + + + + + + CVE-2016-8669 on Ubuntu 20.04 (focal) - low. + The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-11-04 21:59:00 UTC + 2016-11-04 + https://bugzilla.redhat.com/show_bug.cgi?id=1384909 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840945 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8669.html + https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2016-8729 on Ubuntu 20.04 (focal) - medium. + An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 19:29:00 UTC + Aleksandar Nikolic and Cory Duplantis + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863886 + https://bugs.ghostscript.com/show_bug.cgi?id=698438 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8729.html + https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243 + + + + mdeslaur> same fix as CVE-2016-9601. + + + + + + + + + CVE-2016-8734 on Ubuntu 20.04 (focal) - low. + Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. Florian Weimer discovered that Subversion clients did not properly restrict XML entity expansion when accessing http(s):// URLs. A remote attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-16 13:29:00 UTC + 2016-11-30 + Florian Weimer + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8734.html + https://subversion.apache.org/security/CVE-2016-8734-advisory.txt + https://ubuntu.com/security/notices/USN-3388-1 + + + + mdeslaur> for mod_dontdothat, we don't ship it in binary packages mdeslaur> for clients, we build with serf, so we're vulnerable + + + + + + + + + CVE-2016-9085 on Ubuntu 20.04 (focal) - medium. + Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-03 15:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9085.html + http://seclists.org/oss-sec/2016/q4/253 + + + + mdeslaur> issue is in file in examples directory, only used to build the mdeslaur> gif2webp tool in the webp binary package in universe. + + + + + + + + + CVE-2016-9112 on Ubuntu 20.04 (focal) - low. + Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-10-29 10:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9112.html + https://github.com/uclouvain/openjpeg/issues/855 + + + + + + + + + + CVE-2016-9381 on Ubuntu 20.04 (focal) - medium. + Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + 2017-01-23 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9381.html + https://xenbits.xen.org/xsa/advisory-197.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + mdeslaur> This is XSA-197 + + + + + + + + + CVE-2016-9401 on Ubuntu 20.04 (focal) - negligible. + popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-01-23 21:59:00 UTC + 2017-01-23 + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844727 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9401.html + http://www.openwall.com/lists/oss-security/2016/11/17/5 + https://ubuntu.com/security/notices/USN-3294-1 + + + + sbeattie> not sure how this has security impact + + + + + + + + + CVE-2016-9601 on Ubuntu 20.04 (focal) - medium. + ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 01:29:00 UTC + 2016-12-31 + mdeslaur + Bingchang Liu + https://bugs.ghostscript.com/show_bug.cgi?id=697457 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850497 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9601.html + https://ubuntu.com/security/notices/USN-3297-1 + + + + + + + + + + CVE-2016-9602 on Ubuntu 20.04 (focal) - medium. + Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-04-26 19:29:00 UTC + 2016-12-31 + Jann Horn + https://bugzilla.redhat.com/show_bug.cgi?id=1413929 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853006 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9602.html + http://www.openwall.com/lists/oss-security/2017/01/17/12 + http://www.openwall.com/lists/oss-security/2017/01/17/14 + https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html + https://ubuntu.com/security/notices/USN-3261-1 + https://ubuntu.com/security/notices/USN-3268-1 + + + + + + + + + + CVE-2016-9776 on Ubuntu 20.04 (focal) - low. + QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-29 22:59:00 UTC + 2016-12-29 + https://bugzilla.redhat.com/show_bug.cgi?id=1400829 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9776.html + https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2016-9911 on Ubuntu 20.04 (focal) - low. + Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-23 22:59:00 UTC + 2016-12-23 + Li Qiang + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847951 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9911.html + http://www.openwall.com/lists/oss-security/2016/12/06/10 + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2016-9913 on Ubuntu 20.04 (focal) - low. + Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-29 22:59:00 UTC + 2016-12-29 + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847496 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9913.html + https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html + http://www.openwall.com/lists/oss-security/2016/12/06/11 + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2016-9914 on Ubuntu 20.04 (focal) - low. + Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-29 22:59:00 UTC + 2016-12-29 + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847496 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9914.html + https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html + http://www.openwall.com/lists/oss-security/2016/12/06/11 + https://ubuntu.com/security/notices/USN-3261-1 + https://ubuntu.com/security/notices/USN-3268-1 + + + + + + + + + + CVE-2016-9915 on Ubuntu 20.04 (focal) - low. + Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-29 22:59:00 UTC + 2016-12-29 + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847496 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9915.html + https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html + http://www.openwall.com/lists/oss-security/2016/12/06/11 + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2016-9916 on Ubuntu 20.04 (focal) - low. + Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-29 22:59:00 UTC + 2016-12-29 + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847496 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9916.html + https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html + http://www.openwall.com/lists/oss-security/2016/12/06/11 + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2016-9921 on Ubuntu 20.04 (focal) - low. + Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2016 Canonical Ltd. + 2016-12-23 22:59:00 UTC + 2016-12-23 + Qinghao Tang, Li Qiang, and Jiangxin + https://bugzilla.redhat.com/show_bug.cgi?id=1334398 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847960 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9921.html + https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2016-9922 on Ubuntu 20.04 (focal) - low. + The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-27 15:59:00 UTC + 2017-03-27 + Qinghao Tang, Li Qiang, and Jiangxin + https://bugzilla.redhat.com/show_bug.cgi?id=1334398 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847960 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9922.html + https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2016-9928 on Ubuntu 20.04 (focal) - medium. + MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-06 14:15:00 UTC + 2020-02-06 14:15:00 UTC + Sam Whited + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845258 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9928.html + https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw + http://www.openwall.com/lists/oss-security/2016/12/09/5 + https://ubuntu.com/security/notices/USN-4506-1 + + + + + + + + + + CVE-2016-9956 on Ubuntu 20.04 (focal) - medium. + The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-22 16:59:00 UTC + 2017-02-22 16:59:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848114 + http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9956.html + http://www.openwall.com/lists/oss-security/2016/12/14/11 + https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/ + https://ubuntu.com/security/notices/USN-4588-1 + + + + + + + + + + CVE-2017-0786 on Ubuntu 20.04 (focal) - medium. + A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-08 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0786.html + https://source.android.com/security/bulletin/2017-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2017-1000408 on Ubuntu 20.04 (focal) - low. + A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-01 04:29:00 UTC + 2017-12-13 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884132 + https://sourceware.org/bugzilla/show_bug.cgi?id=22606 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000408.html + http://www.openwall.com/lists/oss-security/2017/12/11/4 + https://ubuntu.com/security/notices/USN-3534-1 + + + + + + + + + + CVE-2017-1000409 on Ubuntu 20.04 (focal) - low. + A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-01 04:29:00 UTC + 2017-12-13 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884133 + https://sourceware.org/bugzilla/show_bug.cgi?id=22607 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000409.html + http://www.openwall.com/lists/oss-security/2017/12/11/4 + https://ubuntu.com/security/notices/USN-3534-1 + + + + + + + + + + CVE-2017-10664 on Ubuntu 20.04 (focal) - low. + qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-02 19:29:00 UTC + 2017-08-02 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866674 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10664.html + https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html + https://ubuntu.com/security/notices/USN-3414-1 + + + + + + + + + + CVE-2017-10806 on Ubuntu 20.04 (focal) - low. + Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-02 19:29:00 UTC + 2017-08-02 + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867751 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10806.html + https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html + https://ubuntu.com/security/notices/USN-3414-1 + + + + + + + + + + CVE-2017-11107 on Ubuntu 20.04 (focal) - low. + phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-08 12:29:00 UTC + 2017-07-08 12:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867719 + https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 + https://github.com/leenooks/phpLDAPadmin/issues/50 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11107.html + https://github.com/leenooks/phpLDAPadmin/pull/71 + https://ubuntu.com/security/notices/USN-4620-1 + + + + + + + + + + CVE-2017-11368 on Ubuntu 20.04 (focal) - medium. + In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. It was discovered that Kerberos incorrectly handled certain S4U2Self or S4U2Proxy requests. A remote authenticated attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-09 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11368.html + https://github.com/krb5/krb5/pull/678/files + + + + + + + + + + CVE-2017-11434 on Ubuntu 20.04 (focal) - medium. + The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-25 18:29:00 UTC + 2017-07-25 + Reno Robert + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869171 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11434.html + https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html + https://ubuntu.com/security/notices/USN-3414-1 + + + + + + + + + + CVE-2017-11462 on Ubuntu 20.04 (focal) - low. + Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. It was discovered that Kerberos incorrectly handled deletion of security contexts. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-13 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873563 + http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11462.html + + + + + + + + + + CVE-2017-11464 on Ubuntu 20.04 (focal) - low. + A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-07-19 21:29:00 UTC + 2017-07-19 21:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1697283 + https://bugzilla.gnome.org/show_bug.cgi?id=783835 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11464.html + https://ubuntu.com/security/notices/USN-4436-1 + + + + leosilva> code affected is not present in trusty. + + + + + + + + + CVE-2017-11737 on Ubuntu 20.04 (focal) - untriaged. + interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2017 Canonical Ltd. + 2017-07-29 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11737.html + https://github.com/vstakhov/rspamd/issues/1738 + https://github.com/rspamd/rspamd/pull/1739 + + + + + + + + + + CVE-2017-12562 on Ubuntu 20.04 (focal) - low. + Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-08-05 17:29:00 UTC + 2017-08-05 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869166 + https://github.com/erikd/libsndfile/issues/292 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-12562.html + https://ubuntu.com/security/notices/USN-4704-1 + + + + mdeslaur> debian's patch in 1.0.28-3 doesn't match the upsteam patch. mdeslaur> need to investigate further, looks like parts are missing. mdeslaur> mdeslaur> reproducer in upstream bug report. + + + + + + + + + CVE-2017-13080 on Ubuntu 20.04 (focal) - high. + Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. + + Ubuntu 20.04 + + + + High + Copyright (C) 2017 Canonical Ltd. + 2017-10-17 13:29:00 UTC + 2017-10-16 + Mathy Vanhoef + https://bugs.launchpad.net/intel/+bug/1728762 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13080.html + https://www.krackattacks.com/ + https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt + https://ubuntu.com/security/notices/USN-3455-1 + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00101.html + https://ubuntu.com/security/notices/USN-3505-1 + + + + mdeslaur> related to intel wireless firmware issue CVE-2017-5729 + + + + + + + + + CVE-2017-13081 on Ubuntu 20.04 (focal) - high. + Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. + + Ubuntu 20.04 + + + + High + Copyright (C) 2017 Canonical Ltd. + 2017-10-17 13:29:00 UTC + 2017-10-16 + Mathy Vanhoef + https://bugs.launchpad.net/intel/+bug/1728762 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13081.html + https://www.krackattacks.com/ + https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt + https://ubuntu.com/security/notices/USN-3455-1 + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00101.html + https://ubuntu.com/security/notices/USN-3505-1 + + + + mdeslaur> related to intel wireless firmware issue CVE-2017-5729 + + + + + + + + + CVE-2017-13194 on Ubuntu 20.04 (focal) - low. + A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-12 23:29:00 UTC + 2018-01-12 23:29:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13194.html + https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9 + https://source.android.com/security/bulletin/pixel/2018-01-01 + https://ubuntu.com/security/notices/USN-4199-1 + https://ubuntu.com/security/notices/USN-4199-2 + + + + leosilva> code in trusty is quite different needs to be tested with the POC leosilva> if possible. + + + + + + + + + CVE-2017-14167 on Ubuntu 20.04 (focal) - low. + Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-08 18:29:00 UTC + 2017-09-08 + Thomas Garnier + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874606 + https://bugzilla.redhat.com/show_bug.cgi?id=1489375 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14167.html + https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html + https://ubuntu.com/security/notices/USN-3575-1 + + + + + + + + + + CVE-2017-14245 on Ubuntu 20.04 (focal) - low. + An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-21 13:29:00 UTC + 2017-09-21 + mdeslaur + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876682 + https://github.com/erikd/libsndfile/issues/317 + https://github.com/erikd/libsndfile/issues/344 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884735 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14245.html + https://ubuntu.com/security/notices/USN-4013-1 + https://ubuntu.com/security/notices/USN-4704-1 + + + + leosilva> reproducer can be found in github link mdeslaur> a-ulaw-fix-multiple-buffer-overflows-432.patch + + + + + + + + + CVE-2017-14246 on Ubuntu 20.04 (focal) - low. + An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-09-21 13:29:00 UTC + 2017-09-21 + mdeslaur + https://github.com/erikd/libsndfile/issues/344 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884735 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876682 + https://github.com/erikd/libsndfile/issues/317 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14246.html + https://ubuntu.com/security/notices/USN-4013-1 + https://ubuntu.com/security/notices/USN-4704-1 + + + + leosilva> reproducer can be found in github link mdeslaur> a-ulaw-fix-multiple-buffer-overflows-432.patch + + + + + + + + + CVE-2017-14634 on Ubuntu 20.04 (focal) - negligible. + In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-09-21 07:29:00 UTC + 2017-09-21 + mdeslaur + https://github.com/erikd/libsndfile/issues/318 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14634.html + https://ubuntu.com/security/notices/USN-4013-1 + https://ubuntu.com/security/notices/USN-4704-1 + + + + mdeslaur> double64_init-Check-psf-sf.channels-against-upper-bo.patch + + + + + + + + + CVE-2017-15038 on Ubuntu 20.04 (focal) - low. + Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-10 01:30:00 UTC + 2017-10-09 + Tuomas Tynkkynen + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877890 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15038.html + https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html + https://ubuntu.com/security/notices/USN-3575-1 + + + + + + + + + + CVE-2017-15107 on Ubuntu 20.04 (focal) - low. + A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-23 16:29:00 UTC + 2018-01-23 16:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888200 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15107.html + http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html + https://ubuntu.com/security/notices/USN-4924-1 + + + + + + + + + + CVE-2017-15266 on Ubuntu 20.04 (focal) - medium. + In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-11 17:29:00 UTC + 2017-10-11 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15266.html + http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html + http://openwall.com/lists/oss-security/2017/10/11/1 + https://bugzilla.redhat.com/show_bug.cgi?id=1499599 + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2017-15267 on Ubuntu 20.04 (focal) - medium. + In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. It was discovered that Libextractor incorrectly handled certain FLAC metadata. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-11 17:29:00 UTC + 2017-10-11 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15267.html + http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00003.html + http://openwall.com/lists/oss-security/2017/10/11/1 + https://bugzilla.redhat.com/show_bug.cgi?id=1499600 + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2017-15289 on Ubuntu 20.04 (focal) - low. + The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-16 18:29:00 UTC + 2017-10-16 + Guoxiang Niu + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880832 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15289.html + https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html + https://ubuntu.com/security/notices/USN-3575-1 + + + + + + + + + + CVE-2017-15600 on Ubuntu 20.04 (focal) - medium. + In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c. It was discovered that Libextractor incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 21:29:00 UTC + 2017-10-18 21:29:00 UTC + Zhao Liang + https://bugzilla.redhat.com/show_bug.cgi?id=1501695 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15600.html + http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html + https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2017-15601 on Ubuntu 20.04 (focal) - medium. + In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. It was discovered that Libextractor incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 21:29:00 UTC + 2017-10-18 21:29:00 UTC + Zhao Liang + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15601.html + http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html + https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2017-15602 on Ubuntu 20.04 (focal) - low. + In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. It was discovered that Libextractor incorrectly handled integers. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-18 21:29:00 UTC + 2017-10-18 21:29:00 UTC + Zhao Liang + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15602.html + http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html + https://ftp.gnu.org/gnu/libextractor/libextractor-1.6.tar.gz + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2017-15670 on Ubuntu 20.04 (focal) - low. + The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-20 17:29:00 UTC + 2017-10-20 + https://sourceware.org/bugzilla/show_bug.cgi?id=22320 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879501 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15670.html + https://ubuntu.com/security/notices/USN-3534-1 + + + + + + + + + + CVE-2017-15804 on Ubuntu 20.04 (focal) - low. + The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-22 20:29:00 UTC + 2017-10-22 + https://sourceware.org/bugzilla/show_bug.cgi?id=22332 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15804.html + https://ubuntu.com/security/notices/USN-3534-1 + + + + + + + + + + CVE-2017-15873 on Ubuntu 20.04 (focal) - low. + The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-24 20:29:00 UTC + 2017-10-24 + mdeslaur + https://bugs.busybox.net/show_bug.cgi?id=10431 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879732 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15873.html + https://ubuntu.com/security/notices/USN-3935-1 + + + + + + + + + + CVE-2017-15906 on Ubuntu 20.04 (focal) - low. + The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-26 03:29:00 UTC + 2017-10-25 + mdeslaur + Michal Zalewski + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15906.html + https://www.openssh.com/txt/release-7.6 + https://ubuntu.com/security/notices/USN-3538-1 + https://xorl.wordpress.com/2017/11/13/openssh-sftp-server-remote-security-vulnerability/ + + + + leosilva> file structure and patch mismatch, some ajustments required + + + + + + + + + CVE-2017-15922 on Ubuntu 20.04 (focal) - low. + In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. It was discovered that Libextractore incorrectly handled certain crafted files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-10-26 18:29:00 UTC + 2017-10-26 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15922.html + http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2017-16544 on Ubuntu 20.04 (focal) - medium. + In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-11-20 15:29:00 UTC + 2017-11-20 + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16544.html + https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/ + https://ubuntu.com/security/notices/USN-3935-1 + + + + + + + + + + CVE-2017-16644 on Ubuntu 20.04 (focal) - low. + The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-11-07 23:29:00 UTC + 2017-11-07 + Andrey Konovalov + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16644.html + https://groups.google.com/d/msg/syzkaller/ngC5SLvxPm4/gduhCARhAwAJ + https://patchwork.kernel.org/patch/9966135/ + https://git.linuxtv.org/media_tree.git/commit/?id=c0f71bbb810237a38734607ca4599632f7f5d47f + https://ubuntu.com/security/notices/USN-3754-1 + https://ubuntu.com/security/notices/USN-4904-1 + + + + sbeattie> possibly introduced in 5612e191ca1f88e16c48bb373d90d1508196aa95 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2017-16997 on Ubuntu 20.04 (focal) - low. + elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-12-18 01:29:00 UTC + 2017-12-17 + Aurelien Jarno + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884615 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16997.html + https://bugs.debian.org/884615 + https://sourceware.org/bugzilla/show_bug.cgi?id=22625 + https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html + https://ubuntu.com/security/notices/USN-3534-1 + + + + + + + + + + CVE-2017-17440 on Ubuntu 20.04 (focal) - medium. + GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c. It was discovered tha Libextractor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-12-06 17:29:00 UTC + 2017-12-06 17:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883528 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17440.html + https://bugs.debian.org/883528#35 + https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html + https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html + https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html + https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html + https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html + https://ubuntu.com/security/notices/USN-4641-1 + + + + + + + + + + CVE-2017-18030 on Ubuntu 20.04 (focal) - low. + The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-23 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18030.html + http://www.openwall.com/lists/oss-security/2018/01/15/3 + + + + + + + + + + CVE-2017-18043 on Ubuntu 20.04 (focal) - low. + Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-31 20:29:00 UTC + 2018-01-31 + Eric Blake + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18043.html + http://www.openwall.com/lists/oss-security/2018/01/19/1 + https://ubuntu.com/security/notices/USN-3575-1 + + + + + + + + + + CVE-2017-18269 on Ubuntu 20.04 (focal) - medium. + An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-18 16:29:00 UTC + 2018-05-18 16:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22644 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18269.html + https://github.com/fingolfin/memmove-bug + https://ubuntu.com/security/notices/USN-4416-1 + + + + sbeattie> introduced in glibc 2.21 + + + + + + + + + CVE-2017-18342 on Ubuntu 20.04 (focal) - low. + In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-27 12:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902878 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18342.html + https://github.com/yaml/pyyaml/pull/74 + + + + seth-arnold> The patch changes the incredibly-unsafe yaml.load to the behaviour of safe_load; despite being many years overdue, it's also likely to break something. mdeslaur> upstream has reverted the 4.1 fix, so as of 2020-10-06, there mdeslaur> is no proper fix for this issue for stable releases, and fixing mdeslaur> it is likely to cause compatibility issues. In stable releases mdeslaur> individual software would need to be fixed instead of pyyaml mdeslaur> itself. We are not going to be fixing pyyaml itself, marking as mdeslaur> ignored. + + + + + + + + + CVE-2017-2615 on Ubuntu 20.04 (focal) - medium. + Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-03 01:29:00 UTC + 2017-02-01 + Wjjzhang, Li Qiang + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854731 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2615.html + https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + seth-arnold> apparently introduced by the fix for CVE-2014-8106 + + + + + + + + + CVE-2017-2620 on Ubuntu 20.04 (focal) - medium. + Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-27 19:29:00 UTC + 2017-02-22 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855791 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2620.html + https://xenbits.xen.org/xsa/advisory-209.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2017-2633 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-07-27 19:29:00 UTC + 2017-02-22 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2633.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2017-3144 on Ubuntu 20.04 (focal) - low. + A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-16 20:29:00 UTC + 2017-12-31 + https://bugzilla.redhat.com/show_bug.cgi?id=1522918 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887413 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-3144.html + https://kb.isc.org/article/AA-01541 + https://ubuntu.com/security/notices/USN-3586-1 + + + + mdeslaur> DoS over OMAPI port only, see ISC kb article mdeslaur> for workarounds, or properly limit access to ports + + + + + + + + + CVE-2017-5208 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-08-22 18:29:00 UTC + 2017-01-09 + leosilva + Choongwoo Han + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5208.html + http://www.openwall.com/lists/oss-security/2017/01/08/1 + https://ubuntu.com/security/notices/USN-3178-1 + https://ubuntu.com/security/notices/USN-4695-1 + + + + + + + + + + CVE-2017-5331 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-04 21:15:00 UTC + 2017-01-11 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5331.html + http://www.openwall.com/lists/oss-security/2017/01/10/4 + https://ubuntu.com/security/notices/USN-3178-1 + https://ubuntu.com/security/notices/USN-4695-1 + + + + mdeslaur> fix for insufficient CVE-2017-5208 fix + + + + + + + + + CVE-2017-5332 on Ubuntu 20.04 (focal) - medium. + The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-04 21:15:00 UTC + 2017-01-11 + leosilva + https://bugzilla.redhat.com/show_bug.cgi?id=1249276 + https://bugzilla.redhat.com/show_bug.cgi?id=1412263 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5332.html + http://www.openwall.com/lists/oss-security/2017/01/10/4 + https://ubuntu.com/security/notices/USN-3178-1 + https://ubuntu.com/security/notices/USN-4695-1 + + + + mdeslaur> This CVE is for "all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a mdeslaur> and also the index correction in mdeslaur> 1a108713ac26215c7568353f6e02e727e6d4b24a." + + + + + + + + + CVE-2017-5333 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-04 21:15:00 UTC + 2017-01-11 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5333.html + https://ubuntu.com/security/notices/USN-3178-1 + https://ubuntu.com/security/notices/USN-4695-1 + + + + mdeslaur> This CVE is for "the separate vulnerability fixed by the mdeslaur> introduction of the "size >= sizeof(uint16_t)*2" test in mdeslaur> 1a108713ac26215c7568353f6e02e727e6d4b24a" + + + + + + + + + CVE-2017-5525 on Ubuntu 20.04 (focal) - low. + Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 15:59:00 UTC + 2017-03-15 + Li Qiang + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852021 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5525.html + https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01740.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2017-5526 on Ubuntu 20.04 (focal) - low. + Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 15:59:00 UTC + 2017-03-15 + Li Qiang + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851910 + https://bugzilla.redhat.com/show_bug.cgi?id=1414209 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5526.html + https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01742.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2017-5579 on Ubuntu 20.04 (focal) - low. + Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 15:59:00 UTC + 2017-03-15 + Li Qiang + https://bugzilla.redhat.com/show_bug.cgi?id=1416157 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853002 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5579.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + tyhicks> affected code is in hw/serial.c in qemu-kvm on 12.04. serial_init_core() allocates a number of things but there is no serial_exit_core() present. + + + + + + + + + CVE-2017-5667 on Ubuntu 20.04 (focal) - medium. + The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-16 15:59:00 UTC + 2017-03-16 + Jiang Xin + https://bugzilla.redhat.com/show_bug.cgi?id=1417559 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853996 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5667.html + https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html + http://www.openwall.com/lists/oss-security/2017/01/30/2 + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2017-5856 on Ubuntu 20.04 (focal) - low. + Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-16 15:59:00 UTC + 2017-03-16 + Li Qiang + https://bugzilla.redhat.com/show_bug.cgi?id=1418342 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853996 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5856.html + http://www.openwall.com/lists/oss-security/2017/02/01/19 + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2017-5898 on Ubuntu 20.04 (focal) - medium. + Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 19:59:00 UTC + 2017-03-15 + Li Qiang + https://bugzilla.redhat.com/show_bug.cgi?id=1419699 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854729 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5898.html + https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg01075.html + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2017-5967 on Ubuntu 20.04 (focal) - low. + The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. It was discovered that the timer stats implementation in the Linux kernel allowed the discovery of a real PID value while inside a PID namespace. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-14 06:59:00 UTC + 2017-02-14 06:59:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5967.html + http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1 + https://bugzilla.kernel.org/show_bug.cgi?id=193921 + https://ubuntu.com/security/notices/USN-4904-1 + + + + sbeattie> patch disables/removes CONFIG_TIMER_STATS entirely. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2017-5973 on Ubuntu 20.04 (focal) - low. + The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-27 15:59:00 UTC + 2017-03-27 + Li Qiang + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855611 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5973.html + https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html + http://www.openwall.com/lists/oss-security/2017/02/13/11 + https://ubuntu.com/security/notices/USN-3261-1 + + + + + + + + + + CVE-2017-5987 on Ubuntu 20.04 (focal) - low. + The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-20 16:59:00 UTC + 2017-03-20 + Jiang Xin, Wjjzhang + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855159 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5987.html + https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html + https://ubuntu.com/security/notices/USN-3261-1 + https://ubuntu.com/security/notices/USN-3268-1 + + + + + + + + + + CVE-2017-6009 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-16 11:59:00 UTC + 2017-02-16 + leosilva + Jerzy Kramarz + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050 + https://bugzilla.redhat.com/show_bug.cgi?id=1422906 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6009.html + https://ubuntu.com/security/notices/USN-3226-1 + https://ubuntu.com/security/notices/USN-4695-1 + + + + + + + + + + CVE-2017-6010 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-16 11:59:00 UTC + 2017-02-16 + leosilva + Jerzy Kramarz + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054 + https://bugzilla.redhat.com/show_bug.cgi?id=1422907 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6010.html + https://ubuntu.com/security/notices/USN-3226-1 + https://ubuntu.com/security/notices/USN-4695-1 + + + + + + + + + + CVE-2017-6011 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-16 11:59:00 UTC + 2017-02-16 + leosilva + Jerzy Kramarz + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054 + https://bugzilla.redhat.com/show_bug.cgi?id=1422908 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6011.html + https://ubuntu.com/security/notices/USN-3226-1 + https://ubuntu.com/security/notices/USN-4695-1 + + + + mdeslaur> same fixes as CVE-2017-6010 + + + + + + + + + CVE-2017-6298 on Ubuntu 20.04 (focal) - low. + An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 04:59:00 UTC + 2017-02-23 + https://bugs.launchpad.net/bugs/1666884 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6298.html + https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + http://www.openwall.com/lists/oss-security/2017/02/15/4 + https://github.com/Yeraze/ytnef/pull/27 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6299 on Ubuntu 20.04 (focal) - low. + An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 04:59:00 UTC + 2017-02-23 + https://bugs.launchpad.net/bugs/1666884 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6299.html + https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + http://www.openwall.com/lists/oss-security/2017/02/15/4 + https://github.com/Yeraze/ytnef/pull/27 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6300 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 04:59:00 UTC + 2017-02-23 + https://bugs.launchpad.net/bugs/1666884 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6300.html + https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + http://www.openwall.com/lists/oss-security/2017/02/15/4 + https://github.com/Yeraze/ytnef/pull/27 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6301 on Ubuntu 20.04 (focal) - low. + An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 04:59:00 UTC + 2017-02-23 + https://bugs.launchpad.net/bugs/1666884 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6301.html + https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + http://www.openwall.com/lists/oss-security/2017/02/15/4 + https://github.com/Yeraze/ytnef/pull/27 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6302 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 04:59:00 UTC + 2017-02-23 + https://bugs.launchpad.net/bugs/1666884 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6302.html + https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + http://www.openwall.com/lists/oss-security/2017/02/15/4 + https://github.com/Yeraze/ytnef/pull/27 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6303 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 04:59:00 UTC + 2017-02-23 + https://bugs.launchpad.net/bugs/1666884 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6303.html + https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + http://www.openwall.com/lists/oss-security/2017/02/15/4 + https://github.com/Yeraze/ytnef/pull/27 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + sbeattie> rather than cherry-pick individual commits, probably best to take full git merge commit + + + + + + + + + CVE-2017-6304 on Ubuntu 20.04 (focal) - low. + An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 04:59:00 UTC + 2017-02-23 + https://bugs.launchpad.net/bugs/1666884 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6304.html + https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + http://www.openwall.com/lists/oss-security/2017/02/15/4 + https://github.com/Yeraze/ytnef/pull/27 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6305 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 04:59:00 UTC + 2017-02-23 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6305.html + https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + http://www.openwall.com/lists/oss-security/2017/02/15/4 + https://github.com/Yeraze/ytnef/pull/27 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6306 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-02-24 04:59:00 UTC + 2017-02-23 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6306.html + https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + http://www.openwall.com/lists/oss-security/2017/02/15/4 + https://github.com/Yeraze/ytnef/pull/27 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6318 on Ubuntu 20.04 (focal) - low. + saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-20 16:59:00 UTC + 2017-03-20 16:59:00 UTC + mdeslaur + Kritphong Mongkhonvanit + https://alioth.debian.org/tracker/index.php?func=detail&aid=315576 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854804 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6318.html + http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035029.html + https://ubuntu.com/security/notices/USN-4470-1 + + + + + + + + + + CVE-2017-6458 on Ubuntu 20.04 (focal) - negligible. + Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2017 Canonical Ltd. + 2017-03-27 17:59:00 UTC + 2017-03-27 + http://support.ntp.org/bin/view/Main/NtpBug3379 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6458.html + https://ubuntu.com/security/notices/USN-3349-1 + + + + mdeslaur> This is not a vulnerability per se, but a weakness in an mdeslaur> internal helper function + + + + + + + + + CVE-2017-6464 on Ubuntu 20.04 (focal) - low. + NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-27 17:59:00 UTC + 2017-03-27 + http://support.ntp.org/bin/view/Main/NtpBug3389 + http://bugs.ntp.org/show_bug.cgi?id=3389 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6464.html + https://ubuntu.com/security/notices/USN-3349-1 + + + + + + + + + + CVE-2017-6505 on Ubuntu 20.04 (focal) - low. + The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-03-15 14:59:00 UTC + 2017-03-15 + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856969 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6505.html + https://ubuntu.com/security/notices/USN-3261-1 + https://ubuntu.com/security/notices/USN-3268-1 + + + + + + + + + + CVE-2017-6800 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-10 10:59:00 UTC + 2017-03-10 + Hanno Böck + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6800.html + https://github.com/Yeraze/ytnef/commit/f98f5d4adc1c4bd4033638f6167c1bb95d642f89 + https://github.com/Yeraze/ytnef/issues/28 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6801 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-10 10:59:00 UTC + 2017-03-10 + Hanno Böck + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6801.html + https://github.com/Yeraze/ytnef/commit/3cb0f914d6427073f262e1b2b5fd973e3043cdf7 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6802 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-10 10:59:00 UTC + 2017-03-10 + Hanno Böck + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6802.html + https://github.com/Yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc + https://github.com/Yeraze/ytnef/issues/34 + https://ubuntu.com/security/notices/USN-3288-1 + https://ubuntu.com/security/notices/USN-4615-1 + + + + + + + + + + CVE-2017-6807 on Ubuntu 20.04 (focal) - medium. + mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-03-13 14:59:00 UTC + 2017-03-13 14:59:00 UTC + François Kooman + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6807.html + https://ubuntu.com/security/notices/USN-4597-1 + + + + + + + + + + CVE-2017-6892 on Ubuntu 20.04 (focal) - low. + In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 16:29:00 UTC + 2017-06-12 + mdeslaur + Laurent Delosieres + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864704 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6892.html + https://secuniaresearch.flexerasoftware.com/advisories/76717/ + https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/ + https://ubuntu.com/security/notices/USN-4013-1 + https://ubuntu.com/security/notices/USN-4704-1 + + + + + + + + + + CVE-2017-7377 on Ubuntu 20.04 (focal) - low. + The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-10 15:59:00 UTC + 2017-04-10 + Li Qiang + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7377.html + https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html + http://www.openwall.com/lists/oss-security/2017/04/03/2 + https://ubuntu.com/security/notices/USN-3289-1 + + + + tyhicks> A privileged user in the guest can leak host memory tyhicks> Affected code is in hw/9pfs/virtio-9p.c in older releases + + + + + + + + + CVE-2017-7479 on Ubuntu 20.04 (focal) - low. + OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An authenticated remote attacker could use this to cause a denial of service (application crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-15 18:29:00 UTC + 2017-05-11 16:00:00 CEST + mdeslaur + 2017-05-11 16:00:00 CEST + https://launchpad.net/bugs/1691531 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7479.html + https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits + https://ubuntu.com/security/notices/USN-3284-1 + https://ubuntu.com/security/notices/USN-3339-1 + + + + sbeattie> fix needs a87e1431baccd49a9344cfc63ab7446c4317fa2f (2.4) or 5d747770efa0611cc6cfeb6b3a5853bf51046d53 (2.3) as a prequisite + + + + + + + + + CVE-2017-7493 on Ubuntu 20.04 (focal) - medium. + Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-05-17 15:29:00 UTC + 2017-05-17 + Leo Gaspard + https://bugzilla.redhat.com/show_bug.cgi?id=1451709 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7493.html + https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html + http://seclists.org/oss-sec/2017/q2/278 + https://ubuntu.com/security/notices/USN-3414-1 + + + + + + + + + + CVE-2017-7607 on Ubuntu 20.04 (focal) - medium. + The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-09 14:59:00 UTC + 2017-04-09 + mdeslaur + Agostino Sarubbo + https://sourceware.org/bugzilla/show_bug.cgi?id=21299 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859996 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7607.html + https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/ + https://ubuntu.com/security/notices/USN-3670-1 + + + + + + + + + + CVE-2017-7608 on Ubuntu 20.04 (focal) - medium. + The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-09 14:59:00 UTC + 2017-04-09 + mdeslaur + Agostino Sarubbo + https://sourceware.org/bugzilla/show_bug.cgi?id=21300 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859995 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7608.html + https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/ + https://ubuntu.com/security/notices/USN-3670-1 + + + + + + + + + + CVE-2017-7610 on Ubuntu 20.04 (focal) - medium. + The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-09 14:59:00 UTC + 2017-04-09 + mdeslaur + Agostino Sarubbo + https://sourceware.org/bugzilla/show_bug.cgi?id=21320 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859993 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7610.html + https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/ + https://ubuntu.com/security/notices/USN-3670-1 + + + + + + + + + + CVE-2017-7611 on Ubuntu 20.04 (focal) - medium. + The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-09 14:59:00 UTC + 2017-04-09 + mdeslaur + Agostino Sarubbo + https://sourceware.org/bugzilla/show_bug.cgi?id=21310 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859992 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7611.html + https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/ + https://ubuntu.com/security/notices/USN-3670-1 + + + + + + + + + + CVE-2017-7612 on Ubuntu 20.04 (focal) - medium. + The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-09 14:59:00 UTC + 2017-04-09 + mdeslaur + Agostino Sarubbo + https://sourceware.org/bugzilla/show_bug.cgi?id=21311 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859991 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7612.html + https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/ + https://ubuntu.com/security/notices/USN-3670-1 + + + + + + + + + + CVE-2017-7613 on Ubuntu 20.04 (focal) - medium. + elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-09 14:59:00 UTC + 2017-04-09 + mdeslaur + Agostino Sarubbo + https://sourceware.org/bugzilla/show_bug.cgi?id=21312 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859990 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7613.html + https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/ + https://ubuntu.com/security/notices/USN-3670-1 + + + + + + + + + + CVE-2017-7718 on Ubuntu 20.04 (focal) - low. + hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-20 17:59:00 UTC + 2017-04-20 + Jiangxin + https://bugzilla.redhat.com/show_bug.cgi?id=1443441 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7718.html + https://ubuntu.com/security/notices/USN-3289-1 + + + + + + + + + + CVE-2017-7869 on Ubuntu 20.04 (focal) - low. + GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-14 04:59:00 UTC + 2017-04-14 + mdeslaur + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7869.html + https://gnutls.org/security.html#GNUTLS-SA-2017-3 + https://www.gnutls.org/security.html + https://ubuntu.com/security/notices/USN-3318-1 + + + + + + + + + + CVE-2017-7885 on Ubuntu 20.04 (focal) - low. + Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-04-17 00:59:00 UTC + 2017-04-16 + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=697703 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860460 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7885.html + https://ubuntu.com/security/notices/USN-3297-1 + + + + + + + + + + CVE-2017-7975 on Ubuntu 20.04 (focal) - medium. + Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-19 16:59:00 UTC + 2017-04-19 + mdeslaur + Jiaqi Peng + https://bugs.ghostscript.com/show_bug.cgi?id=697693 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860788 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7975.html + https://ubuntu.com/security/notices/USN-3297-1 + + + + + + + + + + CVE-2017-7976 on Ubuntu 20.04 (focal) - medium. + Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-04-19 17:59:00 UTC + 2017-04-19 + mdeslaur + Dai Ge + https://bugs.ghostscript.com/show_bug.cgi?id=697683 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860787 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7976.html + https://ubuntu.com/security/notices/USN-3297-1 + + + + + + + + + + CVE-2017-7980 on Ubuntu 20.04 (focal) - medium. + Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-07-25 14:29:00 UTC + 2017-04-21 + Li Qiang and Jiangxin + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7980.html + http://www.openwall.com/lists/oss-security/2017/04/21/1 + https://ubuntu.com/security/notices/USN-3289-1 + + + + + + + + + + CVE-2017-8086 on Ubuntu 20.04 (focal) - low. + Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-02 14:59:00 UTC + 2017-05-02 + Li Qiang + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861348 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8086.html + https://ubuntu.com/security/notices/USN-3289-1 + + + + mdeslaur> possibly introduced by fix for CVE-2016-9602 + + + + + + + + + CVE-2017-8112 on Ubuntu 20.04 (focal) - low. + hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-02 14:59:00 UTC + 2017-05-02 + Li Qiang + https://bugzilla.redhat.com/show_bug.cgi?id=1445621 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861351 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8112.html + https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html + https://ubuntu.com/security/notices/USN-3414-1 + + + + + + + + + + CVE-2017-8240 on Ubuntu 20.04 (focal) - low. + In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-13 20:29:00 UTC + Timur Tabi + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8240.html + http://www.securitytracker.com/id/1038623 + https://source.android.com/security/bulletin/2017-06-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2017-8309 on Ubuntu 20.04 (focal) - low. + Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-23 04:29:00 UTC + 2017-05-03 + Jiang Xin + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-8309.html + https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html + https://ubuntu.com/security/notices/USN-3289-1 + + + + + + + + + + CVE-2017-9111 on Ubuntu 20.04 (focal) - low. + In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-21 18:29:00 UTC + 2017-05-21 18:29:00 UTC + mdeslaur + Brandon Perry + https://github.com/openexr/openexr/issues/232 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078 + https://bugzilla.suse.com/show_bug.cgi?id=1040109 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9111.html + http://www.openwall.com/lists/oss-security/2017/05/12/5 + https://ubuntu.com/security/notices/USN-4148-1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + mdeslaur> see suse bug for reproducer with exrmakepreview mdeslaur> first patch in upstream bug doesn't cover this CVE mdeslaur> mdeslaur> The patch for this issue was dropped during the focal mdeslaur> development cycle by mistake. + + + + + + + + + CVE-2017-9113 on Ubuntu 20.04 (focal) - low. + In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-21 18:29:00 UTC + 2017-05-21 18:29:00 UTC + mdeslaur + Brandon Perry + https://github.com/openexr/openexr/issues/232 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078 + https://bugzilla.suse.com/show_bug.cgi?id=1040113 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9113.html + http://www.openwall.com/lists/oss-security/2017/05/12/5 + https://ubuntu.com/security/notices/USN-4148-1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + mdeslaur> see suse bug for reproducer with exrmakepreview mdeslaur> first patch in upstream bug doesn't cover this CVE mdeslaur> mdeslaur> The patch for this issue was dropped during the focal mdeslaur> development cycle by mistake. + + + + + + + + + CVE-2017-9115 on Ubuntu 20.04 (focal) - low. + In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-05-21 18:29:00 UTC + 2017-05-21 18:29:00 UTC + mdeslaur + Brandon Perry + https://github.com/openexr/openexr/issues/232 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864078 + https://bugzilla.suse.com/show_bug.cgi?id=1040115 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9115.html + http://www.openwall.com/lists/oss-security/2017/05/12/5 + https://ubuntu.com/security/notices/USN-4148-1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + mdeslaur> see suse bug for reproducer with exrmakepreview mdeslaur> first patch in upstream bug doesn't cover this CVE mdeslaur> mdeslaur> The patch for this issue was dropped during the focal mdeslaur> development cycle by mistake. + + + + + + + + + CVE-2017-9122 on Ubuntu 20.04 (focal) - medium. + The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 06:29:00 UTC + 2017-06-12 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9122.html + https://www.exploit-db.com/exploits/42148/ + https://ubuntu.com/security/notices/USN-4545-1 + + + + + + + + + + CVE-2017-9123 on Ubuntu 20.04 (focal) - medium. + The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 06:29:00 UTC + 2017-06-12 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9123.html + https://www.exploit-db.com/exploits/42148/ + https://ubuntu.com/security/notices/USN-4545-1 + + + + + + + + + + CVE-2017-9124 on Ubuntu 20.04 (focal) - medium. + The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 06:29:00 UTC + 2017-06-12 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9124.html + https://www.exploit-db.com/exploits/42148/ + https://ubuntu.com/security/notices/USN-4545-1 + + + + + + + + + + CVE-2017-9125 on Ubuntu 20.04 (focal) - medium. + The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 06:29:00 UTC + 2017-06-12 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9125.html + https://www.exploit-db.com/exploits/42148/ + https://ubuntu.com/security/notices/USN-4545-1 + + + + + + + + + + CVE-2017-9126 on Ubuntu 20.04 (focal) - medium. + The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 06:29:00 UTC + 2017-06-12 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9126.html + https://www.exploit-db.com/exploits/42148/ + https://ubuntu.com/security/notices/USN-4545-1 + + + + + + + + + + CVE-2017-9127 on Ubuntu 20.04 (focal) - medium. + The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 06:29:00 UTC + 2017-06-12 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9127.html + https://www.exploit-db.com/exploits/42148/ + https://ubuntu.com/security/notices/USN-4545-1 + + + + + + + + + + CVE-2017-9128 on Ubuntu 20.04 (focal) - medium. + The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-06-12 06:29:00 UTC + 2017-06-12 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9128.html + https://www.exploit-db.com/exploits/42148/ + https://ubuntu.com/security/notices/USN-4545-1 + + + + + + + + + + CVE-2017-9330 on Ubuntu 20.04 (focal) - low. + QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-08 16:29:00 UTC + 2017-06-08 + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863943 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9330.html + https://ubuntu.com/security/notices/USN-3414-1 + + + + + + + + + + CVE-2017-9373 on Ubuntu 20.04 (focal) - low. + Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-16 22:29:00 UTC + 2017-06-16 + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864216 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9373.html + https://ubuntu.com/security/notices/USN-3414-1 + + + + + + + + + + CVE-2017-9374 on Ubuntu 20.04 (focal) - low. + Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-16 22:29:00 UTC + 2017-06-16 + Li Qiang + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864568 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9374.html + https://ubuntu.com/security/notices/USN-3414-1 + + + + + + + + + + CVE-2017-9375 on Ubuntu 20.04 (focal) - low. + QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-16 22:29:00 UTC + 2017-06-16 + Li Qiang + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864219 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9375.html + https://ubuntu.com/security/notices/USN-3414-1 + + + + mdeslaur> watch for regression, see mdeslaur> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869945 + + + + + + + + + CVE-2017-9503 on Ubuntu 20.04 (focal) - low. + QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-16 22:29:00 UTC + 2017-06-16 + Zhangyanyu + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865754 + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9503.html + https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html + https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html + https://ubuntu.com/security/notices/USN-3414-1 + + + + + + + + + + CVE-2017-9725 on Ubuntu 20.04 (focal) - medium. + In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2017 Canonical Ltd. + 2017-09-21 15:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9725.html + https://access.redhat.com/errata/RHSA-2018:0676 + https://access.redhat.com/errata/RHSA-2018:1062 + https://access.redhat.com/errata/RHSA-2018:1130 + https://access.redhat.com/errata/RHSA-2018:1170 + https://source.android.com/security/bulletin/2017-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2017-9986 on Ubuntu 20.04 (focal) - low. + The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2017 Canonical Ltd. + 2017-06-28 06:29:00 UTC + Pengfei Wang + http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9986.html + https://bugzilla.kernel.org/show_bug.cgi?id=196135 + + + + sbeattie> unfixed as of 2017-08-24 sbeattie> OSS msnd pinnacle driver, Ubuntu kernels have OSS drivers disabled. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-0618 on Ubuntu 20.04 (focal) - low. + Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-26 17:29:00 UTC + 2018-07-26 17:29:00 UTC + https://bugs.launchpad.net/ubuntu/+source/mailman/+bug/1803838 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-0618.html + https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html + https://launchpad.net/mailman/+milestone/2.1.27 + https://www.tenable.com/plugins/nessus/110691 + https://ubuntu.com/security/notices/USN-4348-1 + + + + + + + + + + CVE-2018-0734 on Ubuntu 20.04 (focal) - low. + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-30 12:29:00 UTC + 2018-10-30 + mdeslaur + Samuel Weiser + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-0734.html + https://www.openssl.org/news/secadv/20181030.txt + https://ubuntu.com/security/notices/USN-3840-1 + + + + mdeslaur> there are other similar commits in crypto/dsa/dsa_ossl.c that mdeslaur> likely need backporting also. mdeslaur> upstream advisory was ammended with more commits + + + + + + + + + CVE-2018-0735 on Ubuntu 20.04 (focal) - low. + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-29 13:29:00 UTC + 2018-10-29 + mdeslaur + Samuel Weiser + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-0735.html + https://www.openssl.org/news/secadv/20181029.txt + https://ubuntu.com/security/notices/USN-3840-1 + + + + mdeslaur> this may be introduced by the fix for CVE-2018-5407 + + + + + + + + + CVE-2018-1000035 on Ubuntu 20.04 (focal) - low. + A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-02-09 23:29:00 UTC + 2018-02-09 23:29:00 UTC + R. Freingruber + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889838 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000035.html + https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html + https://ubuntu.com/security/notices/USN-4672-1 + + + + ratliff> mitigated by FORTIFY_SOURCE + + + + + + + + + CVE-2018-1000500 on Ubuntu 20.04 (focal) - medium. + Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + 2018-06-26 16:29:00 UTC + mdeslaur + https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1879533 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000500.html + http://lists.busybox.net/pipermail/busybox/2018-May/086462.html + https://git.busybox.net/busybox/tree/networking/wget.c?id=8bc418f07eab79a9c8d26594629799f6157a9466#n74 + https://ubuntu.com/security/notices/USN-4531-1 + + + + mdeslaur> per Red Hat, SSL support was added in 1.23.0. Older versions mdeslaur> don't support https at all. + + + + + + + + + CVE-2018-1000517 on Ubuntu 20.04 (focal) - medium. + BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-26 16:29:00 UTC + 2018-06-26 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902724 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000517.html + https://ubuntu.com/security/notices/USN-3935-1 + + + + + + + + + + CVE-2018-1000656 on Ubuntu 20.04 (focal) - low. + The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-20 19:31:00 UTC + 2018-08-20 19:31:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000656.html + https://github.com/pallets/flask/releases/tag/0.12.3 + https://ubuntu.com/security/notices/USN-4378-1 + + + + + + + + + + CVE-2018-1000852 on Ubuntu 20.04 (focal) - low. + FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 15:29:00 UTC + 2018-12-20 15:29:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/4866 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000852.html + https://ubuntu.com/security/notices/USN-4379-1 + + + + + + + + + + CVE-2018-10322 on Ubuntu 20.04 (focal) - low. + The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 06:29:00 UTC + 2018-04-24 06:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10322.html + https://bugzilla.kernel.org/show_bug.cgi?id=199377 + https://www.spinics.net/lists/linux-xfs/msg17215.html + https://ubuntu.com/security/notices/USN-4579-1 + https://ubuntu.com/security/notices/USN-4578-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-10323 on Ubuntu 20.04 (focal) - low. + The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-04-24 06:29:00 UTC + 2018-04-24 + Wen Xu + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10323.html + https://bugzilla.kernel.org/show_bug.cgi?id=199423 + https://www.spinics.net/lists/linux-xfs/msg17254.html + https://ubuntu.com/security/notices/USN-3752-1 + https://ubuntu.com/security/notices/USN-3752-2 + https://ubuntu.com/security/notices/USN-3754-1 + https://ubuntu.com/security/notices/USN-3752-3 + https://ubuntu.com/security/notices/USN-4486-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-1064 on Ubuntu 20.04 (focal) - low. + libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-28 18:29:00 UTC + 2018-03-28 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1064.html + https://ubuntu.com/security/notices/USN-3680-1 + + + + + + + + + + CVE-2018-10839 on Ubuntu 20.04 (focal) - medium. + Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-16 14:29:00 UTC + 2018-10-16 + mdeslaur + Daniel Shapira, Arash Tohidi + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910431 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10839.html + https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html + https://ubuntu.com/security/notices/USN-3826-1 + + + + + + + + + + CVE-2018-10945 on Ubuntu 20.04 (focal) - medium. + The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-19 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10945.html + + + + + + + + + + CVE-2018-10963 on Ubuntu 20.04 (focal) - low. + The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-10 02:29:00 UTC + 2018-05-09 + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898348 + http://bugzilla.maptools.org/show_bug.cgi?id=2795 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-10963.html + https://ubuntu.com/security/notices/USN-3864-1 + + + + + + + + + + CVE-2018-1109 on Ubuntu 20.04 (focal) - untriaged. + A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2021 Canonical Ltd. + 2021-03-30 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1109.html + https://snyk.io/vuln/npm:braces:20180219 + https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451 + https://www.npmjs.com/advisories/786 + + + + + + + + + + CVE-2018-11237 on Ubuntu 20.04 (focal) - medium. + An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-05-18 16:29:00 UTC + 2018-05-18 16:29:00 UTC + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=23196 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899070 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11237.html + https://ubuntu.com/security/notices/USN-4416-1 + + + + sbeattie> looks to have been introduced in 2.23 + + + + + + + + + CVE-2018-11489 on Ubuntu 20.04 (focal) - low. + The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-05-26 18:29:00 UTC + https://sourceforge.net/p/giflib/bugs/112/ + https://github.com/pts/sam2p/issues/37 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11489.html + + + + + + + + + + CVE-2018-1160 on Ubuntu 20.04 (focal) - medium. + Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. It was discovered that Netatalk did not properly handle certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-20 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916930 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1160.html + https://bugzilla.samba.org/show_bug.cgi?id=13711 + http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html + https://attachments.samba.org/attachment.cgi?id=14735 + https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/ + https://www.tenable.com/security/research/tra-2018-48 + + + + + + + + + + CVE-2018-11759 on Ubuntu 20.04 (focal) - medium. + The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-31 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11759.html + https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.46 + https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E + + + + + + + + + + CVE-2018-11806 on Ubuntu 20.04 (focal) - medium. + m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-13 16:29:00 UTC + 2018-06-13 + mdeslaur + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901017 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11806.html + https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html + https://ubuntu.com/security/notices/USN-3826-1 + + + + + + + + + + CVE-2018-12086 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-14 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12086.html + https://www.wireshark.org/security/wnpa-sec-2018-50.html + https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28a7a79cac425d1b1ecf06e73add41edd2241e49 + + + + + + + + + + CVE-2018-12178 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 20:29:00 UTC + 2019-03-27 20:29:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=809 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12178.html + https://lists.01.org/pipermail/edk2-devel/2019-February/037251.html + https://ubuntu.com/security/notices/USN-4349-1 + + + + + + + + + + CVE-2018-12180 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 20:29:00 UTC + 2019-03-27 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12180.html + https://lists.01.org/pipermail/edk2-devel/2019-February/037248.html + https://lists.01.org/pipermail/edk2-devel/2019-February/037249.html + https://lists.01.org/pipermail/edk2-devel/2019-February/037250.html + https://ubuntu.com/security/notices/USN-4349-1 + + + + + + + + + + CVE-2018-12181 on Ubuntu 20.04 (focal) - medium. + Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 20:29:00 UTC + 2019-03-27 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924615 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12181.html + https://lists.01.org/pipermail/edk2-devel/2019-March/037626.html + https://ubuntu.com/security/notices/USN-4349-1 + + + + + + + + + + CVE-2018-12545 on Ubuntu 20.04 (focal) - medium. + In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12545.html + https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096 + + + + + + + + + + CVE-2018-12617 on Ubuntu 20.04 (focal) - medium. + qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-06-21 18:29:00 UTC + 2018-06-21 + mdeslaur + Fakhri Zulkifli + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902725 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12617.html + https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6 + https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html + https://ubuntu.com/security/notices/USN-3826-1 + + + + + + + + + + CVE-2018-13093 on Ubuntu 20.04 (focal) - low. + An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-03 10:29:00 UTC + 2018-07-03 + Wen Xu + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13093.html + https://bugzilla.kernel.org/show_bug.cgi?id=199367 + https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=afca6c5b2595fc44383919fba740c194b0b76aff + https://github.com/torvalds/linux/commit/afca6c5b2595fc44383919fba740c194b0b76aff + https://ubuntu.com/security/notices/USN-4094-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4709-1 + https://ubuntu.com/security/notices/USN-4708-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-13095 on Ubuntu 20.04 (focal) - low. + An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-03 10:29:00 UTC + 2018-07-03 10:29:00 UTC + Wen Xu + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13095.html + https://bugzilla.kernel.org/show_bug.cgi?id=199915 + https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=23fcb3340d033d9f081e21e6c12c2db7eaa541d3 + https://github.com/torvalds/linux/commit/23fcb3340d033d9f081e21e6c12c2db7eaa541d3 + https://ubuntu.com/security/notices/USN-4904-1 + https://ubuntu.com/security/notices/USN-4907-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-13098 on Ubuntu 20.04 (focal) - low. + An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-03 10:29:00 UTC + 2018-07-03 + Wen Xu + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13098.html + https://bugzilla.kernel.org/show_bug.cgi?id=200173 + https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad + https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/commit/?h=dev&id=76d56d4ab4f2a9e4f085c7d77172194ddaccf7d2 + https://ubuntu.com/security/notices/USN-4094-1 + https://ubuntu.com/security/notices/USN-4118-1 + + + + sbeattie> fix commit subject "f2fs: fix to do sanity check with extra_attr feature" tyhicks> The affected user base for this issue is likely small since f2fs is not the default filesystem and it is not widely used in Ubuntu + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-13139 on Ubuntu 20.04 (focal) - low. + A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-04 14:29:00 UTC + 2018-07-04 + mdeslaur + https://github.com/erikd/libsndfile/issues/397 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13139.html + https://ubuntu.com/security/notices/USN-4013-1 + https://ubuntu.com/security/notices/USN-4704-1 + + + + mdeslaur> in Check-MAX_CHANNELS-in-sndfile-deinterleave.patch patch in mdeslaur> disco+ + + + + + + + + + CVE-2018-13796 on Ubuntu 20.04 (focal) - low. + An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-12 18:29:00 UTC + 2018-07-12 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903674 + https://bugs.launchpad.net/ubuntu/+source/mailman/+bug/1803838 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13796.html + https://mail.python.org/pipermail/mailman-users/2018-July/083536.html + https://www.mail-archive.com/mailman-users@python.org/msg71003.html + https://ubuntu.com/security/notices/USN-4348-1 + + + + + + + + + + CVE-2018-13863 on Ubuntu 20.04 (focal) - untriaged. + The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2018 Canonical Ltd. + 2018-07-10 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-13863.html + https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a (1.0.5) + + + + + + + + + + CVE-2018-14036 on Ubuntu 20.04 (focal) - low. + Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-13 12:29:00 UTC + 2018-07-13 12:29:00 UTC + Matthias Gerstner + https://bugs.freedesktop.org/show_bug.cgi?id=107085 + https://bugzilla.suse.com/show_bug.cgi?id=1099699 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14036.html + http://www.openwall.com/lists/oss-security/2018/07/02/2 + https://ubuntu.com/security/notices/USN-4616-1 + https://ubuntu.com/security/notices/USN-4616-2 + + + + + + + + + + CVE-2018-14432 on Ubuntu 20.04 (focal) - low. + In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-07-31 14:29:00 UTC + Kristi Nikolla + https://launchpad.net/bugs/1779205 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616 + https://bugzilla.redhat.com/show_bug.cgi?id=1606868 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14432.html + http://www.openwall.com/lists/oss-security/2018/07/25/2 + + + + mdeslaur> per redhat bug, not reproducible on release older than ocata + + + + + + + + + CVE-2018-14625 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-10 13:29:00 UTC + 2018-09-10 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14625.html + https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039 + https://lore.kernel.org/lkml/000000000000b4f77905723b70ee@google.com/ + https://lore.kernel.org/lkml/?q=%22syzbot%2Bbd391451452fb0b93039%40syzkaller.appspotmail.com%22 + https://ubuntu.com/security/notices/USN-3871-1 + https://ubuntu.com/security/notices/USN-3872-1 + https://ubuntu.com/security/notices/USN-3871-3 + https://ubuntu.com/security/notices/USN-3871-4 + https://ubuntu.com/security/notices/USN-3878-1 + https://ubuntu.com/security/notices/USN-3871-5 + https://ubuntu.com/security/notices/USN-3878-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-15127 on Ubuntu 20.04 (focal) - medium. + LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-19 16:29:00 UTC + 2018-12-19 + mdeslaur + https://github.com/LibVNC/libvncserver/issues/243 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15127.html + https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/ + https://ubuntu.com/security/notices/USN-3877-1 + https://ubuntu.com/security/notices/USN-4547-1 + + + + mdeslaur> initial commit was incomplete, see comment on original bug mdeslaur> New CVE numbers for complete fix are CVE-2018-20749 and mdeslaur> CVE-2018-20750 + + + + + + + + + CVE-2018-15822 on Ubuntu 20.04 (focal) - low. + The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-23 23:29:00 UTC + 2018-08-23 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15822.html + https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10 + https://ubuntu.com/security/notices/USN-3967-1 + https://ubuntu.com/security/notices/USN-4431-1 + + + + + + + + + + CVE-2018-15919 on Ubuntu 20.04 (focal) - low. + Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-08-28 08:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907503 + https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-15919 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-15919.html + http://www.openwall.com/lists/oss-security/2018/08/27/2 + http://seclists.org/oss-sec/2018/q3/180 + + + + seth-arnold> openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. mdeslaur> SUSE reverted the fix for this issue because of a regression mdeslaur> mdeslaur> per the post to oss-security, upstream doesn't conside this to mdeslaur> be a security issue, and as of 2020-07-07, there is no upstream mdeslaur> fix for this. We will not be fixing this issue in Ubuntu. + + + + + + + + + + + + CVE-2018-16375 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. It was discovered that OpenJPEG incorrectly handled certain PNM files. A remote attacker could possibly use this issue to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-09-03 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16375.html + https://github.com/uclouvain/openjpeg/issues/1126 + + + + mdeslaur> Ubuntu packages are built with -DBUILD_JPWL:BOOL=OFF, so the mdeslaur> vulnerable code isn't compiled + + + + + + + + + CVE-2018-17958 on Ubuntu 20.04 (focal) - medium. + Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 22:29:00 UTC + 2018-10-09 + mdeslaur + Daniel Shapira, Arash Tohidi + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17958.html + https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html + https://ubuntu.com/security/notices/USN-3826-1 + + + + + + + + + + CVE-2018-17962 on Ubuntu 20.04 (focal) - medium. + Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 22:29:00 UTC + 2018-10-09 + mdeslaur + Daniel Shapira, Arash Tohidi + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17962.html + https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html + https://ubuntu.com/security/notices/USN-3826-1 + + + + + + + + + + CVE-2018-17963 on Ubuntu 20.04 (focal) - medium. + qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-09 22:29:00 UTC + 2018-10-09 + mdeslaur + Daniel Shapira + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17963.html + https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html + https://ubuntu.com/security/notices/USN-3826-1 + + + + + + + + + + CVE-2018-18281 on Ubuntu 20.04 (focal) - medium. + Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-30 18:29:00 UTC + 2018-10-30 + Jann Horn + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18281.html + https://git.kernel.org/linus/eb66ae030829605d61fbef1909ce310e29f78821 + https://bugs.chromium.org/p/project-zero/issues/detail?id=1695 + https://ubuntu.com/security/notices/USN-3832-1 + https://ubuntu.com/security/notices/USN-3835-1 + https://ubuntu.com/security/notices/USN-3871-1 + https://ubuntu.com/security/notices/USN-3871-3 + https://ubuntu.com/security/notices/USN-3871-4 + https://ubuntu.com/security/notices/USN-3880-1 + https://ubuntu.com/security/notices/USN-3880-2 + https://ubuntu.com/security/notices/USN-3871-5 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-18444 on Ubuntu 20.04 (focal) - low. + makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-17 19:29:00 UTC + 2018-10-17 19:29:00 UTC + mdeslaur + TAN JIE + https://github.com/openexr/openexr/issues/351 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18444.html + https://ubuntu.com/security/notices/USN-4148-1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + mdeslaur> proposed patch in bug mdeslaur> mdeslaur> The patch for this issue was dropped during the focal mdeslaur> development cycle by mistake. + + + + + + + + + CVE-2018-18661 on Ubuntu 20.04 (focal) - low. + An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-10-26 14:29:00 UTC + 2018-10-26 + mdeslaur + http://bugzilla.maptools.org/show_bug.cgi?id=2819 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912012 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18661.html + https://ubuntu.com/security/notices/USN-3864-1 + + + + + + + + + + CVE-2018-18765 on Ubuntu 20.04 (focal) - medium. + An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-10-29 12:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18765.html + + + + + + + + + + CVE-2018-18820 on Ubuntu 20.04 (focal) - medium. + A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-05 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912611 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18820.html + https://www.openwall.com/lists/oss-security/2018/11/01/3 + https://gitlab.xiph.org/xiph/icecast-server/issues/2342 + https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820 + + + + + + + + + + CVE-2018-18849 on Ubuntu 20.04 (focal) - low. + In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:00:00 UTC + 2018-11-02 + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912535 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18849.html + https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06682.html + https://ubuntu.com/security/notices/USN-3826-1 + + + + + + + + + + CVE-2018-18898 on Ubuntu 20.04 (focal) - medium. + The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:00:00 UTC + 2019-03-21 16:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18898.html + https://github.com/bestpractical/email-address-list/commit/a22e6b233443fe3ad1a408e50ecbd7237674817d + https://github.com/bestpractical/email-address-list/commit/6dd5021a6e5df2e8c86a163dc2e180a76a38e63b + https://github.com/bestpractical/email-address-list/commit/31bd4dc2dfb26fd6a17e4436df3d3c8904856f30 + https://ubuntu.com/security/notices/USN-4517-1 + + + + + + + + + + CVE-2018-19210 on Ubuntu 20.04 (focal) - low. + In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-12 19:29:00 UTC + 2018-11-12 + mdeslaur + http://bugzilla.maptools.org/show_bug.cgi?id=2820 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913675 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19210.html + https://ubuntu.com/security/notices/USN-3906-1 + + + + + + + + + + CVE-2018-19352 on Ubuntu 20.04 (focal) - medium. + Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-11-18 17:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19352.html + https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648 + https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst + https://pypi.org/project/notebook/#history + + + + + + + + + + CVE-2018-19364 on Ubuntu 20.04 (focal) - low. + hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-13 19:29:00 UTC + 2018-11-20 + mdeslaur + Zhibin Hu + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19364.html + https://www.openwall.com/lists/oss-security/2018/11/20/1 + https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html + https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html + https://ubuntu.com/security/notices/USN-3826-1 + + + + + + + + + + CVE-2018-19432 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-22 05:29:00 UTC + 2018-11-22 + mdeslaur + https://github.com/erikd/libsndfile/issues/427 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19432.html + https://ubuntu.com/security/notices/USN-4013-1 + https://ubuntu.com/security/notices/USN-4704-1 + + + + mdeslaur> in Check-MAX_CHANNELS-in-sndfile-deinterleave.patch patch in mdeslaur> disco+ + + + + + + + + + CVE-2018-19489 on Ubuntu 20.04 (focal) - low. + v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-13 19:29:00 UTC + 2018-12-13 + Zhibin Hu + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19489.html + https://www.openwall.com/lists/oss-security/2018/11/26/1 + https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html + https://ubuntu.com/security/notices/USN-3923-1 + + + + + + + + + + CVE-2018-19591 on Ubuntu 20.04 (focal) - medium. + In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-04 16:29:00 UTC + 2018-12-04 16:29:00 UTC + mdeslaur + https://sourceware.org/bugzilla/show_bug.cgi?id=23927 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914837 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19591.html + https://ubuntu.com/security/notices/USN-4416-1 + + + + ebarretto> In trusty and precise the code that introduced the issue ebarretto> is not present. sbeattie> reproducer testcase in upstream bug report sbeattie> introduced in 2180fee114b778515b3f560e5ff1e795282e60b0 (2.27 cycle) + + + + + + + + + CVE-2018-19661 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-29 08:29:00 UTC + 2018-11-29 + mdeslaur + https://github.com/erikd/libsndfile/issues/429 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19661.html + https://ubuntu.com/security/notices/USN-4013-1 + https://ubuntu.com/security/notices/USN-4704-1 + + + + mdeslaur> a-ulaw-fix-multiple-buffer-overflows-432.patch + + + + + + + + + CVE-2018-19662 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-29 08:29:00 UTC + 2018-11-29 + mdeslaur + https://github.com/erikd/libsndfile/issues/429 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19662.html + https://ubuntu.com/security/notices/USN-4013-1 + https://ubuntu.com/security/notices/USN-4704-1 + + + + mdeslaur> a-ulaw-fix-multiple-buffer-overflows-432.patch + + + + + + + + + CVE-2018-19665 on Ubuntu 20.04 (focal) - low. + The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-06 23:29:00 UTC + Arash Tohidi + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916278 + https://bugzilla.redhat.com/show_bug.cgi?id=1607652 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19665.html + + + + mdeslaur> as of 2020-06-18, proposed fix not committed mdeslaur> as of https://github.com/qemu/qemu/commit/c0188e69d, the mdeslaur> bluetooth subsystem is marked as unmaintained mdeslaur> mdeslaur> We will not be fixing this issue in Ubuntu stable releases. mdeslaur> We recommend not using the bluetooth support. + + + + + + + + + CVE-2018-19758 on Ubuntu 20.04 (focal) - low. + There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-30 03:29:00 UTC + 2018-11-29 + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1643812 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19758.html + https://ubuntu.com/security/notices/USN-4013-1 + https://ubuntu.com/security/notices/USN-4704-1 + + + + mdeslaur> first commit was incomplete fix, see CVE-2019-3832 mdeslaur> src-wav.c-Fix-heap-read-overflow.patch + + + + + + + + + CVE-2018-20019 on Ubuntu 20.04 (focal) - medium. + LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-19 16:29:00 UTC + 2018-12-19 + mdeslaur + https://github.com/LibVNC/libvncserver/issues/247 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20019.html + https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/ + https://ubuntu.com/security/notices/USN-3877-1 + https://ubuntu.com/security/notices/USN-4547-1 + + + + mdeslaur> original upstream patch for this issue was incomplete. See mdeslaur> CVE-2018-20748 for more fixes. + + + + + + + + + CVE-2018-20023 on Ubuntu 20.04 (focal) - medium. + LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-19 16:29:00 UTC + 2018-12-19 + mdeslaur + https://github.com/LibVNC/libvncserver/issues/253 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20023.html + https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/ + https://ubuntu.com/security/notices/USN-3877-1 + https://ubuntu.com/security/notices/USN-4547-1 + + + + + + + + + + CVE-2018-20030 on Ubuntu 20.04 (focal) - low. + An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-20 17:29:00 UTC + 2019-02-20 17:29:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918730 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20030.html + https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/ + https://ubuntu.com/security/notices/USN-4358-1 + + + + + + + + + + CVE-2018-20225 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-05-08 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20225.html + https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html + https://pip.pypa.io/en/stable/news/ + + + + mdeslaur> This works as per the documentation, and this CVE has been mdeslaur> disputed as being a security issue. There is no fix for this mdeslaur> issue available fom pip developers. We will not be fixing this mdeslaur> issue in Ubuntu. + + + + + + + + + CVE-2018-20349 on Ubuntu 20.04 (focal) - medium. + The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object. It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service (crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-12-22 00:29:00 UTC + 2018-12-22 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20349.html + https://github.com/igraph/igraph/issues/1141 + https://ubuntu.com/security/notices/USN-4644-1 + + + + + + + + + + CVE-2018-20482 on Ubuntu 20.04 (focal) - low. + GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-12-26 18:29:00 UTC + 2018-12-26 18:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917377 + https://bugzilla.redhat.com/show_bug.cgi?id=1662346 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20482.html + https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug + https://news.ycombinator.com/item?id=18745431 + https://twitter.com/thatcks/status/1076166645708668928 + http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html + https://ubuntu.com/security/notices/USN-4692-1 + + + + + + + + + + CVE-2018-20669 on Ubuntu 20.04 (focal) - low. + An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:00:00 UTC + 2019-03-21 16:00:00 UTC + Timothy Michaud + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20669.html + https://www.openwall.com/lists/oss-security/2019/01/23/6 + https://www.openwall.com/lists/oss-security/2019/02/07/1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + tyhicks> Only the i915_gem_execbuffer2_ioctl() changes are technically needed for this CVE. It would be ideal to audit the callers of the other changed functions in the fix commit. tyhicks> This CVE is being disputed. See the oss-security emails on 2019-02-07 for details. sbeattie> while this specific ioctl may or may not be vulnerable, the fix is generic aenough to possibly block other vulnerabilities. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-20679 on Ubuntu 20.04 (focal) - low. + An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-09 16:29:00 UTC + 2019-01-09 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918846 + https://bugs.busybox.net/show_bug.cgi?id=11506 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20679.html + https://busybox.net/news.html + https://ubuntu.com/security/notices/USN-3935-1 + + + + mdeslaur> this fix is incomplete, see CVE-2019-5747 + + + + + + + + + CVE-2018-20749 on Ubuntu 20.04 (focal) - medium. + LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-30 18:29:00 UTC + 2019-01-30 + mdeslaur + https://github.com/LibVNC/libvncserver/issues/273 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20749.html + https://ubuntu.com/security/notices/USN-3877-1 + https://ubuntu.com/security/notices/USN-4547-1 + + + + + + + + + + CVE-2018-20750 on Ubuntu 20.04 (focal) - medium. + LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-30 18:29:00 UTC + 2019-01-30 + mdeslaur + https://github.com/LibVNC/libvncserver/issues/273 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20750.html + https://ubuntu.com/security/notices/USN-3877-1 + https://ubuntu.com/security/notices/USN-4547-1 + + + + + + + + + + CVE-2018-20796 on Ubuntu 20.04 (focal) - negligible. + In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-02-26 02:29:00 UTC + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20796.html + https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html + + + + mdeslaur> glibc regex compiler is not supposed to be exposed to untrusted mdeslaur> content, and upstream does not consider this to be a security mdeslaur> issue: https://sourceware.org/glibc/wiki/Security%20Exceptions mdeslaur> https://lists.gnu.org/r/bug-gnulib/2018-09/msg00068.html mdeslaur> mdeslaur> as of 2020-06-04, no fix available from upstream. mdeslaur> We will not be fixing this issue in Ubuntu, marking as mdeslaur> ignored. + + + + + + + + + CVE-2018-20815 on Ubuntu 20.04 (focal) - medium. + In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. Kurtis Miller discovered that a buffer overflow existed in QEMU when loading a device tree blob. A local attacker could use this to execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-31 22:29:00 UTC + 2018-12-31 + Kurtis Miller + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20815.html + https://www.openwall.com/lists/oss-security/2019/03/27/1 + https://ubuntu.com/security/notices/USN-3978-1 + + + + + + + + + + CVE-2018-20976 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-19 02:15:00 UTC + 2019-08-18 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20976.html + https://git.kernel.org/linus/c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82 + https://ubuntu.com/security/notices/USN-4144-1 + https://ubuntu.com/security/notices/USN-4145-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-21008 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-04 21:15:00 UTC + 2019-09-04 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-21008.html + https://git.kernel.org/linus/abd39c6ded9db53aa44c2540092bdd5fb6590fa8 + https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.7 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abd39c6ded9db53aa44c2540092bdd5fb6590fa8 + https://ubuntu.com/security/notices/USN-4162-1 + https://ubuntu.com/security/notices/USN-4163-1 + https://ubuntu.com/security/notices/USN-4162-2 + https://ubuntu.com/security/notices/USN-4163-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-4056 on Ubuntu 20.04 (focal) - medium. + An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-05 18:29:00 UTC + ebarretto + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4056.html + https://www.debian.org/security/2019/dsa-4373 + + + + ebarretto> As the administration web interface is shared with the production, ebarretto> it is unfortunately not possible to easily filter outside access ebarretto> and this security update completely disable the web interface. ebarretto> Users should use the local, command line interface instead. + + + + + + + + + CVE-2018-4058 on Ubuntu 20.04 (focal) - medium. + An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:00:00 UTC + ebarretto + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4058.html + https://www.debian.org/security/2019/dsa-4373 + + + + + + + + + + CVE-2018-4059 on Ubuntu 20.04 (focal) - medium. + An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:00:00 UTC + ebarretto + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4059.html + https://www.debian.org/security/2019/dsa-4373 + + + + + + + + + + CVE-2018-4300 on Ubuntu 20.04 (focal) - medium. + The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-03 18:29:00 UTC + mdeslaur + Jann Horn + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915909 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-4300.html + https://ubuntu.com/security/notices/USN-3842-1 + + + + mdeslaur> Updates for this issue were originally assigned CVE-2018-4700, mdeslaur> which was a typo and got rejected. + + + + + + + + + CVE-2018-5383 on Ubuntu 20.04 (focal) - medium. + Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-08-07 21:29:00 UTC + 2018-08-07 + Eli Biham and Lior Neumann + https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-5383 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-5383 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5383.html + http://www.cs.technion.ac.il/~biham/BT/ + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html + https://ubuntu.com/security/notices/USN-4094-1 + https://ubuntu.com/security/notices/USN-4095-1 + https://ubuntu.com/security/notices/USN-4095-2 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4351-1 + + + + mdeslaur> bluetooth firmware blobs need version 20.60 and higher mdeslaur> Intel recommended to use the latest FW which is now 20.70 mdeslaur> Intel page says "Any Linux kernel version 3.19 and higher will mdeslaur> also need an update.", adding kernel packages. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-5407 on Ubuntu 20.04 (focal) - low. + Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-11-15 21:29:00 UTC + 2018-11-15 + mdeslaur + Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, Alejandro Cabrera Aldaya + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5407.html + https://www.openwall.com/lists/oss-security/2018/11/01/4 + https://github.com/bbbrumley/portsmash + https://ubuntu.com/security/notices/USN-3840-1 + + + + mdeslaur> this is a hardware issue, but openssl did commit a workaround mdeslaur> in 1.1.1, 1.1.0i + + + + + + + + + CVE-2018-5683 on Ubuntu 20.04 (focal) - low. + The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-23 18:29:00 UTC + 2018-01-23 + Jiang Xin, Lin ZheCheng + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887392 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5683.html + https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02131.html + http://www.openwall.com/lists/oss-security/2018/01/15/2 + https://ubuntu.com/security/notices/USN-3575-1 + + + + + + + + + + CVE-2018-5711 on Ubuntu 20.04 (focal) - low. + gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-16 09:29:00 UTC + 2018-01-16 + https://github.com/libgd/libgd/issues/420 + https://bugs.php.net/bug.php?id=75571 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5711.html + http://php.net/ChangeLog-5.php + http://php.net/ChangeLog-7.php + https://ubuntu.com/security/notices/USN-3755-1 + + + + mdeslaur> php uses the system libgd2 + + + + + + + + + CVE-2018-5729 on Ubuntu 20.04 (focal) - low. + MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. It was discovered that Kerberos incorrectly handled tagged data. A remote authenticated attacker could possibly use this issue to obtain sensitive information or cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-06 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5729.html + + + + + + + + + + CVE-2018-5730 on Ubuntu 20.04 (focal) - low. + MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. It was discovered that Kerberos incorrectly handled certain database arguments. A remote authenticated attacker could possibly use this issue to obtain sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-06 20:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5730.html + + + + + + + + + + CVE-2018-5748 on Ubuntu 20.04 (focal) - low. + qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-01-25 16:29:00 UTC + 2018-01-25 + mdeslaur + Daniel P. Berrange and Peter Krempa + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887700 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5748.html + https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html + https://ubuntu.com/security/notices/USN-3576-1 + + + + + + + + + + CVE-2018-5848 on Ubuntu 20.04 (focal) - low. + In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-06-12 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5848.html + https://access.redhat.com/errata/RHSA-2018:2948 + https://access.redhat.com/errata/RHSA-2018:3083 + https://access.redhat.com/errata/RHSA-2018:3096 + https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html + https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html + https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html + https://source.android.com/security/bulletin/pixel/2018-05-01 + https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-5953 on Ubuntu 20.04 (focal) - negligible. + The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. It was discovered that the software IO TLB implementation in the Linux kernel could report kernel pointers via dmesg. An attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-08-07 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5953.html + https://github.com/johnsonwangqize/cve-linux/blob/master/%20CVE-2018-5953.md + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-5995 on Ubuntu 20.04 (focal) - negligible. + The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. It was discovered that the per cpu memory allocator in the Linux kernel could report kernel pointers via dmesg. An attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-08-07 18:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5995.html + https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-6485 on Ubuntu 20.04 (focal) - medium. + An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-01 14:29:00 UTC + 2018-02-01 14:29:00 UTC + Jakub Wilk + http://bugs.debian.org/878159 + https://sourceware.org/bugzilla/show_bug.cgi?id=22343 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6485.html + https://ubuntu.com/security/notices/USN-4218-1 + https://ubuntu.com/security/notices/USN-4416-1 + + + + + + + + + + CVE-2018-6621 on Ubuntu 20.04 (focal) - medium. + The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. It was discovered that FFmpeg incorrectly handled certain AVI files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-02-05 04:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6621.html + https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b + + + + + + + + + + CVE-2018-7273 on Ubuntu 20.04 (focal) - negligible. + In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. It was discovered that the floppy driver in the Linux kernel could report kernel pointers via dmesg. An attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-02-21 00:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7273.html + https://lkml.org/lkml/2018/2/20/669 + + + + sbeattie> kaslr info leak in floppy block driver + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-7456 on Ubuntu 20.04 (focal) - negligible. + A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-02-24 06:29:00 UTC + 2018-02-24 + mdeslaur + http://bugzilla.maptools.org/show_bug.cgi?id=2778 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891288 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7456.html + https://github.com/xiaoqx/pocs/tree/master/libtiff + https://ubuntu.com/security/notices/USN-3864-1 + + + + + + + + + + CVE-2018-7550 on Ubuntu 20.04 (focal) - medium. + The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2018 Canonical Ltd. + 2018-03-01 17:29:00 UTC + 2018-03-01 + mdeslaur + Cyrille Chatras + https://bugzilla.redhat.com/show_bug.cgi?id=1549798 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892041 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7550.html + https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html + https://ubuntu.com/security/notices/USN-3649-1 + + + + + + + + + + CVE-2018-7738 on Ubuntu 20.04 (focal) - negligible. + In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-03-07 02:29:00 UTC + 2018-03-07 02:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892179 + https://github.com/karelzak/util-linux/issues/539 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7738.html + https://ubuntu.com/security/notices/USN-4512-1 + + + + sbeattie> bash completion for umount moved from bash-completion to util-linux in util-linux 2.28-1 mdeslaur> script in xenial bash-completion package isn't vulnerable mdeslaur> bash-completion package in bionic+ doesn't contain the umount mdeslaur> helper + + + + + + + + + CVE-2018-7754 on Ubuntu 20.04 (focal) - negligible. + The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. It was discovered that the debugfs implementation in the linux kernel could expose kernel addresses. A privileged attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2018 Canonical Ltd. + 2018-08-10 16:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7754.html + https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421 + https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-7754.md + + + + tyhicks> Two mitigating factors for this issue are that debugfs files are restricted to root and KASLR is only used in 18.04 and newer + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2018-8740 on Ubuntu 20.04 (focal) - low. + In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-17 00:29:00 UTC + 2018-03-17 00:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893195 + https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8740.html + https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema + https://ubuntu.com/security/notices/USN-4205-1 + https://ubuntu.com/security/notices/USN-4394-1 + + + + + + + + + + CVE-2018-8905 on Ubuntu 20.04 (focal) - low. + In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2018 Canonical Ltd. + 2018-03-22 04:29:00 UTC + 2018-03-22 + mdeslaur + http://bugzilla.maptools.org/show_bug.cgi?id=2780 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893806 + http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8905.html + https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow + https://ubuntu.com/security/notices/USN-3864-1 + + + + + + + + + + CVE-2019-0136 on Ubuntu 20.04 (focal) - medium. + Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-13 16:29:00 UTC + 2019-06-13 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0136.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4145-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + tyhicks> Ubuntu was told by an OEM that upstream commits 588f7d39b3592a36fb7702ae3b8bdd9be4621e2f and 79c92ca42b5a3e0ea172ea2ce8df8e125af237da address this CVE. We've reached out to Intel, on 2019-08-08, to confirm the commits and are waiting to hear back. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-0145 on Ubuntu 20.04 (focal) - medium. + Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0145.html + https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html + https://lore.kernel.org/stable/20200807205517.1740307-1-jesse.brandeburg@intel.com/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-0147 on Ubuntu 20.04 (focal) - medium. + Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0147.html + https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html + https://lore.kernel.org/stable/20200807205517.1740307-1-jesse.brandeburg@intel.com/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-0148 on Ubuntu 20.04 (focal) - medium. + Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 19:15:00 UTC + 2019-11-14 19:15:00 UTC + Ryan Hall + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0148.html + https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html + https://lore.kernel.org/stable/20200807205517.1740307-1-jesse.brandeburg@intel.com/ + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html + https://ubuntu.com/security/notices/USN-4681-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-0154 on Ubuntu 20.04 (focal) - medium. + Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 19:15:00 UTC + 2019-11-12 18:00:00 UTC + 2019-11-12 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0154.html + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html + https://ubuntu.com/security/notices/USN-4183-1 + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + + + + tyhicks> This issue only affects Intel® Graphics Processing Units mdeslaur> this CVE was mitigated with a kernel update. As of 2020-03-06, mdeslaur> there is no indication that a firmware update is required to mdeslaur> fix this. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-0155 on Ubuntu 20.04 (focal) - high. + Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. + + Ubuntu 20.04 + + + + High + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 19:15:00 UTC + 2019-11-12 18:00:00 UTC + 2019-11-12 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0155.html + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html + https://ubuntu.com/security/notices/USN-4183-1 + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + https://ubuntu.com/security/notices/USN-4185-3 + https://ubuntu.com/security/notices/USN-4183-2 + https://ubuntu.com/security/notices/USN-4186-3 + https://ubuntu.com/security/notices/USN-4184-2 + + + + tyhicks> This issue only affects Intel® Graphics Processing Units + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-0205 on Ubuntu 20.04 (focal) - medium. + In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + Hasnain Lakhani + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0205.html + https://www.openwall.com/lists/oss-security/2019/10/17/1 + + + + + + + + + + CVE-2019-0210 on Ubuntu 20.04 (focal) - medium. + In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-29 19:15:00 UTC + Alexandre Fiori + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0210.html + https://www.openwall.com/lists/oss-security/2019/10/17/2 + + + + + + + + + + CVE-2019-0220 on Ubuntu 20.04 (focal) - low. + A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-11 21:29:00 UTC + 2019-04-02 + mdeslaur + Bernhard Lorenz + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-0220.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220 + https://ubuntu.com/security/notices/USN-3937-1 + + + + + + + + + + CVE-2019-1000007 on Ubuntu 20.04 (focal) - untriaged. + aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza can be sent to an application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2019 Canonical Ltd. + 2019-02-04 21:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1000007.html + https://github.com/horazont/aioxmpp/pull/268 + + + + + + + + + + CVE-2019-1010022 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-15 04:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22850 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010022.html + + + + mdeslaur> upstream does not consider this to be a security issue, as per mdeslaur> comment in the upstream bug. Marking as ignored. + + + + + + + + + CVE-2019-1010023 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-15 04:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22851 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010023.html + + + + mdeslaur> upstream does not consider this to be a security issue, as ldd mdeslaur> should not be run on untrusted binaries. Marking as ignored. + + + + + + + + + CVE-2019-1010024 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-15 04:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=22852 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010024.html + + + + mdeslaur> upstream does not consider this to be a security issue. mdeslaur> marking as ignored. + + + + + + + + + CVE-2019-10161 on Ubuntu 20.04 (focal) - medium. + It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-30 23:15:00 UTC + 2019-06-20 + mdeslaur + Matthias Gerstner + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10161.html + https://rhn.redhat.com/errata/RHSA-2019-1578.html + https://access.redhat.com/libvirt-privesc-vulnerabilities + https://security.libvirt.org/2019/0004.html + https://ubuntu.com/security/notices/USN-4047-1 + https://ubuntu.com/security/notices/USN-4047-2 + + + + + + + + + + CVE-2019-10207 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash. It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-25 14:15:00 UTC + 2019-07-29 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10207.html + https://www.openwall.com/lists/oss-security/2019/07/25/1 + https://lore.kernel.org/linux-bluetooth/20190729122215.9948-1-vdronov@redhat.com/ + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4145-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + sbeattie> code execution is not possible unless mmap_min_addr is set to 0 (not the default) + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-10217 on Ubuntu 20.04 (focal) - low. + A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-25 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934128 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10217.html + https://github.com/ansible/ansible/issues/56269 + https://github.com/ansible/ansible/pull/59427 + + + + + + + + + + CVE-2019-10220 on Ubuntu 20.04 (focal) - medium. + Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-27 16:15:00 UTC + 2019-11-27 16:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10220 + https://bugzilla.suse.com/show_bug.cgi?id=1144903 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10220.html + https://ubuntu.com/security/notices/USN-4226-1 + + + + tyhicks> Exploiting this vulnerability requires a malicious Samba server + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-10742 on Ubuntu 20.04 (focal) - medium. + Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-05-07 19:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928624 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10742.html + https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505 + https://github.com/axios/axios/issues/1098 + https://github.com/axios/axios/pull/1485 + + + + + + + + + + CVE-2019-10744 on Ubuntu 20.04 (focal) - medium. + Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-26 00:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933079 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10744.html + https://snyk.io/vuln/SNYK-JS-LODASH-450202 + https://github.com/lodash/lodash/issues/4348 + https://github.com/lodash/lodash/pull/4336 + + + + + + + + + + CVE-2019-11026 on Ubuntu 20.04 (focal) - negligible. + FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-04-08 23:29:00 UTC + https://gitlab.freedesktop.org/poppler/poppler/issues/752 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11026.html + https://research.loginsoft.com/bugs/1508/ + + + + mdeslaur> stack overflow due to infinite loop, hardly a security issue mdeslaur> needs backporting mdeslaur> we will not be fixing this issue in Ubuntu stable releases, mdeslaur> marking as ignored + + + + + + + + + CVE-2019-11038 on Ubuntu 20.04 (focal) - low. + When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-19 00:15:00 UTC + 2019-06-19 00:15:00 UTC + https://github.com/libgd/libgd/issues/501 + https://bugs.php.net/bug.php?id=77973 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11038.html + https://ubuntu.com/security/notices/USN-4316-2 + https://ubuntu.com/security/notices/USN-4316-1 + + + + mdeslaur> php uses the system libgd2 + + + + + + + + + CVE-2019-11048 on Ubuntu 20.04 (focal) - medium. + In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-20 08:15:00 UTC + 2020-05-20 08:15:00 UTC + leosilva + https://bugs.php.net/bug.php?id=78875 + https://bugs.php.net/bug.php?id=78876 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11048.html + https://ubuntu.com/security/notices/USN-4375-1 + + + + + + + + + + CVE-2019-11071 on Ubuntu 20.04 (focal) - medium. + SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-10 21:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926764 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11071.html + https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html + https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36 + https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e + https://github.com/spip/SPIP/compare/1e3872c...9861a47 + + + + + + + + + + CVE-2019-11135 on Ubuntu 20.04 (focal) - high. + TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + High + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 19:15:00 UTC + 2019-11-12 18:00:00 UTC + Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck + 2019-11-12 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11135.html + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html + https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort + https://ubuntu.com/security/notices/USN-4182-1 + https://ubuntu.com/security/notices/USN-4182-2 + https://ubuntu.com/security/notices/USN-4183-1 + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4185-2 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + https://ubuntu.com/security/notices/USN-4187-1 + https://ubuntu.com/security/notices/USN-4188-1 + + + + tyhicks> This issue only affects processors manufactured by Intel that support Intel® Transactional Synchronization Extensions (TSX) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-11291 on Ubuntu 20.04 (focal) - low. + Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-22 23:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945601 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11291.html + https://pivotal.io/security/cve-2019-11291 + + + + + + + + + + CVE-2019-11338 on Ubuntu 20.04 (focal) - low. + libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-19 00:29:00 UTC + 2019-04-18 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11338.html + https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e + https://ubuntu.com/security/notices/USN-3967-1 + https://ubuntu.com/security/notices/USN-4431-1 + + + + + + + + + + CVE-2019-11356 on Ubuntu 20.04 (focal) - medium. + The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-03 20:29:00 UTC + 2019-06-03 20:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11356.html + https://bugzilla.redhat.com/show_bug.cgi?id=1717828 + https://github.com/cyrusimap/cyrus-imapd/commit/a5779db8163b99463e25e7c476f9cbba438b65f3 + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGO43JS7IFDNITHXOOHOP6JHRKRDIYY6/ + https://www.cyrusimap.org/imap/download/release-notes/2.5/index.html + https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.13.html + https://www.cyrusimap.org/imap/download/release-notes/3.0/index.html + https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.10.html + https://ubuntu.com/security/notices/USN-4566-1 + + + + + + + + + + CVE-2019-11360 on Ubuntu 20.04 (focal) - negligible. + A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-07-12 14:15:00 UTC + Sebastian Neef + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11360.html + https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/ + + + + mdeslaur> To exploit this, you would need to trick someone into restoring mdeslaur> a set of iptables rules from a malicious iptables-save file. mdeslaur> This is quite an unlikely scenario. mdeslaur> Reproducer doesn't work on xenial and bionic, like an issue mdeslaur> in 1.8.2 only. + + + + + + + + + CVE-2019-11365 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c. It was discovered that atftp's FTP server did not properly handler certain input. An attacker could use this to to cause a denial of service (crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-20 13:29:00 UTC + 2019-04-20 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927553 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11365.html + https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities + https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/ + https://ubuntu.com/security/notices/USN-4540-1 + https://ubuntu.com/security/notices/USN-4643-1 + + + + + + + + + + CVE-2019-11366 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next. It was discovered that atftp's FTP server did not make proper use of mutexes when locking certain data structures. An attacker could use this to cause a denial of service via a NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-04-20 13:29:00 UTC + 2019-04-20 13:29:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927553 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11366.html + https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities + https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/ + https://ubuntu.com/security/notices/USN-4540-1 + https://ubuntu.com/security/notices/USN-4643-1 + + + + + + + + + + CVE-2019-11556 on Ubuntu 20.04 (focal) - medium. + Pagure before 5.6 allows XSS via the templates/blame.html blame view. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-25 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11556.html + https://docs.pagure.org/pagure/changelog.html + https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618 + https://pagure.io/pagure/commits/master + + + + sbeattie| fixed in 5.6 + + + + + + + + + CVE-2019-12068 on Ubuntu 20.04 (focal) - low. + In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-24 20:15:00 UTC + 2019-09-24 20:15:00 UTC + sbeattie + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12068.html + https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html + https://ubuntu.com/security/notices/USN-4191-1 + https://ubuntu.com/security/notices/USN-4191-2 + + + + + + + + + + CVE-2019-12155 on Ubuntu 20.04 (focal) - low. + interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a null pointer dereference. A local attacker in a guest could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-05-24 16:29:00 UTC + 2019-05-24 16:29:00 UTC + Sergej Schumilo, Cornelius Aschermann and Simon Wörner + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929353 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12155.html + https://www.openwall.com/lists/oss-security/2019/05/22/1 + https://ubuntu.com/security/notices/USN-4191-1 + https://ubuntu.com/security/notices/USN-4191-2 + + + + + + + + + + CVE-2019-12380 on Ubuntu 20.04 (focal) - negligible. + **DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”. It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-05-28 03:29:00 UTC + 2019-05-28 03:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12380.html + https://ubuntu.com/security/notices/USN-4414-1 + https://ubuntu.com/security/notices/USN-4427-1 + https://ubuntu.com/security/notices/USN-4439-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-12519 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 20:15:00 UTC + 2020-04-15 20:15:00 UTC + mdeslaur + Jeriko One + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12519.html + https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt + http://www.squid-cache.org/Advisories/SQUID-2019_12.txt + https://ubuntu.com/security/notices/USN-4356-1 + + + + + + + + + + CVE-2019-12520 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 20:15:00 UTC + 2020-04-15 20:15:00 UTC + mdeslaur + Jeriko One + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12520.html + http://www.squid-cache.org/Versions/v4/ + http://www.squid-cache.org/Versions/v4/changesets/ + https://github.com/squid-cache/squid/commits/v4 + https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt + http://www.squid-cache.org/Advisories/SQUID-2019_4.txt + https://ubuntu.com/security/notices/USN-4446-1 + + + + mdeslaur> fixed in Debian's 3.5.23-5+deb9u2 + + + + + + + + + CVE-2019-12521 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 19:15:00 UTC + 2020-04-15 19:15:00 UTC + mdeslaur + Jeriko One + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12521.html + https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt + http://www.squid-cache.org/Advisories/SQUID-2019_12.txt + https://ubuntu.com/security/notices/USN-4356-1 + + + + + + + + + + CVE-2019-12523 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 17:15:00 UTC + 2019-11-26 17:15:00 UTC + mdeslaur + Jeriko One and Kristoffer Danielsson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12523.html + http://www.squid-cache.org/Advisories/SQUID-2019_8.txt + https://ubuntu.com/security/notices/USN-4213-1 + https://ubuntu.com/security/notices/USN-4446-1 + + + + mdeslaur> This was fixed in 4.x by rewriting the URI parser to use SBuf. mdeslaur> fixed in Debian's 3.5.23-5+deb9u2 + + + + + + + + + CVE-2019-12524 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 19:15:00 UTC + 2020-04-15 19:15:00 UTC + mdeslaur + Jeriko One + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12524.html + https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt + http://www.squid-cache.org/Advisories/SQUID-2019_4.txt + https://ubuntu.com/security/notices/USN-4446-1 + + + + mdeslaur> fixed in Debian's 3.5.23-5+deb9u2 mdeslaur> same patch as CVE-2019-12520 + + + + + + + + + CVE-2019-12526 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 17:15:00 UTC + 2019-11-26 17:15:00 UTC + mdeslaur + Jeriko One + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12526.html + http://www.squid-cache.org/Advisories/SQUID-2019_7.txt + https://ubuntu.com/security/notices/USN-4213-1 + + + + + + + + + + CVE-2019-12528 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-04 21:15:00 UTC + 2020-02-04 21:15:00 UTC + mdeslaur + Jeriko One + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12528.html + http://www.squid-cache.org/Advisories/SQUID-2020_2.txt + https://ubuntu.com/security/notices/USN-4289-1 + + + + + + + + + + CVE-2019-12730 on Ubuntu 20.04 (focal) - medium. + aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-04 14:29:00 UTC + 2019-06-04 14:29:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12730.html + https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b + https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40 + https://ubuntu.com/security/notices/USN-4431-1 + + + + + + + + + + CVE-2019-12761 on Ubuntu 20.04 (focal) - low. + A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-06 19:29:00 UTC + 2019-06-06 19:29:00 UTC + avital + https://gitlab.freedesktop.org/xdg/pyxdg/issues/14 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930099 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12761.html + https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562 + https://gist.github.com/dhondta/b45cd41f4186110a354dc7272916feba + https://ubuntu.com/security/notices/USN-4700-1 + + + + mdeslaur> needs to be parsing untrusted menu files + + + + + + + + + CVE-2019-12881 on Ubuntu 20.04 (focal) - medium. + i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-06-18 23:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12881.html + https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520 + + + + tyhicks> This issue only affects systems with Intel GPUs that utilize the i915 graphics driver + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-13217 on Ubuntu 20.04 (focal) - medium. + A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934966 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13217.html + https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 + http://nothings.org/stb_vorbis/ + https://github.com/nothings/stb/commits/master/stb_vorbis.c + + + + + + + + + + CVE-2019-13218 on Ubuntu 20.04 (focal) - medium. + Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934966 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13218.html + https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 + http://nothings.org/stb_vorbis/ + https://github.com/nothings/stb/commits/master/stb_vorbis.c + + + + + + + + + + CVE-2019-13219 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934966 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13219.html + https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 + http://nothings.org/stb_vorbis/ + https://github.com/nothings/stb/commits/master/stb_vorbis.c + + + + + + + + + + CVE-2019-13220 on Ubuntu 20.04 (focal) - medium. + Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934966 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13220.html + https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 + + + + + + + + + + CVE-2019-13221 on Ubuntu 20.04 (focal) - medium. + A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934966 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13221.html + https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 + http://nothings.org/stb_vorbis/ + https://github.com/nothings/stb/commits/master/stb_vorbis.c + + + + + + + + + + CVE-2019-13222 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934966 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13222.html + https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 + + + + + + + + + + CVE-2019-13223 on Ubuntu 20.04 (focal) - medium. + A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-15 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934966 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13223.html + https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 + http://nothings.org/stb_vorbis/ + https://github.com/nothings/stb/commits/master/stb_vorbis.c + + + + + + + + + + CVE-2019-13232 on Ubuntu 20.04 (focal) - low. + Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-04 13:15:00 UTC + 2019-07-04 13:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931433 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13232.html + https://www.bamsoftware.com/hacks/zipbomb/ + https://ubuntu.com/security/notices/USN-4672-1 + + + + + + + + + + CVE-2019-13312 on Ubuntu 20.04 (focal) - medium. + block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-07-05 01:15:00 UTC + 2019-07-05 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13312.html + https://trac.ffmpeg.org/ticket/7980 + http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4 + https://ubuntu.com/security/notices/USN-4431-1 + + + + msalvatore> "The buffer overflow is a regression since http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4" + + + + + + + + + CVE-2019-13390 on Ubuntu 20.04 (focal) - low. + In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-07 22:15:00 UTC + 2019-07-07 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13390.html + https://trac.ffmpeg.org/ticket/7979 + https://trac.ffmpeg.org/ticket/7981 + https://trac.ffmpeg.org/ticket/7982 + https://trac.ffmpeg.org/ticket/7983 + https://trac.ffmpeg.org/ticket/7985 + https://ubuntu.com/security/notices/USN-4431-1 + + + + + + + + + + CVE-2019-13631 on Ubuntu 20.04 (focal) - low. + In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-17 19:15:00 UTC + 2019-07-17 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13631.html + https://patchwork.kernel.org/patch/11040813/ + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4145-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-14558 on Ubuntu 20.04 (focal) - medium. + Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-05 14:15:00 UTC + 2019-12-31 00:00:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=1611 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14558.html + https://ubuntu.com/security/notices/USN-4349-1 + + + + + + + + + + CVE-2019-14559 on Ubuntu 20.04 (focal) - low. + Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + 2019-12-31 00:00:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=1610 + https://bugzilla.tianocore.org/show_bug.cgi?id=2031 + https://bugzilla.tianocore.org/show_bug.cgi?id=2032 + https://bugzilla.tianocore.org/show_bug.cgi?id=2174 + https://bugzilla.tianocore.org/show_bug.cgi?id=2550 (tracking bug) + https://bugzilla.tianocore.org/show_bug.cgi?id=2655 (regression) + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14559.html + https://ubuntu.com/security/notices/USN-4349-1 + + + + mdeslaur> as of 2020-03-05, two of the upstream bugs still aren't resolved + + + + + + + + + CVE-2019-14562 on Ubuntu 20.04 (focal) - low. + Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 16:15:00 UTC + 2020-11-23 16:15:00 UTC + Laszlo Ersek + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968819 + https://bugzilla.redhat.com/show_bug.cgi?id=1869245 + https://bugzilla.tianocore.org/show_bug.cgi?id=2215 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14562.html + https://ubuntu.com/security/notices/USN-4684-1 + + + + + + + + + + CVE-2019-14563 on Ubuntu 20.04 (focal) - low. + Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 17:15:00 UTC + 2019-12-31 00:00:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=2001 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14563.html + https://ubuntu.com/security/notices/USN-4349-1 + + + + + + + + + + CVE-2019-14575 on Ubuntu 20.04 (focal) - low. + Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 17:15:00 UTC + 2019-12-31 00:00:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=1608 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14575.html + https://ubuntu.com/security/notices/USN-4349-1 + + + + + + + + + + CVE-2019-14584 on Ubuntu 20.04 (focal) - low. + Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-03 20:15:00 UTC + 2019-12-31 00:00:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=1914 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14584.html + https://ubuntu.com/security/notices/USN-4684-1 + + + + + + + + + + CVE-2019-14586 on Ubuntu 20.04 (focal) - low. + Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 17:15:00 UTC + 2019-12-31 00:00:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=1995 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14586.html + https://ubuntu.com/security/notices/USN-4349-1 + + + + + + + + + + CVE-2019-14587 on Ubuntu 20.04 (focal) - medium. + Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 17:15:00 UTC + 2019-12-31 00:00:00 UTC + https://bugzilla.tianocore.org/show_bug.cgi?id=1989 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14587.html + https://ubuntu.com/security/notices/USN-4349-1 + + + + + + + + + + CVE-2019-14615 on Ubuntu 20.04 (focal) - medium. + Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-17 18:15:00 UTC + 2020-01-14 18:00:00 UTC + 2020-01-14 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14615.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc8a76a152c5f9ef3b48104154a65a68a8b76946 + https://ubuntu.com/security/notices/USN-4253-1 + https://ubuntu.com/security/notices/USN-4255-1 + https://ubuntu.com/security/notices/USN-4254-1 + https://ubuntu.com/security/notices/USN-4255-2 + https://ubuntu.com/security/notices/USN-4254-2 + https://ubuntu.com/security/notices/USN-4253-2 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4286-2 + https://ubuntu.com/security/notices/USN-4287-2 + + + + tyhicks> This issue only affects systems with Intel Graphics Processing Units (GPUs) tyhicks> Gen8 Intel GPUs were previously fixed by commit 0160f055393f ("drm/i915/gen8: Add WaClearSlmSpaceAtContextSwitch workaround") tyhicks> Fixes are only available for Gen8 and Gen9 GPUs at this time tyhicks> Fixes for Gen6 and Gen7 may be available in the future + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-14806 on Ubuntu 20.04 (focal) - low. + Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-09 15:15:00 UTC + 2019-08-09 15:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14806.html + https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168 + https://palletsprojects.com/blog/werkzeug-0-15-3-released/ + https://ubuntu.com/security/notices/USN-4655-1 + + + + + + + + + + CVE-2019-14814 on Ubuntu 20.04 (focal) - medium. + There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-20 19:15:00 UTC + 2019-08-28 02:00:00 UTC + huangwen of ADLab of Venustech + 2019-08-28 02:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14814.html + https://www.openwall.com/lists/oss-security/2019/08/28/1 + https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc@gmail.com/ + https://ubuntu.com/security/notices/USN-4157-1 + https://ubuntu.com/security/notices/USN-4162-1 + https://ubuntu.com/security/notices/USN-4163-1 + https://ubuntu.com/security/notices/USN-4157-2 + https://ubuntu.com/security/notices/USN-4162-2 + https://ubuntu.com/security/notices/USN-4163-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-14815 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-25 11:15:00 UTC + 2019-08-28 02:00:00 UTC + huangwen of ADLab of Venustech + 2019-08-28 02:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14815.html + https://www.openwall.com/lists/oss-security/2019/08/28/1 + https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc@gmail.com/ + https://ubuntu.com/security/notices/USN-4157-1 + https://ubuntu.com/security/notices/USN-4162-1 + https://ubuntu.com/security/notices/USN-4157-2 + https://ubuntu.com/security/notices/USN-4162-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-14816 on Ubuntu 20.04 (focal) - medium. + There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-20 19:15:00 UTC + 2019-08-28 02:00:00 UTC + huangwen of ADLab of Venustech + 2019-08-28 02:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14816.html + https://www.openwall.com/lists/oss-security/2019/08/28/1 + https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc@gmail.com/ + https://ubuntu.com/security/notices/USN-4157-1 + https://ubuntu.com/security/notices/USN-4162-1 + https://ubuntu.com/security/notices/USN-4163-1 + https://ubuntu.com/security/notices/USN-4157-2 + https://ubuntu.com/security/notices/USN-4162-2 + https://ubuntu.com/security/notices/USN-4163-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-14821 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-19 18:15:00 UTC + 2019-10-01 10:00:00 PDT + Matt Delco + 2019-10-01 10:00:00 PDT + https://bugzilla.redhat.com/show_bug.cgi?id=1746708 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14821.html + https://www.openwall.com/lists/oss-security/2019/09/20/1 + https://ubuntu.com/security/notices/USN-4157-1 + https://ubuntu.com/security/notices/USN-4162-1 + https://ubuntu.com/security/notices/USN-4163-1 + https://ubuntu.com/security/notices/USN-4157-2 + https://ubuntu.com/security/notices/USN-4162-2 + https://ubuntu.com/security/notices/USN-4163-2 + + + + tyhicks> An attacker needs write access to the /dev/kvm device file to exploit this flaw. By default, Ubuntu users don't have privileges to write to /dev/kvm. This is true even when libvirt is installed and in use. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-14862 on Ubuntu 20.04 (focal) - low. + There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-02 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14862.html + https://github.com/knockout/knockout/issues/1244 + https://github.com/knockout/knockout/pull/2345 + https://github.com/knockout/knockout/commit/7e280b2b8a04cc19176b5171263a5c68bda98efb + + + + + + + + + + CVE-2019-14864 on Ubuntu 20.04 (focal) - low. + Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-02 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14864.html + https://github.com/ansible/ansible/issues/63522 + https://github.com/ansible/ansible/pull/63527 + + + + + + + + + + CVE-2019-14895 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-29 14:15:00 UTC + 2019-11-25 15:00:00 UTC + 2019-11-25 15:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14895.html + https://seclists.org/oss-sec/2019/q4/95 + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4228-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4228-2 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-14896 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-27 09:15:00 UTC + 2019-11-25 15:00:00 UTC + 2019-11-25 15:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14896.html + https://seclists.org/oss-sec/2019/q4/95 + https://lore.kernel.org/linux-wireless/20191122052917.11309-1-huangwenabc@gmail.com/T/#u + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4228-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4228-2 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-14897 on Ubuntu 20.04 (focal) - medium. + A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-29 15:15:00 UTC + 2019-11-25 15:00:00 UTC + 2019-11-25 15:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14897.html + https://seclists.org/oss-sec/2019/q4/95 + https://lore.kernel.org/linux-wireless/20191122052917.11309-1-huangwenabc@gmail.com/T/#u + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4228-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4228-2 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-14901 on Ubuntu 20.04 (focal) - medium. + A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-29 15:15:00 UTC + 2019-11-29 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14901.html + https://seclists.org/oss-sec/2019/q4/96 + https://patchwork.kernel.org/patch/11257535/ + https://lore.kernel.org/linux-wireless/20191129101054.2756-1-wangqize888888888@gmail.com/ + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4228-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4228-2 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15034 on Ubuntu 20.04 (focal) - low. + hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 18:15:00 UTC + 2020-03-10 18:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15034.html + https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html + https://ubuntu.com/security/notices/USN-4372-1 + + + + + + + + + + CVE-2019-15090 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-16 00:15:00 UTC + 2019-08-15 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15090.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.12 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c09581a52765a85f19fc35340127396d5e3379cc + https://github.com/torvalds/linux/commit/c09581a52765a85f19fc35340127396d5e3379cc + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15098 on Ubuntu 20.04 (focal) - medium. + drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-16 02:15:00 UTC + 2019-08-16 02:15:00 UTC + Hui Peng + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15098.html + https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u + https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git/commit/?h=ath-next&id=39d170b3cb62ba98567f5c4f40c27b5864b304e5 + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15099 on Ubuntu 20.04 (focal) - medium. + drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-16 02:15:00 UTC + 2019-08-16 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15099.html + https://lore.kernel.org/linux-wireless/20191018133516.12606-1-linux@roeck-us.net/ + https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=bfd6e6e6c5d2ee43a3d9902b36e01fc7527ebb27 + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + sbeattie> commit subject "ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe" + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15117 on Ubuntu 20.04 (focal) - medium. + parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-16 14:15:00 UTC + 2019-08-16 14:15:00 UTC + Hui Peng and Mathias Payer + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15117.html + https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=daac07156b330b18eb5071aec4b3ddca1c377f2c + https://lore.kernel.org/lkml/20190814023625.21683-1-benquike@gmail.com/ + https://ubuntu.com/security/notices/USN-4147-1 + https://ubuntu.com/security/notices/USN-4162-1 + https://ubuntu.com/security/notices/USN-4163-1 + https://ubuntu.com/security/notices/USN-4162-2 + https://ubuntu.com/security/notices/USN-4163-2 + + + + tyhicks> The parse_audio_mixer_unit() function has changed its handling of the input pins and source ID over time but I believe that it is vulnerable all the way back to the start of git history. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15118 on Ubuntu 20.04 (focal) - medium. + check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-16 14:15:00 UTC + 2019-08-16 14:15:00 UTC + Hui Peng and Mathias Payer + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15118.html + https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 + https://lore.kernel.org/lkml/20190815043554.16623-1-benquike@gmail.com/ + https://ubuntu.com/security/notices/USN-4147-1 + https://ubuntu.com/security/notices/USN-4162-1 + https://ubuntu.com/security/notices/USN-4163-1 + https://ubuntu.com/security/notices/USN-4162-2 + https://ubuntu.com/security/notices/USN-4163-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15211 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory. It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-19 22:15:00 UTC + 2019-08-19 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15211.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c666355e60ddb4748ead3bdd983e3f7f2224aaf0 + https://syzkaller.appspot.com/bug?id=775f90f43cfd6f8ac6c15251ce68e604453da226 + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4145-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15212 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-19 22:15:00 UTC + 2019-08-19 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15212.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3864d33943b4a76c6e64616280e98d2410b1190f + https://syzkaller.appspot.com/bug?id=64aa96c96f594a77eb8d945df21ec76dd35573b3 + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15215 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-19 22:15:00 UTC + 2019-08-19 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15215.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eff73de2b1600ad8230692f00bc0ab49b166512a + https://syzkaller.appspot.com/bug?id=b68d3c254cf294f8a802582094fa3251d6de5247 + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4145-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15217 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-08-19 22:15:00 UTC + 2019-08-19 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15217.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e + https://syzkaller.appspot.com/bug?id=9c0c178c24d828a7378f483309001329750aad64 + https://ubuntu.com/security/notices/USN-4147-1 + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4286-2 + https://ubuntu.com/security/notices/USN-4302-1 + + + + tyhicks> Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15218 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-08-19 22:15:00 UTC + 2019-08-19 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15218.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e0456de5be379b10fea0fa94a681057114a96e + https://syzkaller.appspot.com/bug?id=4a5d7c8c2b6dbedb5b7218c6d7e8666bd2387517 + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + tyhicks> Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15219 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-08-19 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15219.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9a5729f68d3a82786aea110b1bfe610be318f80a + https://syzkaller.appspot.com/bug?id=aaf6794922521df1c35c81e32cb2d0bb6a351e7b + + + + tyhicks> Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15220 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-19 22:15:00 UTC + 2019-08-19 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15220.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e41e2257f1094acc37618bf6c856115374c6922 + https://syzkaller.appspot.com/bug?id=082c09653e43e33a6a56f8c57cf051eeacae9d5f + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4147-1 + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4286-2 + + + + tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15221 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-08-19 22:15:00 UTC + 2019-08-19 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15221.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710 + https://syzkaller.appspot.com/bug?id=240f09164db2c3d3af33a117c713dc7650dc29d6 + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4147-1 + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4286-2 + + + + tyhicks> Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15291 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-08-20 14:15:00 UTC + 2019-08-20 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15291.html + https://www.openwall.com/lists/oss-security/2019/08/20/2 + http://www.openwall.com/lists/oss-security/2019/08/20/2 + https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f + https://ubuntu.com/security/notices/USN-4254-1 + https://ubuntu.com/security/notices/USN-4254-2 + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + tyhicks> Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system tyhicks> As of 2019-08-26, there's no upstream fix. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-1547 on Ubuntu 20.04 (focal) - low. + Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-10 17:15:00 UTC + 2019-09-10 17:15:00 UTC + mdeslaur + Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1547.html + https://www.openssl.org/news/secadv/20190910.txt + https://ubuntu.com/security/notices/USN-4376-1 + https://ubuntu.com/security/notices/USN-4376-2 + https://ubuntu.com/security/notices/USN-4504-1 + + + + mdeslaur> code isn't compiled into edk2 + + + + + + + + + CVE-2019-1549 on Ubuntu 20.04 (focal) - low. + OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-10 17:15:00 UTC + 2019-09-10 17:15:00 UTC + Matt Caswell + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1549.html + https://www.openssl.org/news/secadv/20190910.txt + https://ubuntu.com/security/notices/USN-4376-1 + + + + mdeslaur> only affected 1.1.1 + + + + + + + + + + + + CVE-2019-15504 on Ubuntu 20.04 (focal) - low. + drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). Hui Peng and Mathias Payer discovered that the 91x Wi-Fi driver in the Linux kernel did not properly handle error conditions on initialization, leading to a double-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-23 06:15:00 UTC + 2019-08-23 06:15:00 UTC + Hui Peng and Mathias Payer + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15504.html + https://lore.kernel.org/lkml/20190819220230.10597-1-benquike@gmail.com/ + https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git/commit/?id=8b51dc7291473093c821195c4b6af85fadedbc2f + https://ubuntu.com/security/notices/USN-4157-1 + https://ubuntu.com/security/notices/USN-4157-2 + + + + tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15505 on Ubuntu 20.04 (focal) - low. + drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-23 06:15:00 UTC + 2019-08-23 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15505.html + https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b + https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/ + https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/ + https://ubuntu.com/security/notices/USN-4157-1 + https://ubuntu.com/security/notices/USN-4162-1 + https://ubuntu.com/security/notices/USN-4163-1 + https://ubuntu.com/security/notices/USN-4157-2 + https://ubuntu.com/security/notices/USN-4162-2 + https://ubuntu.com/security/notices/USN-4163-2 + + + + tyhicks> Setting priority to low since this issue requires a malicious USB device to be inserted into the system + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-1551 on Ubuntu 20.04 (focal) - low. + There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-06 18:15:00 UTC + 2019-12-06 18:15:00 UTC + mdeslaur + Guido Vranken + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1551.html + https://www.openssl.org/news/secadv/20191206.txt + https://ubuntu.com/security/notices/USN-4376-1 + https://ubuntu.com/security/notices/USN-4504-1 + + + + mdeslaur> affected file isn't built in edk2 + + + + + + + + + CVE-2019-15538 on Ubuntu 20.04 (focal) - low. + An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-25 16:15:00 UTC + 2019-08-25 + Benjamin Moody + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15538.html + https://git.kernel.org/linus/1fb254aa983bf190cfd685d40c64a480a9bafaee + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee + https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee + https://lore.kernel.org/linux-xfs/20190823035528.GH1037422@magnolia/ + https://lore.kernel.org/linux-xfs/20190823192433.GA8736@eldamar.local + https://ubuntu.com/security/notices/USN-4144-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-1559 on Ubuntu 20.04 (focal) - medium. + If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-27 23:29:00 UTC + 2019-02-26 + Juraj Somorovsky, Robert Merget and Nimrod Aviram + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1559.html + https://www.openssl.org/news/secadv/20190226.txt + https://github.com/RUB-NDS/TLS-Padding-Oracles + https://ubuntu.com/security/notices/USN-3899-1 + https://ubuntu.com/security/notices/USN-4376-2 + + + + mdeslaur> doesn't affect 1.1.x mdeslaur> mdeslaur> this fix is a workaround for applications that call mdeslaur> SSL_shutdown() twice even if a protocol error has occurred mdeslaur> mdeslaur> upstream fix uses error handling mechanism introduced in 1.0.2, mdeslaur> which isn't available in 1.0.1f. While we are unlikely to fix mdeslaur> this issue in Ubuntu 14.04 LTS, marking as deferred for now mdeslaur> in case the vulnerable applications are identified. + + + + + + + + + CVE-2019-15608 on Ubuntu 20.04 (focal) - low. + The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-15 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15608.html + https://hackerone.com/reports/703138 + + + + + + + + + + CVE-2019-15784 on Ubuntu 20.04 (focal) - low. + Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-08-29 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939040 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15784.html + https://github.com/Haivision/srt/pull/811 + + + + + + + + + + CVE-2019-15794 on Ubuntu 20.04 (focal) - medium. + Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow. Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 00:15:00 UTC + 2019-11-08 + Jann Horn + https://bugs.launchpad.net/bugs/1850994 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15794.html + https://ubuntu.com/security/notices/USN-4208-1 + https://ubuntu.com/security/notices/USN-4209-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15892 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-03 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939333 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15892.html + https://varnish-cache.org/security/VSV00003.html + https://github.com/varnishcache/varnish-cache/commit/1cb778f6f69737109e8c070a74b8e95b78f46d13 + https://github.com/varnishcache/varnish-cache/commit/0f0e51e9871ed1bd1236378f8b0dea0d33df4e9e + https://github.com/varnishcache/varnish-cache/commit/72df38fa8bfc0f5ca4a75d3e32657e8e590d85ab + https://github.com/varnishcache/varnish-cache/commit/dd47e658a0de9d12c433a4a01fb43ea4fe4d3a41 + https://github.com/varnishcache/varnish-cache/commit/34717183beda3803e3d54c9826a1a9f026ca2505 + https://github.com/varnishcache/varnish-cache/commit/ec3997a59a93cbc13a3cba22dfe0b4c4710a8f65 + https://github.com/varnishcache/varnish-cache/commit/af13de03eaa3d04f60ada52ed3235d545b8d3973 + https://github.com/varnishcache/varnish-cache/commit/6da64a47beff44ecdb45c82b033811f2d19819af + https://seclists.org/bugtraq/2019/Sep/5 + https://www.debian.org/security/2019/dsa-4514 + + + + + + + + + + CVE-2019-15902 on Ubuntu 20.04 (focal) - medium. + A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-04 06:15:00 UTC + 2019-09-04 06:15:00 UTC + Brad Spengler + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15902.html + https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php + https://ubuntu.com/security/notices/USN-4157-1 + https://ubuntu.com/security/notices/USN-4162-1 + https://ubuntu.com/security/notices/USN-4163-1 + https://ubuntu.com/security/notices/USN-4157-2 + https://ubuntu.com/security/notices/USN-4162-2 + https://ubuntu.com/security/notices/USN-4163-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15918 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21. It was discovered that the SMB networking file system implementation in the Linux kernel contained a buffer overread. An attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-04 19:15:00 UTC + 2019-09-04 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15918.html + https://git.kernel.org/linus/b57a55e2200ede754e4dc9cce4ba9402544b9365 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 + https://github.com/torvalds/linux/commit/b57a55e2200ede754e4dc9cce4ba9402544b9365 + https://ubuntu.com/security/notices/USN-4162-1 + https://ubuntu.com/security/notices/USN-4162-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15925 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c. It was discovered that the Hisilicon HNS3 ethernet device driver in the Linux kernel contained an out of bounds access vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-04 21:15:00 UTC + 2019-09-04 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15925.html + https://git.kernel.org/linus/04f25edb48c441fc278ecc154c270f16966cbb90 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04f25edb48c441fc278ecc154c270f16966cbb90 + https://ubuntu.com/security/notices/USN-4147-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-15926 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c. It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-04 21:15:00 UTC + 2019-09-04 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15926.html + https://git.kernel.org/linus/5d6751eaff672ea77642e74e92e6c0ac7f9709ab + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d6751eaff672ea77642e74e92e6c0ac7f9709ab + https://ubuntu.com/security/notices/USN-4145-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-16091 on Ubuntu 20.04 (focal) - medium. + Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-08 03:15:00 UTC + 2019-09-08 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939735 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16091.html + https://github.com/hoene/libmysofa/compare/f571522...e07edb3 + https://github.com/hoene/libmysofa/commit/af9bbedcba2cd125fe36fa9058bd91303643472b + https://github.com/hoene/libmysofa/commit/e07edb39e9ecc796127cd748ada4a4bac88cb5d2 + https://ubuntu.com/security/notices/USN-4473-1 + + + + + + + + + + CVE-2019-16092 on Ubuntu 20.04 (focal) - medium. + Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-08 03:15:00 UTC + 2019-09-08 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939735 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16092.html + https://github.com/hoene/libmysofa/compare/f571522...e07edb3 + https://github.com/hoene/libmysofa/commit/90e7bfd86ab7aba5c3abd2df1f05e101e1843cdd + https://ubuntu.com/security/notices/USN-4473-1 + + + + + + + + + + CVE-2019-16093 on Ubuntu 20.04 (focal) - medium. + Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-08 03:15:00 UTC + 2019-09-08 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939735 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16093.html + https://github.com/hoene/libmysofa/compare/f571522...e07edb3 + https://github.com/hoene/libmysofa/commit/ecb7b743b6f6d47b93a7bc680a60071a0f9524c6 + https://ubuntu.com/security/notices/USN-4473-1 + + + + + + + + + + CVE-2019-16094 on Ubuntu 20.04 (focal) - medium. + Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-08 03:15:00 UTC + 2019-09-08 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939735 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16094.html + https://github.com/hoene/libmysofa/compare/f571522...e07edb3 + https://github.com/hoene/libmysofa/commit/ecb7b743b6f6d47b93a7bc680a60071a0f9524c6 + https://ubuntu.com/security/notices/USN-4473-1 + + + + + + + + + + CVE-2019-16095 on Ubuntu 20.04 (focal) - medium. + Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-08 03:15:00 UTC + 2019-09-08 03:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939735 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16095.html + https://github.com/hoene/libmysofa/compare/f571522...e07edb3 + https://github.com/hoene/libmysofa/commit/a55565a3165113619386c8443aa89a662866a11e + https://ubuntu.com/security/notices/USN-4473-1 + + + + + + + + + + CVE-2019-16159 on Ubuntu 20.04 (focal) - medium. + BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-09 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16159.html + https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b (1.6.x) + https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c (2.0.x) + http://bird.network.cz + http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html + http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html + http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html + https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b + https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c + + + + + + + + + + CVE-2019-16229 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id. It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 16:15:00 UTC + 2019-09-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16229.html + https://lkml.org/lkml/2019/9/9/487 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + tyhicks> As of 2019-09-27, there is no upstream fix available + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-16231 on Ubuntu 20.04 (focal) - low. + drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 16:15:00 UTC + 2019-09-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16231.html + https://lkml.org/lkml/2019/9/9/487 + https://lore.kernel.org/lkml/CADJ_3a8WFrs5NouXNqS5WYe7rebFP+_A5CheeqAyD_p7DFJJcg@mail.gmail.com/ + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=85ac30fa2e24f628e9f4f9344460f4015d33fd7d + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4225-2 + https://ubuntu.com/security/notices/USN-4904-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-16232 on Ubuntu 20.04 (focal) - low. + drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 16:15:00 UTC + 2019-09-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16232.html + https://lkml.org/lkml/2019/9/9/487 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + https://ubuntu.com/security/notices/USN-4904-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-16233 on Ubuntu 20.04 (focal) - low. + drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 16:15:00 UTC + 2019-09-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16233.html + https://lkml.org/lkml/2019/9/9/487 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4346-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-16234 on Ubuntu 20.04 (focal) - low. + drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-11 16:15:00 UTC + 2019-09-11 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16234.html + https://lkml.org/lkml/2019/9/9/487 + https://lore.kernel.org/lkml/CADJ_3a8WFrs5NouXNqS5WYe7rebFP+_A5CheeqAyD_p7DFJJcg@mail.gmail.com/ + https://ubuntu.com/security/notices/USN-4342-1 + https://ubuntu.com/security/notices/USN-4344-1 + https://ubuntu.com/security/notices/USN-4345-1 + https://ubuntu.com/security/notices/USN-4346-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-16378 on Ubuntu 20.04 (focal) - medium. + OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-17 12:15:00 UTC + 2019-09-17 12:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940081 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16378.html + https://github.com/trusteddomainproject/OpenDMARC/pull/48 + http://www.openwall.com/lists/oss-security/2019/09/17/2 + https://bugs.debian.org/940081 + https://www.openwall.com/lists/oss-security/2019/09/11/8 + https://ubuntu.com/security/notices/USN-4567-1 + + + + + + + + + + CVE-2019-16714 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. It was discovered that the IPv6 RDS implementation in the Linux kernel did not properly initialize fields in a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). Please note that the RDS protocol is blacklisted in Ubuntu by default. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-23 12:15:00 UTC + 2019-09-23 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16714.html + https://git.kernel.org/linus/7d0a06586b2686ba80c4a2da5f91cb10ffbea736 + https://ubuntu.com/security/notices/USN-4157-1 + https://ubuntu.com/security/notices/USN-4157-2 + + + + tyhicks> This is a local info leak that is only reachable by calling the getsockopt(2) system call on an IPv6 RDS socket. tyhicks> By default, the rds.ko module is blacklisted in Ubuntu 14.04 LTS and newer releases. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-16718 on Ubuntu 20.04 (focal) - medium. + In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-23 14:15:00 UTC + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16718.html + https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af + https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7 + https://github.com/radareorg/radare2/compare/3.8.0...3.9.0 + + + + + + + + + + CVE-2019-16729 on Ubuntu 20.04 (focal) - medium. + pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-24 05:15:00 UTC + 2019-09-24 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16729.html + https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1 + https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/ + https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/ + https://ubuntu.com/security/notices/USN-4552-1 + https://ubuntu.com/security/notices/USN-4552-2 + https://ubuntu.com/security/notices/USN-4552-3 + + + + + + + + + + CVE-2019-16746 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-24 06:15:00 UTC + 2019-09-24 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16746.html + https://marc.info/?l=linux-wireless&m=156901391225058&w=2 + https://ubuntu.com/security/notices/USN-4183-1 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4209-1 + https://ubuntu.com/security/notices/USN-4210-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-16770 on Ubuntu 20.04 (focal) - medium. + In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-05 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16770.html + https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994 + + + + + + + + + + CVE-2019-17023 on Ubuntu 20.04 (focal) - low. + After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 22:15:00 UTC + 2020-01-08 22:15:00 UTC + chrisccoulson + https://bugzilla.mozilla.org/show_bug.cgi?id=1590001 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17023.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023 + https://www.mozilla.org/security/advisories/mfsa2020-01/ + https://ubuntu.com/security/notices/USN-4234-1 + https://ubuntu.com/security/notices/USN-4397-1 + + + + mdeslaur> nss in xenial is built with NSS_DISABLE_TLS_1_3, so this issue mdeslaur> doesn't affect it. + + + + + + + + + + + + CVE-2019-17052 on Ubuntu 20.04 (focal) - medium. + ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 14:15:00 UTC + 2019-10-01 14:15:00 UTC + Ori Nimron + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17052.html + https://git.kernel.org/linus/0614e2b73768b502fc32a75349823356d98aae2c + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0614e2b73768b502fc32a75349823356d98aae2c + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4185-2 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-17053 on Ubuntu 20.04 (focal) - medium. + ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 14:15:00 UTC + 2019-10-01 14:15:00 UTC + Ori Nimron + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17053.html + https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e69dbd4619e7674c1679cba49afd9dd9ac347eef + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4185-2 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-17054 on Ubuntu 20.04 (focal) - medium. + atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 14:15:00 UTC + 2019-10-01 14:15:00 UTC + Ori Nimron + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17054.html + https://git.kernel.org/linus/6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4185-2 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-17055 on Ubuntu 20.04 (focal) - medium. + base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 14:15:00 UTC + 2019-10-01 14:15:00 UTC + Ori Nimron + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17055.html + https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80 + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4185-2 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-17056 on Ubuntu 20.04 (focal) - medium. + llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 14:15:00 UTC + 2019-10-01 14:15:00 UTC + Ori Nimron + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17056.html + https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a359798b176183ef09efb7a3dc59abad1cc7104 + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4185-2 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-17075 on Ubuntu 20.04 (focal) - negligible. + An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-10-01 21:15:00 UTC + 2019-10-01 21:15:00 UTC + Nicolas Waisman + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17075.html + https://lore.kernel.org/lkml/20191001165611.GA3542072@kroah.com + https://ubuntu.com/security/notices/USN-4208-1 + https://ubuntu.com/security/notices/USN-4210-1 + https://ubuntu.com/security/notices/USN-4211-1 + https://ubuntu.com/security/notices/USN-4211-2 + https://ubuntu.com/security/notices/USN-4226-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-17133 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-04 12:15:00 UTC + 2019-10-04 12:15:00 UTC + Nicolas Waisman + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17133.html + https://marc.info/?l=linux-wireless&m=157018270915487&w=2 + https://ubuntu.com/security/notices/USN-4208-1 + https://ubuntu.com/security/notices/USN-4210-1 + https://ubuntu.com/security/notices/USN-4211-1 + https://ubuntu.com/security/notices/USN-4211-2 + https://ubuntu.com/security/notices/USN-4226-1 + + + + sbeattie> 4ac2813cc867ae563a1ba5a9414bfb554e5796fa would be a good secondary line of defense + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-17177 on Ubuntu 20.04 (focal) - low. + libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-04 17:15:00 UTC + 2019-10-04 17:15:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/5645 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17177.html + https://ubuntu.com/security/notices/USN-4379-1 + + + + mdeslaur> code is different in xenial and bionic, area mentioned in this mdeslaur> CVE description doesn't exist. + + + + + + + + + CVE-2019-17351 on Ubuntu 20.04 (focal) - low. + An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7. Julien Grall discovered that the Xen balloon memory driver in the Linux kernel did not properly restrict the amount of memory set aside for page mappings in some situations. An attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-10-08 00:15:00 UTC + 2019-10-08 00:15:00 UTC + Julien Grall + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17351.html + https://xenbits.xen.org/xsa/advisory-300.html + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4286-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-17539 on Ubuntu 20.04 (focal) - medium. + In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-14 02:15:00 UTC + 2019-10-14 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17539.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733 + https://ubuntu.com/security/notices/USN-4431-1 + + + + ebarretto> This issue was caused by b1febda0619 ebarretto> The above commit was never integrated to 2.8.x ebarretto> but for 3.4, it was both integrated and fixed in 3.4.7, so ebarretto> letting bionic version marked as needed. + + + + + + + + + CVE-2019-17542 on Ubuntu 20.04 (focal) - medium. + FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-14 02:15:00 UTC + 2019-10-14 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17542.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919 + https://ubuntu.com/security/notices/USN-4431-1 + + + + + + + + + + CVE-2019-17666 on Ubuntu 20.04 (focal) - medium. + rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-10-17 02:15:00 UTC + 2019-10-17 02:15:00 UTC + Nico Waisman + https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17666 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17666.html + https://lore.kernel.org/lkml/20191016205716.2843-1-labbott@redhat.com/ + https://twitter.com/nicowaisman/status/1184864519316758535 + https://ubuntu.com/security/notices/USN-4183-1 + https://ubuntu.com/security/notices/USN-4184-1 + https://ubuntu.com/security/notices/USN-4185-1 + https://ubuntu.com/security/notices/USN-4186-1 + https://ubuntu.com/security/notices/USN-4186-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18282 on Ubuntu 20.04 (focal) - medium. + The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-16 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18282.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18388 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-23 16:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1765578 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18388.html + https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0 + https://access.redhat.com/security/cve/cve-2019-18388 + + + + mdeslaur> intrusive backport to bionic and eoan mdeslaur> Nothing in bionic actually uses this package, so we will not be mdeslaur> releasing a fix for it. Marking as ignored. + + + + + + + + + CVE-2019-18389 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-23 16:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946942 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18389.html + https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314 + + + + mdeslaur> Nothing in bionic actually uses this package, so we will not be mdeslaur> releasing a fix for it. Marking as ignored. + + + + + + + + + CVE-2019-18390 on Ubuntu 20.04 (focal) - low. + An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-23 16:15:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1765584 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18390.html + https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151 + https://access.redhat.com/security/cve/cve-2019-18390 + + + + mdeslaur> Nothing in bionic actually uses this package, so we will not be mdeslaur> releasing a fix for it. Marking as ignored. + + + + + + + + + CVE-2019-18391 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-23 16:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946942 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18391.html + https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314 + + + + mdeslaur> Nothing in bionic actually uses this package, so we will not be mdeslaur> releasing a fix for it. Marking as ignored. + + + + + + + + + CVE-2019-18660 on Ubuntu 20.04 (focal) - medium. + The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-27 23:15:00 UTC + 2019-11-27 20:00:00 UTC + Anthony Steinhauser of Google's Safeside Project + 2019-11-27 20:00:00 UTC + https://bugs.launchpad.net/bugs/1853142 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18660.html + https://www.openwall.com/lists/oss-security/2019/11/27/1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4228-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4228-2 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18675 on Ubuntu 20.04 (focal) - medium. + The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-25 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18675.html + https://deshal3v.github.io/blog/kernel-research/mmap_exploitation + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/usb/cpia2/cpia2_core.c + https://lore.kernel.org/lkml/20191108215038.59170-1-omerdeshalev@gmail.com/ + https://lore.kernel.org/lkml/20191111114615.GA418224@kroah.com/ + + + + sbeattie> this type of vulnerability was fixed generically via be83bbf80682; see the reference in lore from gregkh above + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18676 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 17:15:00 UTC + 2019-11-26 17:15:00 UTC + mdeslaur + Jeriko One and Kristoffer Danielsson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18676.html + http://www.squid-cache.org/Advisories/SQUID-2019_8.txt + https://ubuntu.com/security/notices/USN-4213-1 + https://ubuntu.com/security/notices/USN-4446-1 + + + + mdeslaur> same fix as CVE-2019-12523 mdeslaur> This was fixed in 4.x by rewriting the URI parser to use SBuf. mdeslaur> fixed in Debian's 3.5.23-5+deb9u2 + + + + + + + + + CVE-2019-18677 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 17:15:00 UTC + 2019-11-26 17:15:00 UTC + mdeslaur + Kristoffer Danielsson + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18677.html + http://www.squid-cache.org/Advisories/SQUID-2019_9.txt + https://ubuntu.com/security/notices/USN-4213-1 + + + + + + + + + + CVE-2019-18678 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 17:15:00 UTC + 2019-11-26 17:15:00 UTC + mdeslaur + Régis Leroy + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18678.html + http://www.squid-cache.org/Advisories/SQUID-2019_10.txt + https://ubuntu.com/security/notices/USN-4213-1 + + + + + + + + + + CVE-2019-18679 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-26 17:15:00 UTC + 2019-11-26 17:15:00 UTC + mdeslaur + David Fifield + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18679.html + http://www.squid-cache.org/Advisories/SQUID-2019_11.txt + https://ubuntu.com/security/notices/USN-4213-1 + + + + mdeslaur> same patch as CVE-2019-18678 + + + + + + + + + CVE-2019-18683 on Ubuntu 20.04 (focal) - low. + An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-04 16:15:00 UTC + 2019-11-04 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18683.html + https://www.openwall.com/lists/oss-security/2019/11/02/1 + https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/ + https://ubuntu.com/security/notices/USN-4254-1 + https://ubuntu.com/security/notices/USN-4254-2 + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + tyhicks> This rarely used driver module cannot be loaded by an unprivileged user so the impact is lessened + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18786 on Ubuntu 20.04 (focal) - low. + In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-06 03:15:00 UTC + 2019-11-06 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18786.html + https://patchwork.linuxtv.org/patch/59542/ + https://lore.kernel.org/lkml/20191018044701.4786-1-kjlu@umn.edu/ + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18805 on Ubuntu 20.04 (focal) - low. + An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-07 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18805.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78 + + + + sbeattie> requires write access to /proc/sys/net/ipv4/tcp_min_rtt_wlen ... which is probably possible with unprivileged user namespaces; Marking when this sysctl was added as the break line + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18806 on Ubuntu 20.04 (focal) - low. + A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-07 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18806.html + https://git.kernel.org/linus/1acb8f2a7a9f10543868ddd737e37424d5c36cf4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1acb8f2a7a9f10543868ddd737e37424d5c36cf4 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18809 on Ubuntu 20.04 (focal) - low. + A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-07 16:15:00 UTC + 2019-11-07 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18809.html + https://github.com/torvalds/linux/commit/2289adbfa559050d2a38bcd9caac1c18b800e928 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + https://ubuntu.com/security/notices/USN-4300-1 + + + + tyhicks> The Fixes tag in the fix commit is incorrect. c58b84ee467b introduced the leak. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18811 on Ubuntu 20.04 (focal) - low. + A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1. It was discovered that the Sound Open Firmware (SOF) driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-07 16:15:00 UTC + 2019-11-07 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18811.html + https://github.com/torvalds/linux/commit/45c1380358b12bf2d1db20a5874e9544f56b34ab + https://ubuntu.com/security/notices/USN-4284-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18813 on Ubuntu 20.04 (focal) - negligible. + A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8. It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-11-07 16:15:00 UTC + 2019-11-07 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18813.html + https://git.kernel.org/linus/9bbfceea12a8f145097a27d7c7267af25893c060 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bbfceea12a8f145097a27d7c7267af25893c060 + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-18840 on Ubuntu 20.04 (focal) - medium. + In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-09 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18840.html + https://github.com/wolfSSL/wolfssl/issues/2555 + + + + + + + + + + CVE-2019-18860 on Ubuntu 20.04 (focal) - low. + Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-20 21:15:00 UTC + 2020-03-20 21:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18860.html + https://ubuntu.com/security/notices/USN-4356-1 + + + + + + + + + + CVE-2019-18885 on Ubuntu 20.04 (focal) - low. + fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-14 14:15:00 UTC + 2019-11-14 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18885.html + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ba3bc9dd150457c506e4661380a6183af651c1 + https://github.com/bobfuzzer/CVE-2019-18885 + https://github.com/torvalds/linux/commit/09ba3bc9dd150457c506e4661380a6183af651c1 + https://ubuntu.com/security/notices/USN-4254-1 + https://ubuntu.com/security/notices/USN-4254-2 + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19036 on Ubuntu 20.04 (focal) - low. + btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero. It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 02:15:00 UTC + 2019-11-21 02:15:00 UTC + bobfuzzer + https://bugzilla.suse.com/show_bug.cgi?id=1157692 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19036.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19036 + https://ubuntu.com/security/notices/USN-4414-1 + https://ubuntu.com/security/notices/USN-4439-1 + + + + tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted sbeattie> likely addressed by the btrfs write time tree-checker, which would mean it is addressed for kernels back through 4.4.x + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19037 on Ubuntu 20.04 (focal) - low. + ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 03:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19037.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037 + https://lore.kernel.org/linux-ext4/20191202170213.4761-2-jack@suse.cz/ + + + + tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19039 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.” It was discovered that the btrfs file system in the Linux kernel in some error conditions could report register information to the dmesg buffer. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-11-21 02:15:00 UTC + 2019-11-21 02:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1157719 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19039.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039 + https://ubuntu.com/security/notices/USN-4414-1 + + + + tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19043 on Ubuntu 20.04 (focal) - low. + A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering i40e_setup_channel() failures, aka CID-27d461333459. It was discovered that the Intel(R) XL710 Ethernet Controller device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19043.html + https://github.com/torvalds/linux/commit/27d461333459d282ffa4a2bdb6b215a59d493a8f + https://ubuntu.com/security/notices/USN-4300-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19045 on Ubuntu 20.04 (focal) - low. + A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7. It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19045.html + https://git.kernel.org/linus/c8c2a057fdc7de1cd16f4baa51425b932a42eb39 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 + https://github.com/torvalds/linux/commit/c8c2a057fdc7de1cd16f4baa51425b932a42eb39 + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19046 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19046.html + https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab + https://ubuntu.com/security/notices/USN-4302-1 + https://ubuntu.com/security/notices/USN-4319-1 + https://ubuntu.com/security/notices/USN-4325-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19048 on Ubuntu 20.04 (focal) - medium. + A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures, aka CID-e0b0cb938864. It was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19048.html + https://git.kernel.org/linus/e0b0cb9388642c104838fac100a4af32745621e2 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 + https://github.com/torvalds/linux/commit/e0b0cb9388642c104838fac100a4af32745621e2 + https://ubuntu.com/security/notices/USN-4208-1 + https://ubuntu.com/security/notices/USN-4226-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19050 on Ubuntu 20.04 (focal) - medium. + A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1. It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19050.html + https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19051 on Ubuntu 20.04 (focal) - low. + A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7. It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19051.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 + https://github.com/torvalds/linux/commit/6f3ef5c25cc762687a7341c18cbea5af54461407 + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4225-2 + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4286-2 + https://ubuntu.com/security/notices/USN-4302-1 + https://ubuntu.com/security/notices/USN-4344-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19052 on Ubuntu 20.04 (focal) - low. + A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19052.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 + https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817 + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4228-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4228-2 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19053 on Ubuntu 20.04 (focal) - low. + A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2. It was discovered that the RPMSG character device interface in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19053.html + https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51 + https://ubuntu.com/security/notices/USN-4300-1 + https://ubuntu.com/security/notices/USN-4301-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19055 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19055.html + https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57 + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19056 on Ubuntu 20.04 (focal) - low. + A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932. It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19056.html + https://github.com/torvalds/linux/commit/db8fd2cde93227e566a412cf53173ffa227998bc + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4286-2 + https://ubuntu.com/security/notices/USN-4300-1 + https://ubuntu.com/security/notices/USN-4301-1 + https://ubuntu.com/security/notices/USN-4302-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19057 on Ubuntu 20.04 (focal) - low. + Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19057.html + https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c + https://ubuntu.com/security/notices/USN-4254-1 + https://ubuntu.com/security/notices/USN-4254-2 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19058 on Ubuntu 20.04 (focal) - low. + A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19058.html + https://github.com/torvalds/linux/commit/b4b814fec1a5a849383f7b3886b654a13abbda7d + https://ubuntu.com/security/notices/USN-4300-1 + https://ubuntu.com/security/notices/USN-4301-1 + https://ubuntu.com/security/notices/USN-4302-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19059 on Ubuntu 20.04 (focal) - low. + Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa. It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19059.html + https://github.com/torvalds/linux/commit/0f4f199443faca715523b0659aa536251d8b978f + https://ubuntu.com/security/notices/USN-4300-1 + https://ubuntu.com/security/notices/USN-4301-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19060 on Ubuntu 20.04 (focal) - low. + A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19060.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 + https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0 + https://ubuntu.com/security/notices/USN-4208-1 + https://ubuntu.com/security/notices/USN-4210-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4364-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19061 on Ubuntu 20.04 (focal) - low. + A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19061.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 + https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873 + https://ubuntu.com/security/notices/USN-4208-1 + https://ubuntu.com/security/notices/USN-4526-1 + https://ubuntu.com/security/notices/USN-4904-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19062 on Ubuntu 20.04 (focal) - medium. + A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19062.html + https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc + https://ubuntu.com/security/notices/USN-4254-1 + https://ubuntu.com/security/notices/USN-4254-2 + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19063 on Ubuntu 20.04 (focal) - low. + Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19063.html + https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb + https://ubuntu.com/security/notices/USN-4254-1 + https://ubuntu.com/security/notices/USN-4254-2 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19064 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control these failures at probe time. It was discovered that the Serial Peripheral Interface (SPI) driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19064.html + https://github.com/torvalds/linux/commit/057b8945f78f76d0b04eeb5c27cd9225e5e7ad86 + https://ubuntu.com/security/notices/USN-4300-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19065 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because "rhashtable_init() can only fail if it is passed invalid values in the second parameter's struct, but when invoked from sdma_init() that is a pointer to a static const struct, so an attacker could only trigger failure if they could corrupt kernel memory (in which case a small memory leak is not a significant problem)." It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19065.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 + https://github.com/torvalds/linux/commit/34b3be18a04ecdc610aae4c48e5d1b799d8689f6 + https://ubuntu.com/security/notices/USN-4208-1 + https://ubuntu.com/security/notices/USN-4210-1 + https://ubuntu.com/security/notices/USN-4226-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19066 on Ubuntu 20.04 (focal) - low. + A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19066.html + https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0 + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4286-2 + https://ubuntu.com/security/notices/USN-4300-1 + https://ubuntu.com/security/notices/USN-4301-1 + https://ubuntu.com/security/notices/USN-4302-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19067 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading. It was discovered that the AMD Audio Coprocessor driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19067.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8 + https://github.com/torvalds/linux/commit/57be09c6e8747bf48704136d9e3f92bfb93f5725 + https://ubuntu.com/security/notices/USN-4208-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4526-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19068 on Ubuntu 20.04 (focal) - low. + A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19068.html + https://github.com/torvalds/linux/commit/a2cdd07488e666aa93a49a3fc9c9b1299e27ef3c + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4286-2 + https://ubuntu.com/security/notices/USN-4300-1 + https://ubuntu.com/security/notices/USN-4301-1 + https://ubuntu.com/security/notices/USN-4302-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19071 on Ubuntu 20.04 (focal) - low. + A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c. It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19071.html + https://github.com/torvalds/linux/commit/d563131ef23cbc756026f839a82598c8445bc45f + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19072 on Ubuntu 20.04 (focal) - medium. + A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6. It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19072.html + https://github.com/torvalds/linux/commit/96c5c6e6a5b6db592acae039fed54b5c8844cd35 + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19075 on Ubuntu 20.04 (focal) - low. + A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e. It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19075.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8 + https://github.com/torvalds/linux/commit/6402939ec86eaf226c8b8ae00ed983936b164908 + https://ubuntu.com/security/notices/USN-4208-1 + https://ubuntu.com/security/notices/USN-4210-1 + https://ubuntu.com/security/notices/USN-4226-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19076 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted. It was discovered that there was a memory leak in the Advanced Buffer Management functionality of the Netronome NFP4000/NFP6000 NIC Driver in the Linux kernel during certain error scenarios. A local attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19076.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6 + https://github.com/torvalds/linux/commit/78beef629fd95be4ed853b2d37b832f766bd96ca + https://ubuntu.com/security/notices/USN-4209-1 + https://lore.kernel.org/lkml/20191204103955.63c4d9af@cakuba.netronome.com/ + https://lore.kernel.org/netdev/20191210182032.24077-1-jakub.kicinski@netronome.com/ + + + + sbeattie> reverted in 1d1997db870f4058676439ef7014390ba9e24eb2, in part due to upstream determining that there was no memory leak. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19077 on Ubuntu 20.04 (focal) - low. + A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14. It was discovered that the Broadcom Netxtreme HCA device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19077.html + https://github.com/torvalds/linux/commit/4a9d46a9fe14401f21df69cea97c62396d5fb053 + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19078 on Ubuntu 20.04 (focal) - low. + A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2. It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19078.html + https://github.com/torvalds/linux/commit/b8d17e7d93d2beb89e4f34c59996376b8b544792 + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19079 on Ubuntu 20.04 (focal) - low. + A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19. It was discovered that the Qualcomm IPC Router TUN device driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19079.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3 + https://github.com/torvalds/linux/commit/a21b7f0cff1906a93a0130b74713b15a0b36481d + https://ubuntu.com/security/notices/USN-4258-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19080 on Ubuntu 20.04 (focal) - low. + Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19080.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 + https://github.com/torvalds/linux/commit/8572cea1461a006bce1d06c0c4b0575869125fa4 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19081 on Ubuntu 20.04 (focal) - low. + A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19081.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 + https://github.com/torvalds/linux/commit/8ce39eb5a67aee25d9f05b40b673c95b23502e3e + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19082 on Ubuntu 20.04 (focal) - low. + Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad. It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19082.html + https://github.com/torvalds/linux/commit/104c307147ad379617472dd91a5bcb368d72bd6d + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19083 on Ubuntu 20.04 (focal) - low. + Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1. It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attack could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-18 06:15:00 UTC + 2019-11-18 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19083.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8 + https://github.com/torvalds/linux/commit/055e547478a11a6360c7ce05e2afc3e366968a12 + https://ubuntu.com/security/notices/USN-4208-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4227-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19126 on Ubuntu 20.04 (focal) - low. + On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-19 22:15:00 UTC + 2019-11-19 22:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25204 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19126.html + https://sourceware.org/ml/libc-alpha/2019-11/msg00649.html + https://ubuntu.com/security/notices/USN-4416-1 + + + + sbeattie> introduced in b9eb92ab05204df772eb4929eccd018637c9f3e9, so glibc 2.23 + + + + + + + + + CVE-2019-19227 on Ubuntu 20.04 (focal) - low. + In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122. Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-22 14:15:00 UTC + 2019-11-22 14:15:00 UTC + Dan Carpenter + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19227.html + https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9804501fa1228048857910a6bf23e085aade37cc + https://ubuntu.com/security/notices/USN-4254-1 + https://ubuntu.com/security/notices/USN-4254-2 + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19232 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-19 21:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947225 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19232.html + https://www.sudo.ws/devel.html#1.8.30b2 + https://www.sudo.ws/stable.html + + + + mdeslaur> upstream sudo has disputed this CVE, sudo works as intended and mdeslaur> as documented, so marking this as not-affected. + + + + + + + + + CVE-2019-19234 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-19 21:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947225 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19234.html + https://www.sudo.ws/devel.html#1.8.30b2 + https://www.sudo.ws/stable.html + + + + mdeslaur> upstream sudo has disputed this CVE, sudo works as intended and mdeslaur> as documented, so marking this as not-affected. + + + + + + + + + CVE-2019-19241 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context. It was discovered that the IO uring implementation in the Linux kernel did not properly perform credentials checks in certain situations. A local attacker could possibly use this to gain administrative privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 20:15:00 UTC + 2019-12-17 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19241.html + https://bugs.chromium.org/p/project-zero/issues/detail?id=1975 + https://git.kernel.org/linus/181e448d8709e517c9c7b523fcd209f24eb38ca7 + https://git.kernel.org/linus/d69e07793f891524c6bbf1e75b9ae69db4450953 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=181e448d8709e517c9c7b523fcd209f24eb38ca7 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d69e07793f891524c6bbf1e75b9ae69db4450953 + https://ubuntu.com/security/notices/USN-4284-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19252 on Ubuntu 20.04 (focal) - medium. + vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. Or Cohen discovered that the virtual console subsystem in the Linux kernel did not properly restrict writes to unimplemented vcsu (unicode) devices. A local attacker could possibly use this to cause a denial of service (system crash) or have other unspecified impacts. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-25 18:15:00 UTC + 2019-11-25 18:15:00 UTC + Or Cohen + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19252.html + https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/ + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19318 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-28 00:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1158026 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19318.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318 + + + + tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted sbeattie> possibly fixed by btrfs tree checker, which would mean it's addressed for all kernels 4.4.x and newer. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19319 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-27 23:15:00 UTC + 2019-11-27 23:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1158021 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19319.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19319 + https://ubuntu.com/security/notices/USN-4391-1 + + + + tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted sbeattie> it's asserted by Jan Kara in the suse bug below that 345c0dbf3a30 (plus related commits) addresses the issue + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19332 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-09 15:15:00 UTC + 2020-01-09 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19332.html + https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e + https://ubuntu.com/security/notices/USN-4254-1 + https://ubuntu.com/security/notices/USN-4254-2 + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19333 on Ubuntu 20.04 (focal) - medium. + In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-06 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946217 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19333.html + https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d + + + + + + + + + + CVE-2019-19334 on Ubuntu 20.04 (focal) - medium. + In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-06 16:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946217 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19334.html + https://github.com/CESNET/libyang/commit/6980afae2ff9fcd6d67508b0a3f694d75fd059d6 + + + + + + + + + + CVE-2019-19377 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-11-29 16:15:00 UTC + 2019-11-29 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19377.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377 + https://ubuntu.com/security/notices/USN-4369-1 + https://ubuntu.com/security/notices/USN-4367-1 + https://ubuntu.com/security/notices/USN-4414-1 + + + + tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19447 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-08 01:15:00 UTC + https://bugzilla.kernel.org/show_bug.cgi?id=205433 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19447.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447 + https://lore.kernel.org/r/20191112032903.8828-1-tytso@mit.edu + + + + tyhicks> Exploiting this vulnerability requires a crafted filesystem image to be mounted + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19462 on Ubuntu 20.04 (focal) - medium. + relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-30 01:15:00 UTC + 2019-11-30 01:15:00 UTC + syzkaller + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19462.html + https://lore.kernel.org/lkml/20191219121256.26480-1-dja@axtens.net/ + https://ubuntu.com/security/notices/USN-4414-1 + https://ubuntu.com/security/notices/USN-4425-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19523 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19523.html + https://git.kernel.org/linus/44efc269db7929f6275a1fa927ef082e533ecde0 + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=44efc269db7929f6275a1fa927ef082e533ecde0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19524 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19524.html + https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86 + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.12 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa3a5a1880c91bb92594ad42dfe9eedad7996b86 + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4228-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4228-2 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19525 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19525.html + https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76 + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fd25e6fc035f4b04b75bca6d7e8daa069603a76 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19526 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. It was discovered that the NXP PN533 NFC USB driver in the Linux kernel did not properly free resources after a late probe error, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19526.html + https://git.kernel.org/linus/6af3aa57a0984e061f61308fe181a9a12359fecc + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6af3aa57a0984e061f61308fe181a9a12359fecc + https://ubuntu.com/security/notices/USN-4226-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19527 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19527.html + https://git.kernel.org/linus/6d4472d7bec39917b54e4e80245784ea5d60ce49 + https://git.kernel.org/linus/9c09b214f30e3c11f9b0b03f89442df03643794d + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d4472d7bec39917b54e4e80245784ea5d60ce49 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9c09b214f30e3c11f9b0b03f89442df03643794d + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19528 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19528.html + https://git.kernel.org/linus/edc4746f253d907d048de680a621e121517f484b + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c468a8aa790e0dfe0a7f8a39db282d39c2c00b46 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edc4746f253d907d048de680a621e121517f484b + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19529 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19529.html + https://git.kernel.org/linus/4d6636498c41891d0482a914dd570343a838ad79 + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d6636498c41891d0482a914dd570343a838ad79 + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19530 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19530.html + https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625 + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19531 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19531.html + https://git.kernel.org/linus/fc05481b2fcabaaeccf63e32ac1baab54e5b6963 + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc05481b2fcabaaeccf63e32ac1baab54e5b6963 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19532 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. It was discovered that multiple USB HID device drivers in the Linux kernel did not properly validate device metadata on attachment, leading to out-of- bounds writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19532.html + https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d9d4b1e46d9543a82c23f6df03f4ad697dab361b + https://ubuntu.com/security/notices/USN-4226-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19533 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19533.html + https://git.kernel.org/linus/a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19534 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19534.html + https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd + https://ubuntu.com/security/notices/USN-4225-1 + https://ubuntu.com/security/notices/USN-4226-1 + https://ubuntu.com/security/notices/USN-4227-1 + https://ubuntu.com/security/notices/USN-4228-1 + https://ubuntu.com/security/notices/USN-4227-2 + https://ubuntu.com/security/notices/USN-4228-2 + https://ubuntu.com/security/notices/USN-4225-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19535 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19535.html + https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9 + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30a8beeb3042f49d0537b7050fd21b490166a3d9 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19536 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19536.html + https://git.kernel.org/linus/ead16e53c2f0ed946d82d4037c630e2f60f4ab69 + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ead16e53c2f0ed946d82d4037c630e2f60f4ab69 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19537 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-03 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19537.html + https://git.kernel.org/linus/303911cfc5b95d33687d9046133ff184cf5043ff + http://www.openwall.com/lists/oss-security/2019/12/03/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=303911cfc5b95d33687d9046133ff184cf5043ff + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19602 on Ubuntu 20.04 (focal) - medium. + fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc. It was discovered that a race condition existed in the Linux kernel on x86 platforms when keeping track of which process was assigned control of the FPU. A local attacker could use this to cause a denial of service (memory corruption) or possibly gain administrative privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-05 14:15:00 UTC + 2019-12-05 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19602.html + https://git.kernel.org/linus/59c4bd853abcea95eccc167a7d7fd5f1a5f47b98 + https://bugzilla.kernel.org/show_bug.cgi?id=205663 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c4bd853abcea95eccc167a7d7fd5f1a5f47b98 + https://github.com/golang/go/issues/35777#issuecomment-561935388 + https://github.com/torvalds/linux/commit/59c4bd853abcea95eccc167a7d7fd5f1a5f47b98 + https://ubuntu.com/security/notices/USN-4284-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19603 on Ubuntu 20.04 (focal) - low. + SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-09 19:15:00 UTC + 2019-12-09 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19603.html + https://ubuntu.com/security/notices/USN-4394-1 + + + + mdeslaur> The code changes required to backport the fix for this issue to mdeslaur> older versions of SQLite shipped in Ubuntu stable releases is mdeslaur> subtantial and may introduce regressions. Due to the low mdeslaur> severity of this issue, we will not be releasing a fix for mdeslaur> Ubuntu 18.04 LTS and earlier. Marking as ignored. + + + + + + + + + CVE-2019-19630 on Ubuntu 20.04 (focal) - medium. + HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. It was dicovered that HTMLDOC has a stack-based buffer overflow vulnerability. An attacker could use it create a crafted HTML document that provoke a Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-08 02:15:00 UTC + 2019-12-08 02:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19630.html + https://github.com/michaelrsweet/htmldoc/issues/370 + https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c + https://ubuntu.com/security/notices/USN-4696-1 + + + + + + + + + + CVE-2019-19645 on Ubuntu 20.04 (focal) - low. + alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-09 16:15:00 UTC + 2019-12-09 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19645.html + https://ubuntu.com/security/notices/USN-4394-1 + + + + mdeslaur> The code changes required to backport the fix for this issue to mdeslaur> older versions of SQLite shipped in Ubuntu stable releases is mdeslaur> subtantial and may introduce regressions. Due to the low mdeslaur> severity of this issue, we will not be releasing a fix for mdeslaur> Ubuntu 18.04 LTS and earlier. Marking as ignored. + + + + + + + + + CVE-2019-19767 on Ubuntu 20.04 (focal) - low. + The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-12 20:15:00 UTC + 2019-12-12 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19767.html + https://git.kernel.org/linus/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a + https://bugzilla.kernel.org/show_bug.cgi?id=205609 + https://bugzilla.kernel.org/show_bug.cgi?id=205707 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a + https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a + https://ubuntu.com/security/notices/USN-4258-1 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19768 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). Tristan Madani discovered that the block I/O tracing implementation in the Linux kernel contained a race condition. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-12 20:15:00 UTC + 2019-12-12 20:15:00 UTC + Tristan Madani + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19768.html + https://bugzilla.kernel.org/show_bug.cgi?id=205711 + https://lore.kernel.org/linux-block/20200206142812.25989-1-jack@suse.cz/ + https://ubuntu.com/security/notices/USN-4342-1 + https://ubuntu.com/security/notices/USN-4344-1 + https://ubuntu.com/security/notices/USN-4345-1 + https://ubuntu.com/security/notices/USN-4346-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19769 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-12 20:15:00 UTC + 2019-12-12 20:15:00 UTC + Tristan Madani + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19769.html + https://bugzilla.kernel.org/show_bug.cgi?id=205705 + https://ubuntu.com/security/notices/USN-4369-1 + https://ubuntu.com/security/notices/USN-4368-1 + + + + sbeattie> first attempted fix was 6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da but that showed performance issues in synthetic benchmarks, more complex fix is dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a sbeattie> may be introduced by 16306a61d3b7c433c7a127ec6224867b88ece687 sbeattie> no confirmation that the fixes listed actually address the reporter's issue sbeattie> the conservative fix for this issue may be to just apply 6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19783 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-16 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19783.html + https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html#security-fixes + https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html + https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html + + + + + + + + + + CVE-2019-19813 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 06:15:00 UTC + 2019-12-17 06:15:00 UTC + bobfuzzer + https://bugzilla.suse.com/show_bug.cgi?id=1159435 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19813.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813 + https://ubuntu.com/security/notices/USN-4414-1 + https://ubuntu.com/security/notices/USN-4709-1 + https://ubuntu.com/security/notices/USN-4708-1 + + + + tyhicks> As of 2020-01-09, no upstream fix is available sbeattie> upstream developer asserts in suse bug that the enhanced btrfs tree-checker addresses this issue, which was backported to at least the 4.4 kernel. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19816 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 06:15:00 UTC + 2019-12-17 06:15:00 UTC + bobfuzzer + https://bugzilla.suse.com/show_bug.cgi?id=1159439 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19816.html + https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816 + https://ubuntu.com/security/notices/USN-4414-1 + https://ubuntu.com/security/notices/USN-4709-1 + https://ubuntu.com/security/notices/USN-4708-1 + + + + tyhicks> As of 2020-01-09, no upstream fix is available sbeattie> upstream developer asserts in suse bug that the enhanced btrfs tree-checker will address this issue, so would be fixed in 4.4.x and newer + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19830 on Ubuntu 20.04 (focal) - medium. + _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-17 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19830.html + https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-sortie-de-SPIP-3-2-7-SPIP-3-1-12.html + https://git.spip.net/SPIP/spip/commit/8eb11ba132b92696eb34d606d71aa8edf40e0f69 + https://www.debian.org/security/2019/dsa-4583 + https://zone.spip.net/trac/spip-zone/changeset/118898/spip-zone/_core_/plugins/medias + + + + + + + + + + CVE-2019-19886 on Ubuntu 20.04 (focal) - untriaged. + Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 22:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949682 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19886.html + https://github.com/SpiderLabs/ModSecurity/pull/2202 + https://github.com/SpiderLabs/ModSecurity/commit/7ba77631f9a37e0680d23ee57c455c6a35c65cb9 + https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/ + + + + + + + + + + CVE-2019-19922 on Ubuntu 20.04 (focal) - medium. + kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) It was discovered that in some situations the fair scheduler in the Linux kernel did not permit a process to use its full quota time slice. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-22 20:15:00 UTC + 2019-12-22 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19922.html + https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425 + https://github.com/kubernetes/kubernetes/issues/67577 + https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425 + https://relistan.com/the-kernel-may-be-slowing-down-your-app + https://ubuntu.com/security/notices/USN-4226-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19926 on Ubuntu 20.04 (focal) - medium. + multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-23 01:15:00 UTC + 2019-12-23 01:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19926.html + https://ubuntu.com/security/notices/USN-4298-1 + https://ubuntu.com/security/notices/USN-4298-2 + + + + + + + + + + CVE-2019-19947 on Ubuntu 20.04 (focal) - low. + In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-24 00:15:00 UTC + 2019-12-24 00:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19947.html + https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9 + http://www.openwall.com/lists/oss-security/2019/12/24/1 + https://github.com/torvalds/linux/commit/da2311a6385c3b499da2ed5d9be59ce331fa93e9 + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4427-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + tyhicks> I don't think that the Fixes tag in patch is correct and that the info leaks were possible since the initial inclusion of the driver + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19948 on Ubuntu 20.04 (focal) - low. + In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-24 01:15:00 UTC + 2019-12-24 01:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1562 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947308 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19948.html + https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html + https://ubuntu.com/security/notices/USN-4549-1 + https://ubuntu.com/security/notices/USN-4670-1 + + + + + + + + + + CVE-2019-19949 on Ubuntu 20.04 (focal) - low. + In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-24 01:15:00 UTC + 2019-12-24 01:15:00 UTC + https://github.com/ImageMagick/ImageMagick/issues/1561 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947309 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19949.html + https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html + https://ubuntu.com/security/notices/USN-4549-1 + https://ubuntu.com/security/notices/USN-4670-1 + + + + + + + + + + CVE-2019-19956 on Ubuntu 20.04 (focal) - low. + xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-24 16:15:00 UTC + 2019-12-24 16:15:00 UTC + https://gitlab.gnome.org/GNOME/libxml2/issues/82 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19956.html + https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html + https://ubuntu.com/security/notices/USN-4274-1 + + + + + + + + + + CVE-2019-19965 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-25 04:15:00 UTC + 2019-12-25 04:15:00 UTC + Gao Chuan + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19965.html + https://git.kernel.org/linus/f70267f379b5e5e11bdc5d72a56bf17e5feed01f + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f + https://ubuntu.com/security/notices/USN-4284-1 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4286-2 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-19966 on Ubuntu 20.04 (focal) - low. + In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-25 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19966.html + https://git.kernel.org/linus/dea37a97265588da604c6ba80160a287b72c7bfd + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dea37a97265588da604c6ba80160a287b72c7bfd + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20054 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-28 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20054.html + https://git.kernel.org/linus/23da9588037ecdd4901db76a5b79a42b529c4ec3 + https://git.kernel.org/linus/89189557b47b35683a27c80ee78aef18248eefb4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23da9588037ecdd4901db76a5b79a42b529c4ec3 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89189557b47b35683a27c80ee78aef18248eefb4 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20096 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-30 05:15:00 UTC + 2019-12-30 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20096.html + https://git.kernel.org/linus/1d3ff0950e2b40dc861b1739029649d03f591820 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d3ff0950e2b40dc861b1739029649d03f591820 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4286-2 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20477 on Ubuntu 20.04 (focal) - low. + PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-19 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20477.html + https://github.com/yaml/pyyaml/blob/master/CHANGES + https://www.exploit-db.com/download/47655 + + + + mdeslaur> CVE-2017-18342 resulted in the load() function being mdeslaur> deprecated in 5.1+ in eoan and later. It did not get fixed in mdeslaur> previous release because of compatibility issues. This CVE mdeslaur> therefore only really applies to eoan and later. + + + + + + + + + CVE-2019-20485 on Ubuntu 20.04 (focal) - low. + qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-19 02:15:00 UTC + Eric Blake + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20485.html + https://www.redhat.com/archives/libvir-list/2019-December/msg00295.html + https://www.redhat.com/archives/libvir-list/2020-January/msg00569.html + + + + mdeslaur> it appears this CVE is only for the suspend job because it is mdeslaur> the only one that doesn't require write permissions. mdeslaur> mdeslaur> In libvirt in bionic and older, there was no support for running mdeslaur> both agent monitor jobs and normal monitor jobs at the same. mdeslaur> Support for doing so was introduced in the following commit: mdeslaur> https://gitlab.com/libvirt/libvirt/-/commit/4621350f6d3dbca57bbd97829ff5d4efc3a51c97 mdeslaur> As such, it would not appear that a malicious guest agent would mdeslaur> be able to block jobs in bionic and earlier, so marking as mdeslaur> not-affected. + + + + + + + + + CVE-2019-20636 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-08 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20636.html + https://git.kernel.org/linus/cb222aed03d798fc074be55e59d9a112338ee784 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784 + https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20806 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-27 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20806.html + https://git.kernel.org/linus/2e7682ebfc750177a4944eeb56e97a3f05734528 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2e7682ebfc750177a4944eeb56e97a3f05734528 + https://github.com/torvalds/linux/commit/2e7682ebfc750177a4944eeb56e97a3f05734528 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20808 on Ubuntu 20.04 (focal) - low. + In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-31 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20808.html + + + + + + + + + + CVE-2019-20810 on Ubuntu 20.04 (focal) - low. + go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-03 00:15:00 UTC + 2020-06-03 00:15:00 UTC + Chuhong Yuan + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20810.html + https://git.kernel.org/linus/9453264ef58638ce8976121ac44c07a3ef375983 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9453264ef58638ce8976121ac44c07a3ef375983 + https://ubuntu.com/security/notices/USN-4427-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20811 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. Yue Haibing discovered that the Linux kernel did not properly handle reference counting in sysfs for network devices in some situations. A local attacker could possibly use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-03 03:15:00 UTC + 2020-06-03 03:15:00 UTC + Yue Haibing + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20811.html + https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e + https://ubuntu.com/security/notices/USN-4527-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20812 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-03 03:15:00 UTC + Mao Wenan + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20812.html + https://git.kernel.org/linus/b43d1f9f7067c6759b1051e8ecb84e82cef569fe + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.7 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b43d1f9f7067c6759b1051e8ecb84e82cef569fe + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20892 on Ubuntu 20.04 (focal) - medium. + net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-25 10:15:00 UTC + 2020-06-25 10:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963713 + https://bugzilla.redhat.com/show_bug.cgi?id=1663027 + https://sourceforge.net/p/net-snmp/bugs/2923/ + https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20892.html + https://www.openwall.com/lists/oss-security/2020/06/25/4 + http://www.openwall.com/lists/oss-security/2020/06/25/4 + https://ubuntu.com/security/notices/USN-4410-1 + + + + mdeslaur> Possibly affects 5.8 only. mdeslaur> Could not reproduce crash in eoan and earlier, marking as mdeslaur> not-affected. + + + + + + + + + CVE-2019-20908 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032. Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 22:15:00 UTC + 2020-07-15 22:15:00 UTC + Jason A. Donenfeld + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20908.html + https://www.openwall.com/lists/oss-security/2020/06/14/1 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1957a85b0032a81e6482ca4aab883643b8dae06e + https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh + https://mailarchives.bentasker.co.uk/Mirrors/OSSSec/2020/06-Jun/msg00035.html + https://ubuntu.com/security/notices/USN-4426-1 + https://ubuntu.com/security/notices/USN-4427-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-20919 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 18:15:00 UTC + 2020-09-17 18:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20919.html + https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-... + https://ubuntu.com/security/notices/USN-4534-1 + + + + + + + + + + CVE-2019-20934 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-28 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-20934.html + https://git.kernel.org/linus/16d51a590a8ce3befb1308e0e7ab77f3b661af33 + https://bugs.chromium.org/p/project-zero/issues/detail?id=1913 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16d51a590a8ce3befb1308e0e7ab77f3b661af33 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-2181 on Ubuntu 20.04 (focal) - medium. + In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-05 22:15:00 UTC + 2019-09-05 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2181.html + https://source.android.com/security/bulletin/2019-09-01 + https://android-review.googlesource.com/c/kernel/common/+/981230 + https://ubuntu.com/security/notices/USN-4157-1 + https://ubuntu.com/security/notices/USN-4157-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-2182 on Ubuntu 20.04 (focal) - medium. + In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2182.html + https://source.android.com/security/bulletin/pixel/2019-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-2213 on Ubuntu 20.04 (focal) - medium. + In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133758011References: Upstream kernel + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-13 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2213.html + https://lore.kernel.org/patchwork/patch/1087916/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-2214 on Ubuntu 20.04 (focal) - medium. + In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-11-13 18:15:00 UTC + 2019-11-13 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2214.html + https://lore.kernel.org/driverdev-devel/20190709110923.220736-1-maco@android.com/ + https://git.kernel.org/linus/a56587065094fd96eb4c2b5ad65571daad32156d + https://ubuntu.com/security/notices/USN-4226-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-2228 on Ubuntu 20.04 (focal) - low. + In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-12-06 23:15:00 UTC + 2019-12-06 23:15:00 UTC + mdeslaur + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946782 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2228.html + https://source.android.com/security/bulletin/2019-12-01 + https://android.googlesource.com/platform/external/libcups/+/5fb2ccdf3347f61b570c8e340f90db5cd28b29bc + https://ubuntu.com/security/notices/USN-4340-1 + + + + + + + + + + CVE-2019-3016 on Ubuntu 20.04 (focal) - medium. + In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-31 20:15:00 UTC + 2020-01-30 18:00:00 UTC + cascardo + 2020-01-30 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3016.html + https://ubuntu.com/security/notices/USN-4300-1 + https://ubuntu.com/security/notices/USN-4301-1 + https://usn.ubuntu.com/lsn/0065-1/ + + + + tyhicks> This issue does not affect default installations of Ubuntu as the paravirtual TLB flush feature in KVM is not enabled by default. The QEMU CPU feature "kvm-pv-tlb-flush" is used to enable paravirtual TLB flush. cascardo> It is thought that issue does not affect Intel processors *not* supporting Process-Context Identifiers (PCIDs). You can check support for PCIDs on systems with Intel processors by running "grep pcid /proc/cpuinfo" and verifying that "pcid" shows as one of the flags. cascardo> it was mentioned that it was only easily reproducible on AMD CPUs. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-3812 on Ubuntu 20.04 (focal) - medium. + QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-19 14:29:00 UTC + 2019-02-19 + Michael Hanselmann + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3812.html + https://ubuntu.com/security/notices/USN-3923-1 + + + + + + + + + + CVE-2019-3823 on Ubuntu 20.04 (focal) - low. + libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-06 20:29:00 UTC + 2019-02-06 + mdeslaur + Brian Carpenter + 2019-02-06 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3823.html + https://curl.haxx.se/docs/CVE-2019-3823.html + https://ubuntu.com/security/notices/USN-3882-1 + + + + + + + + + + CVE-2019-3832 on Ubuntu 20.04 (focal) - low. + It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + 2019-03-21 + mdeslaur + https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3832.html + https://ubuntu.com/security/notices/USN-4013-1 + https://ubuntu.com/security/notices/USN-4704-1 + + + + + + + + + + CVE-2019-3877 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-27 13:29:00 UTC + 2019-03-22 + leosilva + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3877.html + https://ubuntu.com/security/notices/USN-3924-1 + https://ubuntu.com/security/notices/USN-4597-1 + + + + + + + + + + CVE-2019-3878 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-26 18:29:00 UTC + 2019-03-21 + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925197 + https://bugzilla.redhat.com/show_bug.cgi?id=1576719 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3878.html + https://github.com/Uninett/mod_auth_mellon/pull/196 + https://ubuntu.com/security/notices/USN-3924-1 + https://ubuntu.com/security/notices/USN-4597-1 + + + + + + + + + + CVE-2019-3886 on Ubuntu 20.04 (focal) - low. + An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-04-04 16:29:00 UTC + 2019-04-04 + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926418 + https://bugzilla.redhat.com/show_bug.cgi?id=1694880 + https://bugzilla.novell.com/show_bug.cgi?id=1131595#c3 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3886.html + https://www.redhat.com/archives/libvir-list/2019-April/msg00339.html + https://security.libvirt.org/2019/0001.html + https://ubuntu.com/security/notices/USN-4021-1 + + + + mdeslaur> only a DoS, no information disclosure + + + + + + + + + CVE-2019-5063 on Ubuntu 20.04 (focal) - medium. + An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-03 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948180 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5063.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852 + https://github.com/opencv/opencv/issues/15857 + + + + + + + + + + CVE-2019-5064 on Ubuntu 20.04 (focal) - medium. + An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-03 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948180 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5064.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853 + https://github.com/opencv/opencv/issues/15857 + + + + + + + + + + CVE-2019-5108 on Ubuntu 20.04 (focal) - medium. + An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-12-23 19:15:00 UTC + 2019-12-23 19:15:00 UTC + Mitchell Frank + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5108.html + https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4286-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4286-2 + https://ubuntu.com/security/notices/USN-4287-2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-5448 on Ubuntu 20.04 (focal) - low. + Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-07-30 21:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941354 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5448.html + https://hackerone.com/reports/640904 + https://github.com/ChALkeR/notes/blob/master/Yarn-vuln.md + https://github.com/yarnpkg/yarn/pull/7393 + https://github.com/yarnpkg/yarn/commit/2f08a7405cc3f6fe47c30293050bb0ac94850932 + + + + + + + + + + CVE-2019-5747 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-01-09 16:29:00 UTC + 2019-01-09 + https://bugs.busybox.net/show_bug.cgi?id=11506 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5747.html + https://ubuntu.com/security/notices/USN-3935-1 + + + + + + + + + + CVE-2019-6110 on Ubuntu 20.04 (focal) - low. + In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-31 18:29:00 UTC + Harry Sintonen + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6110.html + https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt + https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037459.html + + + + seth-arnold> openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. mdeslaur> mdeslaur> The recommended workaround for this issue is to switch to using mdeslaur> sftp instead of scp. mdeslaur> mdeslaur> Per https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037475.html mdeslaur> upstream doesn't consider this to be a vulnerability, and as of mdeslaur> 2020-07-07, there is no upstream fix. We will not be fixing mdeslaur> this issue in Ubuntu stable releases. + + + + + + + + + + + + CVE-2019-6488 on Ubuntu 20.04 (focal) - negligible. + The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-01-18 19:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24097 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6488.html + + + + mdeslaur> only affects x32 mdeslaur> we will not be fixing this issue in Ubuntu stable releases, mdeslaur> marking as ignored + + + + + + + + + CVE-2019-6778 on Ubuntu 20.04 (focal) - medium. + In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + 2019-01-25 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6778.html + https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html + https://ubuntu.com/security/notices/USN-3923-1 + + + + + + + + + + CVE-2019-6978 on Ubuntu 20.04 (focal) - low. + The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-01-28 08:29:00 UTC + 2019-01-28 + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920728 + https://github.com/libgd/libgd/issues/492 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6978.html + https://ubuntu.com/security/notices/USN-3900-1 + + + + mdeslaur> php uses the system libgd2 + + + + + + + + + CVE-2019-7308 on Ubuntu 20.04 (focal) - medium. + kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-02-01 22:29:00 UTC + 2019-02-01 + Jann Horn + https://bugs.chromium.org/p/project-zero/issues/detail?id=1711 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7308.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38 + https://www.openwall.com/lists/oss-security/2019/02/02/3 + https://ubuntu.com/security/notices/USN-3930-1 + https://ubuntu.com/security/notices/USN-3930-2 + https://ubuntu.com/security/notices/USN-3931-1 + https://ubuntu.com/security/notices/USN-3931-2 + + + + tyhicks> Mitigation for this vulnerability is available by setting the kernel.unprivileged_bpf_disabled sysctl to 1: $ sudo sysctl kernel.unprivileged_bpf_disabled=1 $ echo kernel.unprivileged_bpf_disabled=1 | \ sudo tee /etc/sysctl.d/90-CVE-2019-7308.conf tyhicks> This issue is mitigated on systems that use secure boot, thanks to the kernel lockdown feature which blocks BPF program loading. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-7309 on Ubuntu 20.04 (focal) - negligible. + In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-02-03 02:29:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=24155 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7309.html + https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html + https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html + + + + mdeslaur> only affects x32 mdeslaur> we will not be fixing this issue in Ubuntu stable releases, mdeslaur> marking as ignored + + + + + + + + + CVE-2019-8934 on Ubuntu 20.04 (focal) - low. + hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-03-21 16:01:00 UTC + Daniel P. Berrangé + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922923 + https://bugzilla.redhat.com/show_bug.cgi?id=1668022 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-8934.html + https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html + + + + mdeslaur> see debian bug for information on this change that may break mdeslaur> existing functionnality. This fix will break ppc migration. mdeslaur> mdeslaur> we will not be fixing this issue in stable releases, marking as mdeslaur> ignored + + + + + + + + + CVE-2019-9169 on Ubuntu 20.04 (focal) - low. + In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-02-26 02:29:00 UTC + 2019-02-26 02:29:00 UTC + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140 + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142 + https://sourceware.org/bugzilla/show_bug.cgi?id=24114 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9169.html + https://ubuntu.com/security/notices/USN-4416-1 + + + + + + + + + + CVE-2019-9232 on Ubuntu 20.04 (focal) - low. + In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 19:15:00 UTC + 2019-09-27 19:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9232.html + https://source.android.com/security/bulletin/android-10 + https://www.openwall.com/lists/oss-security/2019/11/07/1 + https://chromium-review.googlesource.com/c/webm/libvpx/+/1395793 + https://ubuntu.com/security/notices/USN-4199-1 + https://ubuntu.com/security/notices/USN-4199-2 + + + + amurray> Fixed in version >= 1.8.0 + + + + + + + + + CVE-2019-9245 on Ubuntu 20.04 (focal) - low. + In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9245.html + https://git.kernel.org/linus/64beba0558fce7b59e9a8a7afd77290e82a22163 + https://source.android.com/security/bulletin/pixel/2019-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-9325 on Ubuntu 20.04 (focal) - low. + In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 19:15:00 UTC + 2019-09-27 19:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9325.html + https://www.openwall.com/lists/oss-security/2019/11/07/1 + https://chromium-review.googlesource.com/c/webm/libvpx/+/1149604 + https://ubuntu.com/security/notices/USN-4199-1 + + + + amurray> Fixed in versions >= 1.8.0 leosilva> vulnerability introduced in 1.4.0 + + + + + + + + + CVE-2019-9433 on Ubuntu 20.04 (focal) - low. + In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-27 19:15:00 UTC + 2019-09-27 19:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9433.html + https://source.android.com/security/bulletin/android-10 + https://www.openwall.com/lists/oss-security/2019/11/07/1 + https://chromium-review.googlesource.com/c/webm/libvpx/+/1070753 + https://ubuntu.com/security/notices/USN-4199-1 + https://ubuntu.com/security/notices/USN-4199-2 + + + + amurray> fixed in revisions >= 1.8.0 + + + + + + + + + CVE-2019-9444 on Ubuntu 20.04 (focal) - negligible. + In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9444.html + https://lore.kernel.org/patchwork/patch/902287/ + https://source.android.com/security/bulletin/pixel/2019-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-9445 on Ubuntu 20.04 (focal) - low. + In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. It was discovered that the F2FS file system in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of- bounds read. A local attacker could possibly use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 22:15:00 UTC + 2019-09-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9445.html + https://git.kernel.org/linus/720db068634c91553a8e1d9a0fcd8c7050e06d2b + https://source.android.com/security/bulletin/pixel/2019-09-01 + https://ubuntu.com/security/notices/USN-4526-1 + https://ubuntu.com/security/notices/USN-4527-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-9453 on Ubuntu 20.04 (focal) - low. + In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. It was discovered that the F2FS file system in the Linux kernel did not properly validate xattr meta data in some situations, leading to an out-of- bounds read. An attacker could use this to construct a malicious F2FS image that, when mounted, could expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 22:15:00 UTC + 2019-09-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9453.html + https://git.kernel.org/linus/2777e654371dd4207a3a7f4fb5fa39550053a080 + https://source.android.com/security/bulletin/pixel/2019-09-01 + https://ubuntu.com/security/notices/USN-4527-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-9454 on Ubuntu 20.04 (focal) - medium. + In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9454.html + https://git.kernel.org/linus/89c6efa61f5709327ecfa24bff18e57a4e80c7fa + https://source.android.com/security/bulletin/pixel/2019-09-01 + + + + sbeattie> same commit as CVE-2017-18551, possibly a dupe + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-9455 on Ubuntu 20.04 (focal) - low. + In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9455.html + https://git.kernel.org/linus/5e99456c20f712dcc13d9f6ca4278937d5367355 + https://source.android.com/security/bulletin/pixel/2019-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-9456 on Ubuntu 20.04 (focal) - low. + In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9456.html + https://git.kernel.org/linus/a5f596830e27e15f7a0ecd6be55e433d776986d8 + https://source.android.com/security/bulletin/pixel/2019-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-9458 on Ubuntu 20.04 (focal) - medium. + In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-09-06 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9458.html + https://git.kernel.org/linus/ad608fbcf166fec809e402d548761768f602702c + https://source.android.com/security/bulletin/pixel/2019-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-9506 on Ubuntu 20.04 (focal) - medium. + The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2019 Canonical Ltd. + 2019-08-14 17:15:00 UTC + 2019-08-13 + Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen + 2019-08-13 + https://bugzilla.kernel.org/show_bug.cgi?id=203997 + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9506.html + https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli + https://knobattack.com/ + https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/ + https://ubuntu.com/security/notices/USN-4115-1 + https://ubuntu.com/security/notices/USN-4118-1 + https://ubuntu.com/security/notices/USN-4147-1 + + + + sbeattie> CERT VU#918987 mdeslaur> Mitigation for this issue was added to the kernel + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2019-9824 on Ubuntu 20.04 (focal) - low. + tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. William Bowling discovered that an information leak existed in the SLiRP networking implementation of QEMU. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2019 Canonical Ltd. + 2019-06-03 21:29:00 UTC + 2019-03-19 + William Bowling + http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9824.html + https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html + https://www.openwall.com/lists/oss-security/2019/03/18/1 + https://ubuntu.com/security/notices/USN-3978-1 + + + + + + + + + + CVE-2020-0009 on Ubuntu 20.04 (focal) - low. + In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-08 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0009.html + https://bugs.chromium.org/p/project-zero/issues/detail?id=1949 + + + + cascardo> possible fix is 6d67b0290b4b84c477e6a2fc6e005e174d3c7786 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0041 on Ubuntu 20.04 (focal) - medium. + In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-10 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0041.html + https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0067 on Ubuntu 20.04 (focal) - medium. + In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147. It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-17 19:15:00 UTC + 2020-04-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0067.html + https://git.kernel.org/linus/688078e7f36c293dae25b338ddc9e0a2790f6e06 + https://ubuntu.com/security/notices/USN-4387-1 + https://ubuntu.com/security/notices/USN-4389-1 + https://ubuntu.com/security/notices/USN-4390-1 + https://ubuntu.com/security/notices/USN-4388-1 + https://ubuntu.com/security/notices/USN-4527-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0110 on Ubuntu 20.04 (focal) - medium. + In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-14 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0110.html + https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0181 on Ubuntu 20.04 (focal) - medium. + In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-11 15:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962346 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0181.html + https://android.googlesource.com/platform/external/libexif/+/f6c54954cbfc25eb73d2d2902f0597c0220174a4 + + + + leosilva> This was already fixed by the patch for CVE-2019-9278 + + + + + + + + + CVE-2020-0182 on Ubuntu 20.04 (focal) - medium. + In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-11 15:15:00 UTC + 2020-06-09 00:00:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0182.html + https://ubuntu.com/security/notices/USN-4396-1 + + + + + + + + + + CVE-2020-0198 on Ubuntu 20.04 (focal) - medium. + In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-11 15:15:00 UTC + 2020-06-09 00:00:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962345 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0198.html + https://ubuntu.com/security/notices/USN-4396-1 + + + + + + + + + + CVE-2020-0305 on Ubuntu 20.04 (focal) - medium. + In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-17 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0305.html + https://git.kernel.org/linus/68faa679b8be1a74e6663c21c3a9d25d32f1c079 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0404 on Ubuntu 20.04 (focal) - medium. + In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 16:15:00 UTC + Andrey Konovalov + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0404.html + https://git.kernel.org/linus/68035c80e129c4cfec659aac4180354530b26527 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0427 on Ubuntu 20.04 (focal) - medium. + In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 19:15:00 UTC + 2020-09-17 19:15:00 UTC + Elena Petrova + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0427.html + https://git.kernel.org/linus/be4c60b563edee3712d392aaeb0943a768df7023 + https://source.android.com/security/bulletin/pixel/2020-09-01 + https://ubuntu.com/security/notices/USN-4657-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0429 on Ubuntu 20.04 (focal) - low. + In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806 + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0429.html + https://git.kernel.org/linus/b228a94066406b6c456321d69643b0d7ce11cfa6 + https://git.kernel.org/linus/cdd10c9627496ad25c87ce6394e29752253c69d3 + https://source.android.com/security/bulletin/pixel/2020-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0430 on Ubuntu 20.04 (focal) - medium. + In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153881554 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0430.html + https://git.kernel.org/linus/58990d1ff3f7896ee341030e9a7c2e4002570683 + https://source.android.com/security/bulletin/pixel/2020-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0431 on Ubuntu 20.04 (focal) - medium. + In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0431.html + https://git.kernel.org/linus/4f3882177240a1f55e45a3d241d3121341bead78 + https://source.android.com/security/bulletin/pixel/2020-09-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0432 on Ubuntu 20.04 (focal) - medium. + In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 19:15:00 UTC + Greg Kroah-Hartman + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0432.html + https://git.kernel.org/linus/4d1356ac12f4d5180d0df345d85ff0ee42b89c72 + https://source.android.com/security/bulletin/pixel/2020-09-01 + + + + sbeattie| staging driver, need to confirm it is enabled + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0433 on Ubuntu 20.04 (focal) - medium. + In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-17 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0433.html + https://source.android.com/security/bulletin/pixel/2020-09-01 + https://git.kernel.org/linus/f5bbbbe4d63577026f908a809f22f5fd5a90ea1f + https://git.kernel.org/linus/530ca2c9bd6949c72c9b5cfc330cb3dbccaa3f5b + + + + sbeattie| see android advisory for stable backports + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0444 on Ubuntu 20.04 (focal) - medium. + In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0444.html + https://git.kernel.org/linus/2ad3e17ebf94b7b7f3f64c050ff168f9915345eb + https://source.android.com/security/bulletin/2020-12-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-0452 on Ubuntu 20.04 (focal) - medium. + In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-10 13:15:00 UTC + 2020-11-06 00:00:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0452.html + https://ubuntu.com/security/notices/USN-4624-1 + + + + + + + + + + CVE-2020-0543 on Ubuntu 20.04 (focal) - medium. + Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 14:15:00 UTC + 2020-06-09 17:00:00 UTC + sbeattie + 2020-06-09 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0543.html + https://www.vusec.net/projects/crosstalk + https://software.intel.com/security-software-guidance/software-guidance/special-register-buffer-data-sampling + https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling + https://software.intel.com/security-software-guidance/insights/processors-affected-special-register-buffer-data-sampling + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html + https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/special-register-buffer-data-sampling.html + https://ubuntu.com/security/notices/USN-4385-1 + https://ubuntu.com/security/notices/USN-4391-1 + https://ubuntu.com/security/notices/USN-4392-1 + https://ubuntu.com/security/notices/USN-4393-1 + https://ubuntu.com/security/notices/USN-4387-1 + https://ubuntu.com/security/notices/USN-4389-1 + https://ubuntu.com/security/notices/USN-4390-1 + https://ubuntu.com/security/notices/USN-4388-1 + + + + tyhicks| This issue only affects Intel client and Xeon E3 processors sbeattie| also known as "CrossTalk" sbeattie> Affected processor families: ============= ============ ======== common name Family_Model Stepping ============= ============ ======== IvyBridge 06_3AH All Haswell 06_3CH All Haswell_L 06_45H All Haswell_G 06_46H All Broadwell_G 06_47H All Broadwell 06_3DH All Skylake_L 06_4EH All Skylake 06_5EH All Kabylake_L 06_8EH <= 0xC Kabylake 06_9EH <= 0xD ============= ============ ======== + + + + + + + + + CVE-2020-0548 on Ubuntu 20.04 (focal) - medium. + Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. It was discovered that on some Intel processors, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. A local attacker could possible use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 01:15:00 UTC + 2020-01-27 17:00:00 UTC + sbeattie + 2020-01-27 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0548.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html + https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling + https://ubuntu.com/security/notices/USN-4385-1 + + + + tyhicks> This issue only affects Intel processors + + + + + + + + + CVE-2020-0549 on Ubuntu 20.04 (focal) - medium. + Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. It was discovered that on some Intel processors, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-28 01:15:00 UTC + 2020-01-27 17:00:00 UTC + sbeattie + 2020-01-27 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0549.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html + https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling + https://ubuntu.com/security/notices/USN-4385-1 + + + + tyhicks> This issue only affects Intel processors + + + + + + + + + CVE-2020-0550 on Ubuntu 20.04 (focal) - low. + Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-12 22:15:00 UTC + Pawel Wieczorkiewicz + 2020-03-10 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-0550.html + https://software.intel.com/security-software-guidance/software-guidance/snoop-assisted-l1-data-sampling + https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling + https://software.intel.com/security-software-guidance/advisory-guidance/snoop-assisted-l1-data-sampling + https://software.intel.com/security-software-guidance/deep-dives/deep-dive-snoop-assisted-l1-data-sampling + + + + sbeattie> affects processors from Intel only mdeslaur> Intel has no plans to release microcode updates for this issue, mdeslaur> marking as ignored + + + + + + + + + CVE-2020-10543 on Ubuntu 20.04 (focal) - low. + Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario. Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario. Additionally, the target system needs a sufficient amount of memory to allocate partial expansions of the nested quantifiers prior to the overflow occurring. This requirement is unlikely to be met on 64bit systems.] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-05 14:15:00 UTC + 2020-06-01 00:00:00 UTC + ManhND of The Tarantula Team, VinCSS a member of Vingroup + 2020-06-01 00:00:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10543.html + https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod + https://metacpan.org/pod/release/XSAWYERX/perl-5.30.3/pod/perldelta.pod + https://ubuntu.com/security/notices/USN-4602-1 + https://ubuntu.com/security/notices/USN-4602-2 + + + + amurray| Affects 5.005 to 5.30.2 + + + + + + + + + CVE-2020-10690 on Ubuntu 20.04 (focal) - medium. + There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. It was discovered that a race condition existed in the Precision Time Protocol (PTP) implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-08 15:15:00 UTC + 2020-05-08 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10690.html + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690 + https://lore.kernel.org/linux-fsdevel/20191125125342.6189-1-vdronov@redhat.com/T/#u + https://ubuntu.com/security/notices/USN-4419-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10700 on Ubuntu 20.04 (focal) - medium. + A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-04 21:15:00 UTC + 2020-04-28 + mdeslaur + Andrei Popa + 2020-04-28 + https://bugzilla.samba.org/show_bug.cgi?id=14331 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10700.html + https://www.samba.org/samba/security/CVE-2020-10700.html + https://ubuntu.com/security/notices/USN-4341-1 + + + + mdeslaur> Samba 4.10.0 and later + + + + + + + + + CVE-2020-10702 on Ubuntu 20.04 (focal) - low. + A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-04 18:15:00 UTC + 2020-04-13 00:00:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10702.html + https://ubuntu.com/security/notices/USN-4372-1 + + + + + + + + + + CVE-2020-10703 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-02 13:15:00 UTC + 2020-04-13 00:00:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1790725 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10703.html + https://ubuntu.com/security/notices/USN-4371-1 + + + + mdeslaur> introduced by: mdeslaur> https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e + + + + + + + + + CVE-2020-10704 on Ubuntu 20.04 (focal) - medium. + A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-06 14:15:00 UTC + 2020-04-28 + mdeslaur + 2020-04-28 + https://bugzilla.samba.org/show_bug.cgi?id=14334 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10704.html + https://www.samba.org/samba/security/CVE-2020-10704.html + https://ubuntu.com/security/notices/USN-4341-1 + https://ubuntu.com/security/notices/USN-4341-2 + + + + + + + + + + CVE-2020-10711 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-22 15:15:00 UTC + 2020-05-12 12:00:00 UTC + Matthew Sheets + 2020-05-12 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10711.html + https://www.openwall.com/lists/oss-security/2020/05/12/2 + https://lore.kernel.org/netdev/07d99ae197bfdb2964931201db67b6cd0b38db5b.1589276729.git.pabeni@redhat.com/T/#u + https://ubuntu.com/security/notices/USN-4411-1 + https://ubuntu.com/security/notices/USN-4412-1 + https://ubuntu.com/security/notices/USN-4413-1 + https://ubuntu.com/security/notices/USN-4414-1 + https://ubuntu.com/security/notices/USN-4419-1 + + + + sbeattie> SELinux is not the default MAC used in Ubuntu + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10713 on Ubuntu 20.04 (focal) - high. + A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-07-30 13:15:00 UTC + 2020-07-29 17:00:00 UTC + Jesse Michael and Mickey Shkatov + 2020-07-29 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10713.html + https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass + https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html + https://www.openwall.com/lists/oss-security/2020/07/29/3 + https://ubuntu.com/security/notices/USN-4432-1 + + + + amurray| grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low + + + + + + + + + + + + CVE-2020-10720 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-03 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10720.html + https://bugzilla.redhat.com/show_bug.cgi?id=1781204 + https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef + https://syzkaller.appspot.com/bug?id=7b571739e71a77303e665c793d1f773ce3823226 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10722 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 19:15:00 UTC + 2020-05-18 15:00:00 UTC + mdeslaur + 2020-05-18 15:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10722.html + https://ubuntu.com/security/notices/USN-4362-1 + + + + + + + + + + CVE-2020-10723 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 19:15:00 UTC + 2020-05-18 15:00:00 UTC + mdeslaur + 2020-05-18 15:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10723.html + https://ubuntu.com/security/notices/USN-4362-1 + + + + + + + + + + CVE-2020-10724 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 19:15:00 UTC + 2020-05-18 15:00:00 UTC + mdeslaur + 2020-05-18 15:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10724.html + https://ubuntu.com/security/notices/USN-4362-1 + + + + + + + + + + CVE-2020-10725 on Ubuntu 20.04 (focal) - medium. + A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-20 14:15:00 UTC + 2020-05-18 15:00:00 UTC + mdeslaur + 2020-05-18 15:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10725.html + https://ubuntu.com/security/notices/USN-4362-1 + + + + + + + + + + CVE-2020-10726 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-20 14:15:00 UTC + 2020-05-18 15:00:00 UTC + mdeslaur + 2020-05-18 15:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10726.html + https://ubuntu.com/security/notices/USN-4362-1 + + + + + + + + + + CVE-2020-10730 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-07 14:15:00 UTC + 2020-07-02 + mdeslaur + Andrew Bartlett + 2020-07-02 + https://bugzilla.samba.org/show_bug.cgi?id=14364 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10730.html + https://ubuntu.com/security/notices/USN-4409-1 + + + + mdeslaur> introduced in 4.5 + + + + + + + + + CVE-2020-10732 on Ubuntu 20.04 (focal) - low. + A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-12 14:15:00 UTC + 2020-06-12 14:15:00 UTC + https://github.com/google/kmsan/issues/76 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10732.html + https://www.openwall.com/lists/oss-security/2020/05/06/1 + https://twitter.com/grsecurity/status/1252558055629299712 + https://lore.kernel.org/lkml/CAG48ez1u9=Uqcx2dH=7xea1R+WpnL239DSoVHLwV09=FxZUevQ@mail.gmail.com/#t + https://ubuntu.com/security/notices/USN-4411-1 + https://ubuntu.com/security/notices/USN-4427-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + sbeattie> original report claimed this was introduced in 4206d3aa1978e44f58bfa4e1c9d8d35cbf19c187, but further investigation by Jann Horn makes the case that 91c3dba7dbc1 is where the real problem is introduced. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10736 on Ubuntu 20.04 (focal) - medium. + An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 18:15:00 UTC + 2020-06-22 18:15:00 UTC + Olle Segerdahl + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10736.html + https://ceph.io/releases/v15-2-2-octopus-released/ + https://ubuntu.com/security/notices/USN-4706-1 + + + + mdeslaur> introduced in 15.2.0 mdeslaur> fixed in 15.2.3-0ubuntu0.20.04.1 in focal-updates, but not yet mdeslaur> in security pocket. + + + + + + + + + CVE-2020-10742 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-02 11:15:00 UTC + Jay Shin + https://bugzilla.redhat.com/show_bug.cgi?id=1835127 + https://bugzilla.redhat.com/show_bug.cgi?id=1824270 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10742.html + + + + sbeattie> reproducer in Red Hat bug 1824270. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10745 on Ubuntu 20.04 (focal) - medium. + A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-07 14:15:00 UTC + 2020-07-02 + mdeslaur + Douglas Bagnall + 2020-07-02 + https://bugzilla.samba.org/show_bug.cgi?id=14378 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10745.html + https://ubuntu.com/security/notices/USN-4409-1 + + + + + + + + + + CVE-2020-10751 on Ubuntu 20.04 (focal) - negligible. + A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. Dmitry Vyukov discovered that the SELinux netlink security hook in the Linux kernel did not validate messages in some situations. A privileged attacker could use this to bypass SELinux netlink restrictions. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 15:15:00 UTC + 2020-05-26 15:15:00 UTC + Dmitry Vyukov + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10751.html + https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6 + https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/ + https://www.openwall.com/lists/oss-security/2020/04/30/5 + https://ubuntu.com/security/notices/USN-4391-1 + https://ubuntu.com/security/notices/USN-4389-1 + https://ubuntu.com/security/notices/USN-4390-1 + https://ubuntu.com/security/notices/USN-4412-1 + https://ubuntu.com/security/notices/USN-4413-1 + + + + sbeattie> SELinux specific, not the default LSM in Ubuntu. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10757 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 13:15:00 UTC + 2020-06-04 09:00:00 UTC + Fan Yang + 2020-06-04 09:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10757.html + https://www.openwall.com/lists/oss-security/2020/06/04/4 + https://ubuntu.com/security/notices/USN-4426-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + https://ubuntu.com/security/notices/USN-4483-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10760 on Ubuntu 20.04 (focal) - medium. + A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-06 19:15:00 UTC + 2020-07-02 + mdeslaur + Andrei Popa + 2020-07-02 + https://bugzilla.samba.org/show_bug.cgi?id=14402 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10760.html + https://ubuntu.com/security/notices/USN-4409-1 + + + + mdeslaur> introduced in 4.5 + + + + + + + + + CVE-2020-10761 on Ubuntu 20.04 (focal) - medium. + An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 13:15:00 UTC + 2020-06-09 13:15:00 UTC + mdeslaur + Eric Blake and Xueqiang Wei + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10761.html + https://www.openwall.com/lists/oss-security/2020/06/09/1 + https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html + https://ubuntu.com/security/notices/USN-4467-1 + + + + mdeslaur> introduced in qemu 4.2 + + + + + + + + + CVE-2020-10766 on Ubuntu 20.04 (focal) - medium. + A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 23:15:00 UTC + 2020-06-10 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10766.html + https://www.openwall.com/lists/oss-security/2020/06/10/1 + https://www.theregister.com/2020/06/09/linux_kernel_bugs_spectre + https://ubuntu.com/security/notices/USN-4427-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10767 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 23:15:00 UTC + 2020-06-10 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10767.html + https://www.openwall.com/lists/oss-security/2020/06/10/1 + https://ubuntu.com/security/notices/USN-4427-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10768 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 00:15:00 UTC + 2020-06-10 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10768.html + https://www.openwall.com/lists/oss-security/2020/06/10/1 + https://ubuntu.com/security/notices/USN-4427-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10769 on Ubuntu 20.04 (focal) - medium. + A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-26 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10769.html + https://git.kernel.org/linus/8f9c469348487844328e162db57112f7d347c49f + https://www.openwall.com/lists/oss-security/2020/06/23/1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10773 on Ubuntu 20.04 (focal) - medium. + A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-10 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10773.html + https://bugzilla.redhat.com/show_bug.cgi?id=1846380 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10774 on Ubuntu 20.04 (focal) - medium. + A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10774.html + https://access.redhat.com/security/cve/CVE-2020-10774 + + + + sbeattie> RHEL8 only + + + + + + + + + CVE-2020-10878 on Ubuntu 20.04 (focal) - low. + Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario.] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-05 14:15:00 UTC + 2020-06-01 00:00:00 UTC + Hugo van der Sanden and Slaven Rezic + 2020-06-01 00:00:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10878.html + https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod + https://metacpan.org/pod/release/XSAWYERX/perl-5.30.3/pod/perldelta.pod + https://ubuntu.com/security/notices/USN-4602-1 + https://ubuntu.com/security/notices/USN-4602-2 + + + + amurray| Affects 5.005 to 5.30.2 + + + + + + + + + CVE-2020-10933 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-04 15:15:00 UTC + 2020-05-04 15:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10933.html + https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/ + https://github.com/ruby/ruby/commit/61b7f86248bd121be2e83768be71ef289e8e5b90 + https://ubuntu.com/security/notices/USN-4882-1 + + + + leosilva> vulnerable code introduced in 2.5.0 + + + + + + + + + CVE-2020-10942 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. It was discovered that the vhost net driver in the Linux kernel contained a stack buffer overflow. A local attacker with the ability to perform ioctl() calls on /dev/vhost-net could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 22:15:00 UTC + 2020-03-24 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10942.html + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8 + https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 + https://lkml.org/lkml/2020/2/15/125 + https://ubuntu.com/security/notices/USN-4342-1 + https://ubuntu.com/security/notices/USN-4344-1 + https://ubuntu.com/security/notices/USN-4345-1 + https://ubuntu.com/security/notices/USN-4364-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-10957 on Ubuntu 20.04 (focal) - medium. + In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-18 14:15:00 UTC + 2020-05-18 12:00:00 UTC + mdeslaur + Philippe Antoine + 2020-05-18 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10957.html + https://ubuntu.com/security/notices/USN-4361-1 + + + + amurray| According to upstream, versions from 2.3.0 to 2.3.10 are affected + + + + + + + + + CVE-2020-10958 on Ubuntu 20.04 (focal) - medium. + In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-18 14:15:00 UTC + 2020-05-18 12:00:00 UTC + mdeslaur + Philippe Antoine + 2020-05-18 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10958.html + https://ubuntu.com/security/notices/USN-4361-1 + + + + amurray| According to upstream, versions from 2.3.0 to 2.3.10 are affected + + + + + + + + + CVE-2020-10967 on Ubuntu 20.04 (focal) - medium. + In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-18 15:15:00 UTC + 2020-05-18 12:00:00 UTC + mdeslaur + 2020-05-18 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10967.html + https://ubuntu.com/security/notices/USN-4361-1 + + + + amurray| According to upstream, versions from 2.3.0 to 2.3.10 are affected + + + + + + + + + CVE-2020-11017 on Ubuntu 20.04 (focal) - medium. + In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11017.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c + + + + + + + + + + CVE-2020-11018 on Ubuntu 20.04 (focal) - medium. + In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11018.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw + + + + mdeslaur> same commit as CVE-2020-11017 + + + + + + + + + CVE-2020-11019 on Ubuntu 20.04 (focal) - medium. + In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11019.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh + + + + + + + + + + CVE-2020-11038 on Ubuntu 20.04 (focal) - medium. + In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11038.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g + + + + + + + + + + CVE-2020-11040 on Ubuntu 20.04 (focal) - medium. + In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11040.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr + + + + + + + + + + CVE-2020-11041 on Ubuntu 20.04 (focal) - medium. + In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11041.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w + + + + + + + + + + CVE-2020-11042 on Ubuntu 20.04 (focal) - medium. + In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 19:15:00 UTC + 2020-05-07 19:15:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/6010 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11042.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-11043 on Ubuntu 20.04 (focal) - medium. + In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11043.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84 + + + + + + + + + + CVE-2020-11044 on Ubuntu 20.04 (focal) - medium. + In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 19:15:00 UTC + 2020-05-07 19:15:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/6013 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11044.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w + https://ubuntu.com/security/notices/USN-4379-1 + + + + + + + + + + CVE-2020-11045 on Ubuntu 20.04 (focal) - medium. + In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 19:15:00 UTC + 2020-05-07 19:15:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/6005 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11045.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-11046 on Ubuntu 20.04 (focal) - medium. + In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 19:15:00 UTC + 2020-05-07 19:15:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/6006 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11046.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-11047 on Ubuntu 20.04 (focal) - low. + In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 20:15:00 UTC + 2020-05-07 20:15:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/6009 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11047.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw + https://ubuntu.com/security/notices/USN-4379-1 + + + + + + + + + + CVE-2020-11048 on Ubuntu 20.04 (focal) - medium. + In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-07 20:15:00 UTC + 2020-05-07 20:15:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/6007 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11048.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-11058 on Ubuntu 20.04 (focal) - medium. + In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-12 21:15:00 UTC + 2020-05-12 21:15:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/6011 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11058.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-11085 on Ubuntu 20.04 (focal) - medium. + In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-29 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11085.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf + + + + + + + + + + CVE-2020-11099 on Ubuntu 20.04 (focal) - medium. + In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 22:15:00 UTC + 2020-06-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11099.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h + http://www.freerdp.com/2020/06/22/2_1_2-released + https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a + https://ubuntu.com/security/notices/USN-4481-1 + + + + + + + + + + CVE-2020-11494 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-02 21:15:00 UTC + 2020-04-02 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11494.html + https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ + https://github.com/torvalds/linux/commit/b9258a2cece4ec1f020715fe3554bc2e360f6264 + https://github.com/richiejp/ltp/blob/pty-slcan/testcases/kernel/pty/pty04.c + https://ubuntu.com/security/notices/USN-4363-1 + https://ubuntu.com/security/notices/USN-4364-1 + https://ubuntu.com/security/notices/USN-4369-1 + https://ubuntu.com/security/notices/USN-4368-1 + https://usn.ubuntu.com/lsn/0067-1/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-11521 on Ubuntu 20.04 (focal) - low. + libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 17:15:00 UTC + 2020-05-15 17:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11521.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w + https://github.com/FreeRDP/FreeRDP/commits/master + https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-11522 on Ubuntu 20.04 (focal) - low. + libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 17:15:00 UTC + 2020-05-15 17:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11522.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh + https://github.com/FreeRDP/FreeRDP/commits/master + https://pub.freerdp.com/cve/CVE-2020-11522/pocAnalysis_5.pdf + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-11523 on Ubuntu 20.04 (focal) - low. + libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 17:15:00 UTC + 2020-05-15 17:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11523.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 + https://github.com/FreeRDP/FreeRDP/commits/master + https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-11524 on Ubuntu 20.04 (focal) - low. + libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 17:15:00 UTC + 2020-05-15 17:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11524.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw + https://github.com/FreeRDP/FreeRDP/commits/master + https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf + https://ubuntu.com/security/notices/USN-4379-1 + + + + + + + + + + CVE-2020-11525 on Ubuntu 20.04 (focal) - low. + libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 17:15:00 UTC + 2020-05-15 17:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11525.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg + https://github.com/FreeRDP/FreeRDP/commits/master + https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c + https://pub.freerdp.com/cve/CVE-2020-11525/pocAnalysis_1.pdf + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-11526 on Ubuntu 20.04 (focal) - low. + libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 17:15:00 UTC + 2020-05-15 17:15:00 UTC + mdeslaur + https://github.com/FreeRDP/FreeRDP/issues/6012 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11526.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-11565 on Ubuntu 20.04 (focal) - medium. + ** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”. It was discovered that the linux kernel did not properly validate certain mount options to the tmpfs virtual memory file system. A local attacker with the ability to specify mount options could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-06 01:15:00 UTC + 2020-04-06 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11565.html + https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd + https://github.com/torvalds/linux/commit/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd + https://ubuntu.com/security/notices/USN-4363-1 + https://ubuntu.com/security/notices/USN-4364-1 + https://ubuntu.com/security/notices/USN-4369-1 + https://ubuntu.com/security/notices/USN-4368-1 + https://ubuntu.com/security/notices/USN-4367-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-11608 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. It was discovered that the OV51x USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-07 14:15:00 UTC + 2020-04-07 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11608.html + https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=998912346c0da53a6dbb71fab3a138586b596b30 + https://github.com/torvalds/linux/commit/998912346c0da53a6dbb71fab3a138586b596b30 + https://ubuntu.com/security/notices/USN-4345-1 + https://ubuntu.com/security/notices/USN-4364-1 + https://ubuntu.com/security/notices/USN-4369-1 + https://ubuntu.com/security/notices/USN-4368-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-11609 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. It was discovered that the STV06XX USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-07 17:15:00 UTC + 2020-04-07 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11609.html + https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205 + https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205 + https://ubuntu.com/security/notices/USN-4345-1 + https://ubuntu.com/security/notices/USN-4364-1 + https://ubuntu.com/security/notices/USN-4369-1 + https://ubuntu.com/security/notices/USN-4368-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-11668 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. It was discovered that the Xirlink C-It USB Camera device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-09 21:15:00 UTC + 2020-04-09 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11668.html + https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 + https://github.com/torvalds/linux/commit/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 + https://ubuntu.com/security/notices/USN-4345-1 + https://ubuntu.com/security/notices/USN-4364-1 + https://ubuntu.com/security/notices/USN-4369-1 + https://ubuntu.com/security/notices/USN-4368-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-11669 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. David Gibson discovered that the Linux kernel on Power9 CPUs did not properly save and restore Authority Mask registers state in some situations. A local attacker in a guest VM could use this to cause a denial of service (host system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-10 15:15:00 UTC + 2020-04-10 15:15:00 UTC + David Gibson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11669.html + https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=53a712bae5dd919521a58d7bad773b949358add0 + https://github.com/torvalds/linux/commit/53a712bae5dd919521a58d7bad773b949358add0 + https://www.openwall.com/lists/oss-security/2020/04/15/1 + https://ubuntu.com/security/notices/USN-4363-1 + https://ubuntu.com/security/notices/USN-4368-1 + + + + cascardo> The announcement on oss-sec mentions 4.10 as the first affected kernel. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-11736 on Ubuntu 20.04 (focal) - medium. + fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-13 19:15:00 UTC + 2020-04-13 19:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956638 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11736.html + https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 + https://ubuntu.com/security/notices/USN-4332-1 + https://ubuntu.com/security/notices/USN-4332-2 + + + + + + + + + + CVE-2020-11758 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 23:15:00 UTC + 2020-04-14 23:15:00 UTC + mdeslaur + Samuel Groß + https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11758.html + https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 + https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + + + + + + + CVE-2020-11759 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 23:15:00 UTC + 2020-04-14 23:15:00 UTC + mdeslaur + Samuel Groß + https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11759.html + https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 + https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + mdeslaur> can't locate changes to readSampleCountForLineBlock, need to mdeslaur> check if list of commits is complete + + + + + + + + + CVE-2020-11760 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 23:15:00 UTC + 2020-04-14 23:15:00 UTC + mdeslaur + Samuel Groß + https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11760.html + https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 + https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + + + + + + + CVE-2020-11761 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 23:15:00 UTC + 2020-04-14 23:15:00 UTC + mdeslaur + Samuel Groß + https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11761.html + https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 + https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + mdeslaur> need to check if commit is the right one + + + + + + + + + CVE-2020-11762 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 23:15:00 UTC + 2020-04-14 23:15:00 UTC + mdeslaur + Samuel Groß + https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11762.html + https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 + https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + mdeslaur> need to check if commits are the right ones + + + + + + + + + CVE-2020-11763 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 23:15:00 UTC + 2020-04-14 23:15:00 UTC + mdeslaur + Samuel Groß + https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11763.html + https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 + https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + + + + + + + CVE-2020-11764 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 23:15:00 UTC + 2020-04-14 23:15:00 UTC + mdeslaur + Samuel Groß + https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11764.html + https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 + https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + mdeslaur> need to check if commits are the right ones + + + + + + + + + CVE-2020-11765 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-14 23:15:00 UTC + 2020-04-14 23:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11765.html + https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 + https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 + https://ubuntu.com/security/notices/USN-4339-1 + + + + mdeslaur> possibly same commits as CVE-2020-11762, need to check + + + + + + + + + CVE-2020-11810 on Ubuntu 20.04 (focal) - low. + An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 15:15:00 UTC + 2020-04-27 15:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11810.html + https://ubuntu.com/security/notices/USN-4933-1 + + + + + + + + + + CVE-2020-11869 on Ubuntu 20.04 (focal) - medium. + An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-27 19:15:00 UTC + 2020-04-27 19:15:00 UTC + mdeslaur + Ziming Zhang + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11869.html + https://www.openwall.com/lists/oss-security/2020/04/24/2 + https://ubuntu.com/security/notices/USN-4372-1 + + + + + + + + + + CVE-2020-11884 on Ubuntu 20.04 (focal) - high. + In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-04-29 13:15:00 UTC + 2020-04-28 18:00:00 UTC + kernel-sec + Al Viro + 2020-04-28 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11884.html + https://ubuntu.com/security/notices/USN-4342-1 + https://ubuntu.com/security/notices/USN-4343-1 + https://ubuntu.com/security/notices/USN-4345-1 + + + + sbeattie> this issue only affects s390 kernels + + + + + + + + + + + + + CVE-2020-11931 on Ubuntu 20.04 (focal) - medium. + An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 04:15:00 UTC + 2020-04-16 + jdstrand + jamesh + https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1877102 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11931.html + https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3 + https://ubuntu.com/security/notices/USN-4355-1 + + + + jdstrand> semi-public on 2020-04-16 jdstrand> the snap policy module is not included upstream and currently only exists in Ubuntu. This module was added in 1:12.2-0ubuntu2 in 18.10. jdstrand> pulseaudio 1:8.0-0ubuntu3.11 on 16.04 LTS added enforcing mediation jdstrand> pulseaudio 1:11.1-1ubuntu7.5 on 18.04 LTS added enforcing mediation jdstrand> initial CVSS calculation: attackVector: local, attackComplexity: low priviliegesRequired: low, userInteraction: none, scope: unchanged, confidentialityImpact: low, integrityImpact: none, availabilityImpact: none + + + + + + + + + CVE-2020-11934 on Ubuntu 20.04 (focal) - medium. + It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2. It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL. This issue did not affect Ubuntu Core systems. (CVE-2020-11934) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-29 17:15:00 UTC + 2020-07-15 12:00:00 + emitorino + James Henstridge + 2020-07-15 12:00:00 + https://bugs.launchpad.net/snapd/+bug/1880085 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11934.html + https://ubuntu.com/security/notices/USN-4424-1 + + + + emitorino> Since the vulnerability is present on the userd's OpenURL implementation, it only affects classic distros where userd is auto-started. emitorino> Since userd cannot be auto-started on Ubuntu Core 16, Ubuntu Core 18 or Ubuntu Core 20 (for various reasons depending on the release), then Ubuntu Core is not affected. emitorino> Even if userd happened to start (eg, the user started it manually on UC20) there is no implicitOnCore policy that allows communicating with io.snapcraft.Launcher (or the older com.canonical.SafeLauncher). emitorino> The dbus interface can't be used (with either plugs or slots) to communicate with userd. emitorino> /usr/bin/xdg-open on the boot file system of an Ubuntu Core system is different to Classic: it is the sandbox proxy that calls back into userd. Even if a session bus is running and a confined app could call userd, userd will report an error because the caller is not confined + + + + + + + + + CVE-2020-11936 on Ubuntu 20.04 (focal) - medium. + gdbus setgid privilege escalation + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-04 17:00:00 UTC + 2020-08-04 17:00:00 UTC + mdeslaur + Ryota Shiga + 2020-08-04 17:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1885633 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11936.html + https://ubuntu.com/security/notices/USN-4449-1 + https://ubuntu.com/security/notices/USN-4449-2 + + + + + + + + + + CVE-2020-11937 on Ubuntu 20.04 (focal) - medium. + In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-06 23:15:00 UTC + 2020-06-11 + mdeslaur + Seong-Joong Kim + https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1881982 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11937.html + https://github.com/sungjungk/whoopsie_killer + https://ubuntu.com/security/notices/USN-4450-1 + + + + + + + + + + CVE-2020-11945 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-23 15:15:00 UTC + 2020-04-23 15:15:00 UTC + mdeslaur + Clément Berthaux and Florian Guilbert + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11945.html + http://www.squid-cache.org/Advisories/SQUID-2020_4.txt + https://ubuntu.com/security/notices/USN-4356-1 + + + + + + + + + + CVE-2020-11958 on Ubuntu 20.04 (focal) - medium. + re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-21 01:15:00 UTC + 2020-04-21 01:15:00 UTC + leosilva + Agostino Sarubbo + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11958.html + http://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/ + https://ubuntu.com/security/notices/USN-4338-1 + https://ubuntu.com/security/notices/USN-4338-2 + + + + leosilva> introduced by 1.2 by leosilva> https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192 + + + + + + + + + CVE-2020-11993 on Ubuntu 20.04 (focal) - medium. + Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-07 16:15:00 UTC + 2020-08-07 16:15:00 UTC + mdeslaur + Felix Wilhelm + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-11993.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 + https://www.openwall.com/lists/oss-security/2020/08/07/3 + https://ubuntu.com/security/notices/USN-4458-1 + + + + + + + + + + CVE-2020-12049 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-08 17:15:00 UTC + 2020-06-08 17:15:00 UTC + mdeslaur + Kevin Backhouse + https://gitlab.freedesktop.org/dbus/dbus/-/issues/294 + https://gitlab.freedesktop.org/dbus/dbus/-/issues/304 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12049.html + https://ubuntu.com/security/notices/USN-4398-1 + https://ubuntu.com/security/notices/USN-4398-2 + + + + + + + + + + CVE-2020-12062 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances." + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-06-01 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12062.html + https://www.openssh.com/txt/release-8.3 + https://www.openwall.com/lists/oss-security/2020/05/27/1 + + + + seth-arnold> openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. mdeslaur> this issue has been disputed as being a security issue, we will mdeslaur> not be fixing this issue in Ubuntu. + + + + + + + + + + + + CVE-2020-12100 on Ubuntu 20.04 (focal) - medium. + In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-12 16:15:00 UTC + 2020-08-12 12:00:00 UTC + mdeslaur + 2020-08-12 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12100.html + https://ubuntu.com/security/notices/USN-4456-1 + https://ubuntu.com/security/notices/USN-4456-2 + + + + leosilva> marking precise as ignored since we won't fix it leosilva> version in that release is quite old and the backports leosilva> could possibly cause serious regressions. + + + + + + + + + CVE-2020-12114 on Ubuntu 20.04 (focal) - medium. + A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. Piotr Krysiuk discovered that race conditions existed in the file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-04 12:15:00 UTC + 2020-05-04 12:15:00 UTC + Piotr Krysiuk + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12114.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4edbe133f851c9e3a2f2a1db367e826b01e72594 + https://www.openwall.com/lists/oss-security/2020/05/04/2 + https://ubuntu.com/security/notices/USN-4391-1 + https://ubuntu.com/security/notices/USN-4392-1 + https://ubuntu.com/security/notices/USN-4387-1 + https://ubuntu.com/security/notices/USN-4389-1 + https://ubuntu.com/security/notices/USN-4390-1 + https://ubuntu.com/security/notices/USN-4388-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12243 on Ubuntu 20.04 (focal) - medium. + In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-28 19:15:00 UTC + 2020-04-28 19:15:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9202 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12243.html + https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/FUOYA6YCHBXMLANBJMSO22JD2NB22WGC/ + https://ubuntu.com/security/notices/USN-4352-1 + https://ubuntu.com/security/notices/USN-4352-2 + + + + + + + + + + CVE-2020-12284 on Ubuntu 20.04 (focal) - medium. + cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-28 06:15:00 UTC + 2020-04-28 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12284.html + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 + https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726 + https://ubuntu.com/security/notices/USN-4431-1 + + + + + + + + + + CVE-2020-12351 on Ubuntu 20.04 (focal) - high. + Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 17:15:00 UTC + 2020-10-14 00:00:00 UTC + Andy Nguyen + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12351.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html + https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq + https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/ + https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?h=for-upstream&id=f19425641cb2572a33cb074d5e30283720bd4d22 + https://ubuntu.com/security/notices/USN-4592-1 + https://ubuntu.com/security/notices/USN-4591-1 + + + + sbeattie> introduced in 4.8 cycle + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12352 on Ubuntu 20.04 (focal) - medium. + Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 17:15:00 UTC + 2020-10-14 00:00:00 UTC + Andy Nguyen + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12352.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html + https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq + https://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/ + https://git.kernel.org/linus/eddb7732119d53400f48a02536a84c509692faa8 + https://ubuntu.com/security/notices/USN-4592-1 + https://ubuntu.com/security/notices/USN-4591-1 + https://ubuntu.com/security/notices/USN-4657-1 + + + + sbeattie> introduced in 3.6 + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12397 on Ubuntu 20.04 (focal) - low. + By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-22 19:15:00 UTC + 2020-05-07 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12397.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397 + https://ubuntu.com/security/notices/USN-4373-1 + + + + + + + + + + CVE-2020-12398 on Ubuntu 20.04 (focal) - medium. + If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-06-09 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12398.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398 + https://ubuntu.com/security/notices/USN-4421-1 + + + + + + + + + + CVE-2020-12399 on Ubuntu 20.04 (focal) - medium. + NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-05-26 00:00:00 UTC + Cesar Pereida Garcia + https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 (private) + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12399.html + https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.4_release_notes + https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.52.1_release_notes + https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12399 + https://ubuntu.com/security/notices/USN-4383-1 + https://ubuntu.com/security/notices/USN-4397-1 + https://ubuntu.com/security/notices/USN-4397-2 + https://ubuntu.com/security/notices/USN-4421-1 + + + + + + + + + + + + + + CVE-2020-12400 on Ubuntu 20.04 (focal) - medium. + When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-08 14:15:00 UTC + 2020-08-05 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12400.html + https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes + https://ubuntu.com/security/notices/USN-4455-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400 + https://ubuntu.com/security/notices/USN-4474-1 + + + + + + + + + + + + + CVE-2020-12401 on Ubuntu 20.04 (focal) - medium. + During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-08 14:15:00 UTC + 2020-08-05 00:00:00 UTC + https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12401.html + https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes + https://ubuntu.com/security/notices/USN-4455-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401 + https://ubuntu.com/security/notices/USN-4474-1 + + + + + + + + + + + + + CVE-2020-12402 on Ubuntu 20.04 (focal) - medium. + During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + 2020-06-19 00:00:00 UTC + mdeslaur + Cesar Pereida, Billy Bob Brumley, Yuval Yarom, Nicola Tuveri + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152 + https://bugzilla.mozilla.org/show_bug.cgi?id=1631597 (private) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12402.html + https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53.1_release_notes + https://ubuntu.com/security/notices/USN-4417-1 + https://ubuntu.com/security/notices/USN-4417-2 + + + + + + + + + + CVE-2020-12403 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-27 19:15:00 UTC + 2020-08-18 03:55:00 UTC + leosilva + https://bugzilla.mozilla.org/show_bug.cgi?id=1636771 (private) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12403.html + https://access.redhat.com/security/cve/CVE-2020-12403 + https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes + https://ubuntu.com/security/notices/USN-4476-1 + + + + + + + + + + CVE-2020-12412 on Ubuntu 20.04 (focal) - medium. + By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-09 15:15:00 UTC + chrisccoulson + https://bugzilla.mozilla.org/show_bug.cgi?id=1528587 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12412.html + https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2020-12412 + https://www.mozilla.org/security/advisories/mfsa2019-34/ + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + CVE-2020-12430 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-28 20:15:00 UTC + 2020-04-28 20:15:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1804548 + https://bugzilla.redhat.com/show_bug.cgi?id=1828190 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12430.html + https://ubuntu.com/security/notices/USN-4371-1 + + + + mdeslaur> lp-1868539-qemuDomainGetStatsIOThread-Don-t-leak-array-with-0-i.patch mdeslaur> in focal/groovy + + + + + + + + + CVE-2020-12464 on Ubuntu 20.04 (focal) - medium. + usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. It was discovered that the USB susbsystem's scatter-gather implementation in the Linux kernel did not properly take data references in some situations, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-29 18:15:00 UTC + 2020-04-29 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12464.html + https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3) + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b + https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b + https://lkml.org/lkml/2020/3/23/52 + https://patchwork.kernel.org/patch/11463781/ + https://ubuntu.com/security/notices/USN-4391-1 + https://ubuntu.com/security/notices/USN-4387-1 + https://ubuntu.com/security/notices/USN-4389-1 + https://ubuntu.com/security/notices/USN-4390-1 + https://ubuntu.com/security/notices/USN-4388-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12465 on Ubuntu 20.04 (focal) - medium. + An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-29 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12465.html + https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6) + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2 + https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12652 on Ubuntu 20.04 (focal) - low. + The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-05 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12652.html + https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7) + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28d76df18f0ad5bcf5fa48510b225f0ed262a99b + https://github.com/torvalds/linux/commit/28d76df18f0ad5bcf5fa48510b225f0ed262a99b + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12653 on Ubuntu 20.04 (focal) - medium. + An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-05 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12653.html + https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1) + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d + https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12654 on Ubuntu 20.04 (focal) - high. + An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could possibly result in arbitrary code execution. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-05-05 05:15:00 UTC + 2020-05-05 05:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12654.html + https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1) + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a9b153c5591548612c3955c9600a98150c81875 + https://github.com/torvalds/linux/commit/3a9b153c5591548612c3955c9600a98150c81875 + https://ubuntu.com/security/notices/USN-4392-1 + https://ubuntu.com/security/notices/USN-4393-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12655 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-05 06:15:00 UTC + 2020-05-05 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12655.html + https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1) + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0c7feaf87678371c2c09b3709400be416b2dc62 + https://github.com/torvalds/linux/commit/d0c7feaf87678371c2c09b3709400be416b2dc62 + https://lore.kernel.org/linux-xfs/20200221153803.GP9506@magnolia/ + https://ubuntu.com/security/notices/USN-4465-1 + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12656 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug. It was discovered that the Kerberos SUNRPC GSS implementation in the Linux kernel did not properly deallocate memory on module unload. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-05-05 06:15:00 UTC + 2020-05-05 06:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12656.html + https://bugzilla.kernel.org/show_bug.cgi?id=206651 + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + sbeattie> upstream generally treats module unload as an unsafe operation, which may explain a lack of progress in addressing the issue. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12657 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. It was discovered that the block layer in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-05 07:15:00 UTC + 2020-05-05 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12657.html + https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1) + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 + https://github.com/torvalds/linux/commit/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 + https://patchwork.kernel.org/patch/11447049/ + https://ubuntu.com/security/notices/USN-4363-1 + https://ubuntu.com/security/notices/USN-4369-1 + https://ubuntu.com/security/notices/USN-4368-1 + https://ubuntu.com/security/notices/USN-4367-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12659 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. Bui Quang Minh discovered that the XDP socket implementation in the Linux kernel did not properly validate meta-data passed from user space, leading to an out-of-bounds write vulnerability. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-05 07:15:00 UTC + 2020-05-05 07:15:00 UTC + Bui Quang Minh + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12659.html + https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2) + https://bugzilla.kernel.org/show_bug.cgi?id=207225 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.7 + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99e3a236dd43d06c65af0a2ef9cb44306aef6e02 + https://github.com/torvalds/linux/commit/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 + https://ubuntu.com/security/notices/USN-4387-1 + https://ubuntu.com/security/notices/USN-4389-1 + https://ubuntu.com/security/notices/USN-4388-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12673 on Ubuntu 20.04 (focal) - medium. + In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-12 16:15:00 UTC + 2020-08-12 12:00:00 UTC + mdeslaur + 2020-08-12 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12673.html + https://ubuntu.com/security/notices/USN-4456-1 + https://ubuntu.com/security/notices/USN-4456-2 + + + + leosilva> marking precise as ignored since we won't fix it leosilva> version in that release is quite old and the backports leosilva> could possibly cause serious regressions. + + + + + + + + + CVE-2020-12674 on Ubuntu 20.04 (focal) - medium. + In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-12 16:15:00 UTC + 2020-08-12 12:00:00 UTC + mdeslaur + 2020-08-12 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12674.html + https://ubuntu.com/security/notices/USN-4456-1 + https://ubuntu.com/security/notices/USN-4456-2 + + + + leosilva> marking precise as ignored since we won't fix it leosilva> version in that release is quite old and the backports leosilva> could possibly cause serious regressions. + + + + + + + + + CVE-2020-12723 on Ubuntu 20.04 (focal) - low. + regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario.] + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-05 15:15:00 UTC + 2020-06-01 00:00:00 UTC + Sergey Aleynikov + 2020-06-01 00:00:00 UTC + https://github.com/Perl/perl5/issues/16947 + https://github.com/Perl/perl5/issues/17743 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962005 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12723.html + https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod + https://metacpan.org/pod/release/XSAWYERX/perl-5.30.3/pod/perldelta.pod + https://ubuntu.com/security/notices/USN-4602-1 + https://ubuntu.com/security/notices/USN-4602-2 + + + + amurray| Affects 5.10.0 to 5.30.2 + + + + + + + + + CVE-2020-12762 on Ubuntu 20.04 (focal) - medium. + json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-09 18:15:00 UTC + 2020-05-09 18:15:00 UTC + leosilva + https://bugs.launchpad.net/ubuntu/+source/json-c/+bug/1878723 (regression) + https://github.com/json-c/json-c/issues/599 (regression) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12762.html + https://github.com/json-c/json-c/pull/592 + https://ubuntu.com/security/notices/USN-4360-1 + https://ubuntu.com/security/notices/USN-4360-4 + + + + mdeslaur> USN-4360-1 introduced a regression and the problematic fix was mdeslaur> backed out in USN-4360-2 and USN-4360-3 pending further mdeslaur> investigation. + + + + + + + + + CVE-2020-12767 on Ubuntu 20.04 (focal) - medium. + exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-09 21:15:00 UTC + 2020-05-09 21:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960199 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12767.html + https://github.com/libexif/libexif/issues/31 + https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da72 + https://ubuntu.com/security/notices/USN-4358-1 + + + + + + + + + + CVE-2020-12768 on Ubuntu 20.04 (focal) - negligible. + ** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will. It was discovered that the KVM implementation in the Linux kernel did not properly deallocate memory on initialization for some processors. A local attacker could possibly use this to cause a denial of service. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-05-09 21:15:00 UTC + 2020-05-09 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12768.html + https://git.kernel.org/linus/d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 (5.6-rc4) + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 + https://ubuntu.com/security/notices/USN-4411-1 + https://ubuntu.com/security/notices/USN-4412-1 + https://ubuntu.com/security/notices/USN-4413-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12769 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. It was discovered that the DesignWare SPI controller driver in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-09 21:15:00 UTC + 2020-05-09 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12769.html + https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6) + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d + https://lkml.org/lkml/2020/2/3/559 + https://ubuntu.com/security/notices/USN-4391-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12770 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-09 21:15:00 UTC + 2020-05-09 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12770.html + https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3) + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee + https://lkml.org/lkml/2020/4/13/870 + https://ubuntu.com/security/notices/USN-4411-1 + https://ubuntu.com/security/notices/USN-4412-1 + https://ubuntu.com/security/notices/USN-4413-1 + https://ubuntu.com/security/notices/USN-4414-1 + https://ubuntu.com/security/notices/USN-4419-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12771 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-09 21:15:00 UTC + 2020-05-09 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12771.html + https://lkml.org/lkml/2020/4/26/87 + https://git.kernel.org/pub/scm/linux/kernel/git/colyli/bcache-patches.git/tree/for-test/0001-bcache-fix-potential-deadlock-problem-in-btree_gc_co.patch + https://lore.kernel.org/lkml/8a6f5fe3-33f9-48e2-e347-05781c3295fd@huawei.com/ + https://ubuntu.com/security/notices/USN-4462-1 + https://ubuntu.com/security/notices/USN-4463-1 + https://ubuntu.com/security/notices/USN-4465-1 + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12783 on Ubuntu 20.04 (focal) - medium. + Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-11 14:15:00 UTC + 2020-05-11 14:15:00 UTC + leosilva + https://bugs.exim.org/show_bug.cgi?id=2571 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12783.html + https://ubuntu.com/security/notices/USN-4366-1 + + + + + + + + + + CVE-2020-12826 on Ubuntu 20.04 (focal) - medium. + A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. It was discovered that the exit signaling implementation in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (arbitrary application crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-12 19:15:00 UTC + 2020-05-12 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12826.html + https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da + https://bugzilla.redhat.com/show_bug.cgi?id=1822077 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5 + https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef + https://lists.openwall.net/linux-kernel/2020/03/24/1803 + https://www.openwall.com/lists/kernel-hardening/2020/03/25/1 + https://ubuntu.com/security/notices/USN-4367-1 + https://ubuntu.com/security/notices/USN-4369-1 + https://ubuntu.com/security/notices/USN-4391-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-12861 on Ubuntu 20.04 (focal) - medium. + A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-24 13:15:00 UTC + 2020-06-24 13:15:00 UTC + mdeslaur + https://gitlab.com/sane-project/backends/-/issues/279 + https://gitlab.com/sane-project/backends/-/issues/279#issue-3-ghsl-2020-080-heap-buffer-overflow-in-epsonds_net_read + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12861.html + https://gitlab.com/sane-project/backends/-/releases/1.0.30 + https://gitlab.com/sane-project/backends/-/merge_requests/500 + https://ubuntu.com/security/notices/USN-4470-1 + + + + + + + + + + CVE-2020-12862 on Ubuntu 20.04 (focal) - low. + An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-24 13:15:00 UTC + 2020-06-24 13:15:00 UTC + mdeslaur + https://gitlab.com/sane-project/backends/-/issues/279 + https://gitlab.com/sane-project/backends/-/issues/279#issue-5-ghsl-2020-082-out-of-bounds-read-in-decode_binary + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12862.html + https://gitlab.com/sane-project/backends/-/releases/1.0.30 + https://ubuntu.com/security/notices/USN-4470-1 + + + + + + + + + + CVE-2020-12863 on Ubuntu 20.04 (focal) - low. + An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-24 13:15:00 UTC + 2020-06-24 13:15:00 UTC + mdeslaur + https://gitlab.com/sane-project/backends/-/issues/279 + https://gitlab.com/sane-project/backends/-/issues/279#issue-7-ghsl-2020-083-out-of-bounds-read-in-esci2_check_header + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12863.html + https://gitlab.com/sane-project/backends/-/releases/1.0.30 + https://ubuntu.com/security/notices/USN-4470-1 + + + + + + + + + + CVE-2020-12864 on Ubuntu 20.04 (focal) - low. + An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-24 13:15:00 UTC + 2020-06-24 13:15:00 UTC + mdeslaur + https://gitlab.com/sane-project/backends/-/issues/279 + https://gitlab.com/sane-project/backends/-/issues/279#issue-4-ghsl-2020-081-reading-uninitialized-data-in-epsonds_net_read + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12864.html + https://gitlab.com/sane-project/backends/-/releases/1.0.30 + https://ubuntu.com/security/notices/USN-4470-1 + + + + + + + + + + CVE-2020-12865 on Ubuntu 20.04 (focal) - medium. + A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-24 13:15:00 UTC + 2020-06-24 13:15:00 UTC + mdeslaur + https://gitlab.com/sane-project/backends/-/issues/279 + https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12865.html + https://gitlab.com/sane-project/backends/-/releases/1.0.30 + https://ubuntu.com/security/notices/USN-4470-1 + + + + + + + + + + CVE-2020-12866 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-24 13:15:00 UTC + 2020-06-24 13:15:00 UTC + mdeslaur + https://gitlab.com/sane-project/backends/-/issues/279 + https://gitlab.com/sane-project/backends/-/issues/279#issue-2-ghsl-2020-079-null-pointer-dereference-in-epsonds_net_read + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12866.html + https://gitlab.com/sane-project/backends/-/releases/1.0.30 + https://ubuntu.com/security/notices/USN-4470-1 + + + + + + + + + + CVE-2020-12867 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-01 14:15:00 UTC + 2020-06-01 14:15:00 UTC + mdeslaur + https://gitlab.com/sane-project/backends/-/issues/279 + https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12867.html + https://gitlab.com/sane-project/backends/-/releases/1.0.30 + https://ubuntu.com/security/notices/USN-4470-1 + + + + + + + + + + CVE-2020-12912 on Ubuntu 20.04 (focal) - low. + A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. It was discovered that the AMD Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-12 20:15:00 UTC + 2020-11-12 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12912.html + https://lore.kernel.org/stable/238e3cf7-582f-a265-5300-9b44948107b0@roeck-us.net/T/#ma48754bff34127867149bf466fc2f9c2deea3960 + https://bugzilla.redhat.com/show_bug.cgi?id=1897402 + https://support.lenovo.com/lu/uk/product_security/LEN-50481 + https://www.amd.com/en/corporate/product-security + https://ubuntu.com/security/notices/USN-4678-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-13112 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-21 16:15:00 UTC + 2020-05-21 16:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961407 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13112.html + https://ubuntu.com/security/notices/USN-4396-1 + + + + + + + + + + CVE-2020-13113 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-21 17:15:00 UTC + 2020-05-21 17:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961409 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13113.html + https://ubuntu.com/security/notices/USN-4396-1 + + + + + + + + + + CVE-2020-13114 on Ubuntu 20.04 (focal) - low. + An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-21 16:15:00 UTC + 2020-05-21 16:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961410 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13114.html + https://ubuntu.com/security/notices/USN-4396-1 + + + + + + + + + + CVE-2020-13143 on Ubuntu 20.04 (focal) - low. + gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-18 18:15:00 UTC + 2020-05-18 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13143.html + https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f + https://www.spinics.net/lists/linux-usb/msg194331.html + https://ubuntu.com/security/notices/USN-4411-1 + https://ubuntu.com/security/notices/USN-4412-1 + https://ubuntu.com/security/notices/USN-4413-1 + https://ubuntu.com/security/notices/USN-4414-1 + https://ubuntu.com/security/notices/USN-4419-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-13253 on Ubuntu 20.04 (focal) - low. + sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-27 15:15:00 UTC + 2020-05-27 15:15:00 UTC + mdeslaur + https://bugs.launchpad.net/qemu/+bug/1880822 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961297 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13253.html + https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html + https://ubuntu.com/security/notices/USN-4467-1 + https://ubuntu.com/security/notices/USN-4467-2 + + + + + + + + + + CVE-2020-13254 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-03 14:15:00 UTC + 2020-06-03 10:00:00 UTC + mdeslaur + 2020-06-03 10:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13254.html + https://ubuntu.com/security/notices/USN-4381-1 + https://ubuntu.com/security/notices/USN-4381-2 + + + + + + + + + + CVE-2020-13361 on Ubuntu 20.04 (focal) - low. + In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-28 14:15:00 UTC + 2020-05-28 14:15:00 UTC + mdeslaur + Ren Ding, Hanqing Zhao + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13361.html + https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html + http://www.openwall.com/lists/oss-security/2020/05/28/1 + https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html + https://ubuntu.com/security/notices/USN-4467-1 + https://ubuntu.com/security/notices/USN-4467-2 + + + + + + + + + + CVE-2020-13362 on Ubuntu 20.04 (focal) - low. + In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-28 15:15:00 UTC + 2020-05-28 15:15:00 UTC + mdeslaur + Ren Ding, Hanqing Zhao, Alexander Bulekov + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961887 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13362.html + https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html + http://www.openwall.com/lists/oss-security/2020/05/28/2 + https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html + https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html + https://ubuntu.com/security/notices/USN-4467-1 + https://ubuntu.com/security/notices/USN-4467-2 + + + + + + + + + + CVE-2020-13396 on Ubuntu 20.04 (focal) - low. + An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-22 18:15:00 UTC + 2020-05-22 18:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13396.html + https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 + https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-13397 on Ubuntu 20.04 (focal) - low. + An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-22 18:15:00 UTC + 2020-05-22 18:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13397.html + https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 + https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-13398 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-22 18:15:00 UTC + 2020-05-22 18:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13398.html + https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 + https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 + https://ubuntu.com/security/notices/USN-4379-1 + https://ubuntu.com/security/notices/USN-4382-1 + https://ubuntu.com/security/notices/USN-4382-2 + + + + + + + + + + CVE-2020-13434 on Ubuntu 20.04 (focal) - medium. + SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-24 22:15:00 UTC + 2020-05-24 22:15:00 UTC + mdeslaur + https://www.sqlite.org/src/info/23439ea582241138 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13434.html + https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html + https://ubuntu.com/security/notices/USN-4394-1 + + + + leosilva> printf function support was added in 3.8.3 by commit leosilva> https://github.com/sqlite/sqlite/commit/a5c1416d64b4b857721f085258b6ef1dcaeb6f5b + + + + + + + + + CVE-2020-13435 on Ubuntu 20.04 (focal) - medium. + SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-24 22:15:00 UTC + 2020-05-24 22:15:00 UTC + mdeslaur + https://www.sqlite.org/src/info/7a5279a25c57adf1 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13435.html + https://ubuntu.com/security/notices/USN-4394-1 + + + + + + + + + + CVE-2020-13596 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-03 14:15:00 UTC + 2020-06-03 10:00:00 UTC + mdeslaur + 2020-06-03 10:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13596.html + https://ubuntu.com/security/notices/USN-4381-1 + https://ubuntu.com/security/notices/USN-4381-2 + + + + + + + + + + CVE-2020-13630 on Ubuntu 20.04 (focal) - medium. + ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-27 15:15:00 UTC + 2020-05-27 15:15:00 UTC + mdeslaur + https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13630.html + https://ubuntu.com/security/notices/USN-4394-1 + + + + jdstrand> full text search (FTS) not present in sqlite 2 + + + + + + + + + CVE-2020-13631 on Ubuntu 20.04 (focal) - low. + SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-27 15:15:00 UTC + 2020-05-27 15:15:00 UTC + mdeslaur + https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13631.html + https://ubuntu.com/security/notices/USN-4394-1 + + + + mdeslaur> The code changes required to backport the fix for this issue to mdeslaur> older versions of SQLite shipped in Ubuntu stable releases is mdeslaur> subtantial and may introduce regressions. Due to the low mdeslaur> severity of this issue, we will not be releasing a fix for mdeslaur> Ubuntu 18.04 LTS and earlier. Marking as ignored. + + + + + + + + + + + + CVE-2020-13632 on Ubuntu 20.04 (focal) - medium. + ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-27 15:15:00 UTC + 2020-05-27 15:15:00 UTC + mdeslaur + https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13632.html + https://ubuntu.com/security/notices/USN-4394-1 + + + + jdstrand> full text search (FTS) not present in sqlite 2 + + + + + + + + + CVE-2020-13645 on Ubuntu 20.04 (focal) - medium. + In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-28 12:15:00 UTC + 2020-05-28 12:15:00 UTC + amurray + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961756 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961792 + https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135 + https://gitlab.gnome.org/GNOME/balsa/-/issues/34 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13645.html + https://ubuntu.com/security/notices/USN-4405-1 + + + + mdeslaur> fixing this issue in glib-networking will require fixing mdeslaur> balsa too + + + + + + + + + + + + CVE-2020-13659 on Ubuntu 20.04 (focal) - low. + address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-02 13:15:00 UTC + 2020-06-02 13:15:00 UTC + mdeslaur + Alexander Bulekov + https://bugs.launchpad.net/qemu/+bug/1878259 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13659.html + https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html + https://ubuntu.com/security/notices/USN-4467-1 + https://ubuntu.com/security/notices/USN-4467-2 + + + + + + + + + + CVE-2020-13754 on Ubuntu 20.04 (focal) - medium. + hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-02 14:15:00 UTC + 2020-06-02 14:15:00 UTC + Ren Ding, Hanqing Zhao, Alexander Bulekov, Anatoly Trosinenko + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13754.html + https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html + https://ubuntu.com/security/notices/USN-4467-1 + https://ubuntu.com/security/notices/USN-4467-2 + + + + mdeslaur> the fix for this issue introduced a regression, see: mdeslaur> https://bugs.launchpad.net/qemu/+bug/1886318 + + + + + + + + + CVE-2020-13776 on Ubuntu 20.04 (focal) - low. + systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-03 03:15:00 UTC + https://github.com/systemd/systemd/issues/15985 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13776.html + + + + mdeslaur> The administrator would have to create a systemd service unit mdeslaur> with a numerical username or a username starting with 0x as a mdeslaur> User= value, and that particular userid would need to exist on mdeslaur> the system. Setting priority to low due to this unlikely mdeslaur> scenario. mdeslaur> mdeslaur> Fixing this requires an extensive backport that refactors mdeslaur> integer parsing in systemd and the risk of regressions stemming mdeslaur> from the behavioural change outweighs the severity of this mdeslaur> issue. We will not be fixing this issue in stable Ubuntu mdeslaur> releases. + + + + + + + + + CVE-2020-13777 on Ubuntu 20.04 (focal) - high. + GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-06-04 07:15:00 UTC + 2020-06-04 07:15:00 UTC + mdeslaur + https://gitlab.com/gnutls/gnutls/-/issues/1011 + https://bugzilla.redhat.com/show_bug.cgi?id=1843723 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13777.html + https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03 + https://ubuntu.com/security/notices/USN-4384-1 + + + + mdeslaur> introduced in 3.6.4 + + + + + + + + + CVE-2020-13790 on Ubuntu 20.04 (focal) - medium. + libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-03 19:15:00 UTC + 2020-06-03 19:15:00 UTC + leosilva + https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13790.html + https://ubuntu.com/security/notices/USN-4386-1 + + + + + + + + + + CVE-2020-13800 on Ubuntu 20.04 (focal) - low. + ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-04 16:15:00 UTC + 2020-06-04 16:15:00 UTC + mdeslaur + Ren Ding, Hanqing Zhao, Yi Ren + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13800.html + https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00944.html + https://www.openwall.com/lists/oss-security/2020/06/04/2 + https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00833.html + https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html + https://ubuntu.com/security/notices/USN-4467-1 + + + + + + + + + + CVE-2020-13904 on Ubuntu 20.04 (focal) - medium. + FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-07 19:15:00 UTC + 2020-06-07 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13904.html + https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/ + https://trac.ffmpeg.org/ticket/8673 + https://ubuntu.com/security/notices/USN-4431-1 + + + + + + + + + + CVE-2020-13974 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-09 05:15:00 UTC + 2020-06-09 05:15:00 UTC + FuzzUSB, syzkaller + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-13974.html + https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae + https://lkml.org/lkml/2020/3/22/482 + https://lore.kernel.org/lkml/CAEAjams79+V8bxpcp3UAsU1AnJ+gx2y+ZqhDhjJCpZn2oeZA4Q@mail.gmail.com/ + https://ubuntu.com/security/notices/USN-4427-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + sbeattie> reproducer in lore.kernel.org link + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14093 on Ubuntu 20.04 (focal) - medium. + Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 05:15:00 UTC + 2020-06-15 05:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962897 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14093.html + http://www.mutt.org + https://ubuntu.com/security/notices/USN-4401-1 + + + + + + + + + + CVE-2020-14154 on Ubuntu 20.04 (focal) - low. + Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-15 17:15:00 UTC + 2020-06-15 17:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14154.html + http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html + http://www.mutt.org + https://ubuntu.com/security/notices/USN-4401-1 + + + + + + + + + + CVE-2020-14303 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-06 18:15:00 UTC + 2020-07-06 18:15:00 UTC + mdeslaur + Martin von Wittich, Wilko Meyer + https://bugzilla.samba.org/show_bug.cgi?id=14417 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14303.html + https://www.samba.org/samba/security/CVE-2020-14303.html + https://ubuntu.com/security/notices/USN-4454-1 + https://ubuntu.com/security/notices/USN-4454-2 + + + + + + + + + + CVE-2020-14305 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-02 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14305.html + https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/ + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.9.232&id=396ba2fc4f27ef6c44bbc0098bfddf4da76dc4c9 + + + + sbeattie> fixed in 4.11 and newer with 9f0f3ebeda47a5518817f33c40f6d3ea9c0275b8 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14308 on Ubuntu 20.04 (focal) - high. + In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-07-29 20:15:00 UTC + 2020-07-29 17:00:00 UTC + Chris Coulson + 2020-07-29 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14308.html + https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass + https://www.openwall.com/lists/oss-security/2020/07/29/3 + https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html + https://ubuntu.com/security/notices/USN-4432-1 + + + + amurray| grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low + + + + + + + + + + + + CVE-2020-14309 on Ubuntu 20.04 (focal) - high. + There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-07-30 13:15:00 UTC + 2020-07-29 17:00:00 UTC + Chris Coulson + 2020-07-29 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14309.html + https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass + https://www.openwall.com/lists/oss-security/2020/07/29/3 + https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html + https://ubuntu.com/security/notices/USN-4432-1 + + + + amurray| grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low + + + + + + + + + + + + CVE-2020-14310 on Ubuntu 20.04 (focal) - high. + There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-07-31 22:15:00 UTC + 2020-07-29 17:00:00 UTC + Chris Coulson + 2020-07-29 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14310.html + https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass + https://www.openwall.com/lists/oss-security/2020/07/29/3 + https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html + https://ubuntu.com/security/notices/USN-4432-1 + + + + amurray| grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low + + + + + + + + + + + + CVE-2020-14311 on Ubuntu 20.04 (focal) - high. + There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems, font files or PNG images, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-07-31 22:15:00 UTC + 2020-07-29 17:00:00 UTC + Chris Coulson + 2020-07-29 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14311.html + https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass + https://www.openwall.com/lists/oss-security/2020/07/29/3 + https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html + https://ubuntu.com/security/notices/USN-4432-1 + + + + amurray| grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low + + + + + + + + + + + + CVE-2020-14318 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 16:15:00 UTC + 2020-10-29 + mdeslaur + Steven French + 2020-10-29 + https://bugzilla.samba.org/show_bug.cgi?id=14434 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14318.html + https://www.samba.org/samba/security/CVE-2020-14318.html + https://ubuntu.com/security/notices/USN-4611-1 + https://ubuntu.com/security/notices/USN-4931-1 + + + + + + + + + + CVE-2020-14323 on Ubuntu 20.04 (focal) - medium. + A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-29 20:15:00 UTC + 2020-10-29 + mdeslaur + Bas Alberts + 2020-10-29 + https://bugzilla.samba.org/show_bug.cgi?id=14436 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14323.html + https://www.samba.org/samba/security/CVE-2020-14323.html + https://ubuntu.com/security/notices/USN-4611-1 + https://ubuntu.com/security/notices/USN-4931-1 + + + + mdeslaur> This is GHSL-2020-134 + + + + + + + + + CVE-2020-14331 on Ubuntu 20.04 (focal) - negligible. + A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 19:15:00 UTC + Yunhai Zhang + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14331.html + https://www.openwall.com/lists/oss-security/2020/07/28/2 + + + + amurray| CONFIG_VGACON_SOFT_SCROLLBACK is required to be enabled for this to be exploitable. This config option is disabled in Ubuntu kernel configs. + + + + + + + + + CVE-2020-14343 on Ubuntu 20.04 (focal) - medium. + A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-09 21:15:00 UTC + 2021-02-09 21:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966233 + https://github.com/yaml/pyyaml/issues/420 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14343.html + https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation + https://ubuntu.com/security/notices/USN-4940-1 + + + + sbeattie> incomplete fix of CVE-2020-1747 mdeslaur> FullLoader was introduced in 5.1. FullLoader should not be used mdeslaur> on untrusted input. + + + + + + + + + CVE-2020-14344 on Ubuntu 20.04 (focal) - medium. + An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-05 14:15:00 UTC + 2020-08-05 14:15:00 UTC + mdeslaur + Todd Carson + https://bugs.debian.org/966691 + https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116 (regression) + https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248549 (regression) + https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/117 (regression) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14344.html + https://lists.x.org/archives/xorg-announce/2020-July/003050.html + https://ubuntu.com/security/notices/USN-4487-1 + https://ubuntu.com/security/notices/USN-4487-2 + + + + seth-arnold> Debian triage notes the original fixes introduced regression mdeslaur> a second regression was reported in bug 117 + + + + + + + + + CVE-2020-14345 on Ubuntu 20.04 (focal) - medium. + A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 14:15:00 UTC + 2020-09-03 00:00:00 UTC + mdeslaur + Jan-Niklas Sohn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14345.html + https://lists.x.org/archives/xorg-announce/2020-August/003058.html + https://ubuntu.com/security/notices/USN-4490-1 + https://ubuntu.com/security/notices/USN-4488-2 + + + + mdeslaur> xorg server is actually the xorg-server package mdeslaur> the xorg package only contains docs + + + + + + + + + CVE-2020-14346 on Ubuntu 20.04 (focal) - medium. + A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 19:15:00 UTC + 2020-08-26 05:03:00 UTC + mdeslaur + Jan-Niklas Sohn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14346.html + https://lists.x.org/archives/xorg-announce/2020-August/003058.html + https://access.redhat.com/security/cve/CVE-2020-14346 + https://ubuntu.com/security/notices/USN-4488-1 + https://ubuntu.com/security/notices/USN-4488-2 + + + + mdeslaur> xorg server is actually the xorg-server package mdeslaur> the xorg package only contains docs + + + + + + + + + CVE-2020-14347 on Ubuntu 20.04 (focal) - low. + A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-05 14:15:00 UTC + 2020-08-05 14:15:00 UTC + mdeslaur + Jan-Niklas Sohn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14347.html + https://lists.x.org/archives/xorg-announce/2020-July/003051.html + https://www.openwall.com/lists/oss-security/2020/07/31/2 + https://ubuntu.com/security/notices/USN-4488-1 + https://ubuntu.com/security/notices/USN-4488-2 + + + + + + + + + + CVE-2020-14349 on Ubuntu 20.04 (focal) - medium. + It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-24 13:15:00 UTC + 2020-08-17 00:00:00 UTC + mdeslaur + Noah Misch + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14349.html + https://www.postgresql.org/about/news/2060/ + https://ubuntu.com/security/notices/USN-4472-1 + + + + + + + + + + CVE-2020-14356 on Ubuntu 20.04 (focal) - medium. + A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-19 15:15:00 UTC + 2020-08-19 15:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1868453 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14356.html + https://bugzilla.kernel.org/show_bug.cgi?id=208003 + https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/ + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4484-1 + https://ubuntu.com/security/notices/USN-4526-1 + + + + sbeattie> commit 1bfba2f4270c64c912 is in the linux-stable tree hash + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14360 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-20 16:15:00 UTC + 2020-12-01 + mdeslaur + Jan-Niklas Sohn + 2020-12-01 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14360.html + https://ubuntu.com/security/notices/USN-4656-1 + https://www.openwall.com/lists/oss-security/2020/12/01/3 + https://ubuntu.com/security/notices/USN-4656-2 + + + + mdeslaur> xorg server is actually the xorg-server package mdeslaur> the xorg package only contains docs amurray| ZDI-CAN 11572 mdeslaur> 241f2b140738b592d762e6e4a43945d9aed3ebb3 + + + + + + + + + CVE-2020-14361 on Ubuntu 20.04 (focal) - medium. + A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 19:15:00 UTC + 2020-08-26 05:03:00 UTC + mdeslaur + Jan-Niklas Sohn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14361.html + https://lists.x.org/archives/xorg-announce/2020-August/003058.html + https://access.redhat.com/security/cve/CVE-2020-14361 + https://ubuntu.com/security/notices/USN-4488-1 + https://ubuntu.com/security/notices/USN-4488-2 + + + + mdeslaur> xorg server is actually the xorg-server package mdeslaur> the xorg package only contains docs + + + + + + + + + CVE-2020-14362 on Ubuntu 20.04 (focal) - medium. + A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 19:15:00 UTC + 2020-08-26 05:03:00 UTC + mdeslaur + Jan-Niklas Sohn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14362.html + https://lists.x.org/archives/xorg-announce/2020-August/003058.html + https://access.redhat.com/security/cve/CVE-2020-14362 + https://ubuntu.com/security/notices/USN-4488-1 + https://ubuntu.com/security/notices/USN-4488-2 + + + + mdeslaur> xorg server is actually the xorg-server package mdeslaur> the xorg package only contains docs + + + + + + + + + CVE-2020-14363 on Ubuntu 20.04 (focal) - medium. + An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-11 18:15:00 UTC + 2020-08-25 13:00:00 UTC + mdeslaur + Jayden Rivers + 2020-08-25 13:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14363.html + https://lists.x.org/archives/xorg-announce/2020-August/003056.html + https://ubuntu.com/security/notices/USN-4487-1 + https://ubuntu.com/security/notices/USN-4487-2 + + + + + + + + + + CVE-2020-14364 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-31 18:15:00 UTC + 2020-08-24 12:00:00 UTC + mdeslaur + Ziming Zhang, Xiao Wei, Gonglei Arei and Yanyu Zhang + 2020-08-24 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14364.html + https://www.openwall.com/lists/oss-security/2020/08/24/3 + https://www.openwall.com/lists/oss-security/2020/08/24/2 + https://ubuntu.com/security/notices/USN-4511-1 + https://ubuntu.com/security/notices/USN-4467-2 + + + + + + + + + + CVE-2020-14374 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 20:15:00 UTC + 2020-09-28 15:00:00 + mdeslaur + Ryan Hall + 2020-09-28 15:00:00 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14374.html + https://ubuntu.com/security/notices/USN-4550-1 + + + + + + + + + + CVE-2020-14375 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 19:15:00 UTC + 2020-09-28 15:00:00 + mdeslaur + Ryan Hall + 2020-09-28 15:00:00 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14375.html + https://ubuntu.com/security/notices/USN-4550-1 + + + + + + + + + + CVE-2020-14376 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 19:15:00 UTC + 2020-09-28 15:00:00 + mdeslaur + Ryan Hall + 2020-09-28 15:00:00 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14376.html + https://ubuntu.com/security/notices/USN-4550-1 + + + + + + + + + + CVE-2020-14377 on Ubuntu 20.04 (focal) - medium. + A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 19:15:00 UTC + 2020-09-28 15:00:00 + mdeslaur + Ryan Hall + 2020-09-28 15:00:00 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14377.html + https://ubuntu.com/security/notices/USN-4550-1 + + + + + + + + + + CVE-2020-14378 on Ubuntu 20.04 (focal) - low. + An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 19:15:00 UTC + 2020-09-28 15:00:00 + mdeslaur + Ryan Hall + 2020-09-28 15:00:00 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14378.html + https://ubuntu.com/security/notices/USN-4550-1 + + + + + + + + + + CVE-2020-14381 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1874311 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14381.html + https://git.kernel.org/linus/8019ad13ef7f64be44d4f892af9c840179009254 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14382 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 15:15:00 UTC + 2020-09-03 00:00:00 UTC + leosilva + Tobias Stoeckmann + https://bugzilla.redhat.com/show_bug.cgi?id=1874712 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14382.html + https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/102 + https://ubuntu.com/security/notices/USN-4493-1 + + + + debian> Introduced with v2.2.0-rc0 with a7f80a27701450e40ef37e2224577f1a0c98cf0f + + + + + + + + + CVE-2020-14383 on Ubuntu 20.04 (focal) - medium. + A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-02 01:15:00 UTC + 2020-10-29 + mdeslaur + Francis Brosnan Blázquez + 2020-10-29 + https://bugzilla.samba.org/show_bug.cgi?id=12795 + https://bugzilla.samba.org/show_bug.cgi?id=14472 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14383.html + https://www.samba.org/samba/security/CVE-2020-14383.html + https://ubuntu.com/security/notices/USN-4611-1 + https://ubuntu.com/security/notices/USN-4931-1 + + + + + + + + + + CVE-2020-14386 on Ubuntu 20.04 (focal) - high. + A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 13:15:00 UTC + 2020-09-04 00:00:00 UTC + Or Cohen + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14386.html + https://www.openwall.com/lists/oss-security/2020/09/03/3 + https://www.openwall.com/lists/oss-security/2020/09/04/2 + https://lore.kernel.org/netdev/20200904040528.3635711-1-edumazet@google.com/T/#u + https://lore.kernel.org/netdev/20200904133052.20299-1-snu@amazon.com/ + https://ubuntu.com/security/notices/USN-4489-1 + + + + sbeattie> requires CAP_NET_RAW cascardo> Added break as investigated by Solar Designer. sbeattie> older backports without 8e8e2951e309 will need second lore.kernel.org variant + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14392 on Ubuntu 20.04 (focal) - medium. + An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 13:15:00 UTC + 2020-09-11 00:00:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14392.html + https://ubuntu.com/security/notices/USN-4503-1 + + + + + + + + + + CVE-2020-14415 on Ubuntu 20.04 (focal) - low. + oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-27 16:15:00 UTC + 2020-06-19 00:00:00 UTC + mdeslaur + Ziming Zhang + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14415.html + https://ubuntu.com/security/notices/USN-4467-1 + + + + + + + + + + CVE-2020-14416 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 11:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14416.html + https://bugzilla.suse.com/show_bug.cgi?id=1162002 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ace17d56824165c7f4c68785d6b58971db954dd + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-14578 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-14 + 2020-07-14 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14578.html + https://ubuntu.com/security/notices/USN-4453-1 + + + + + + + + + + CVE-2020-14579 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 18:15:00 UTC + 2020-07-14 + 2020-07-14 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14579.html + https://ubuntu.com/security/notices/USN-4453-1 + + + + + + + + + + CVE-2020-1472 on Ubuntu 20.04 (focal) - medium. + An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-17 19:15:00 UTC + 2020-09-16 00:00:00 UTC + mdeslaur + https://bugzilla.samba.org/show_bug.cgi?id=14497 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1472.html + https://www.secura.com/pathtoimg.php?id=2055 + https://ubuntu.com/security/notices/USN-4510-1 + https://ubuntu.com/security/notices/USN-4510-2 + + + + mdeslaur> Starting with Samba 4.8, "server schannel" defaults to "yes" mdeslaur> instead of "auto". This is sufficient to address this mdeslaur> vulnerability. See details in the upstream bug report. mdeslaur> There may be an additional commit to make ServerAuthenticate3 mdeslaur> fail so that the false positive reported by the third party mdeslaur> vulnerability scanning tools is fixed. + + + + + + + + + CVE-2020-14928 on Ubuntu 20.04 (focal) - medium. + evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection." + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-17 16:15:00 UTC + 2020-07-08 00:00:00 UTC + mdeslaur + https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-14928.html + https://ubuntu.com/security/notices/USN-4429-1 + + + + + + + + + + CVE-2020-15049 on Ubuntu 20.04 (focal) - low. + An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-30 18:15:00 UTC + 2020-06-30 18:15:00 UTC + mdeslaur + Alex Rousskov and Amit Klein + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15049.html + https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5 + https://ubuntu.com/security/notices/USN-4551-1 + https://ubuntu.com/security/notices/USN-4895-1 + + + + mdeslaur> per upstream, "This attack requires an upstream server to mdeslaur> participate in the smuggling and generate the poison response mdeslaur> sequence." + + + + + + + + + CVE-2020-15157 on Ubuntu 20.04 (focal) - medium. + In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 17:15:00 UTC + 2020-10-15 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15157.html + https://ubuntu.com/security/notices/USN-4589-1 + https://ubuntu.com/security/notices/USN-4589-2 + + + + + + + + + + CVE-2020-15238 on Ubuntu 20.04 (focal) - medium. + Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-27 19:15:00 UTC + 2020-10-27 12:00:00 UTC + Vaisha Bernard + 2020-10-27 12:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15238.html + https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx + https://ubuntu.com/security/notices/USN-4605-1 + https://ubuntu.com/security/notices/USN-4605-2 + https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html + + + + amurray| blueman should use polkit for authorisation but due to a packaging bug in Debian and Ubuntu this was not enabled + + + + + + + + + CVE-2020-15257 on Ubuntu 20.04 (focal) - medium. + containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-01 03:15:00 UTC + 2020-11-30 + 2020-11-30 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15257.html + https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4 + https://ubuntu.com/security/notices/USN-4653-1 + https://ubuntu.com/security/notices/USN-4653-2 + + + + seth-arnold> Containers started with an old version of containerd-shim should be stopped and restarted. seth-arnold> Patches are in Message-ID: <ZIoq.1605308443822728072.OowG@lists.cncf.io mdeslaur> mdeslaur> Updates released in USN-4653-1 were pulled from the archive due mdeslaur> to docker.io being stopped because of packaging issues. mdeslaur> Reverting this CVE to "needed" until new updates are released. mdeslaur> mdeslaur> The cause of the regression is being investigated, and new mdeslaur> updates to correct this CVE will be issued shortly. + + + + + + + + + CVE-2020-15305 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-26 01:15:00 UTC + 2020-06-26 01:15:00 UTC + mdeslaur + https://github.com/AcademySoftwareFoundation/openexr/issues/728 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15305.html + https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md + https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md + https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 + https://ubuntu.com/security/notices/USN-4418-1 + + + + + + + + + + CVE-2020-15306 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-26 01:15:00 UTC + 2020-06-26 01:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15306.html + https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md + https://github.com/AcademySoftwareFoundation/openexr/blob/master/SECURITY.md + https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2 + https://ubuntu.com/security/notices/USN-4418-1 + + + + + + + + + + CVE-2020-15358 on Ubuntu 20.04 (focal) - medium. + In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-27 12:15:00 UTC + 2020-06-27 12:15:00 UTC + mdeslaur + https://www.sqlite.org/src/tktview?name=8f157e8010 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15358.html + https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2 + https://ubuntu.com/security/notices/USN-4438-1 + + + + mdeslaur> introduced in 3.25.0 + + + + + + + + + CVE-2020-15393 on Ubuntu 20.04 (focal) - low. + In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-06-29 22:15:00 UTC + 2020-06-29 22:15:00 UTC + Kyungtae Kim + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15393.html + https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=28ebeb8db77035e058a510ce9bd17c2b9a009dba + https://lkml.org/lkml/2020/6/2/968 + https://ubuntu.com/security/notices/USN-4463-1 + https://ubuntu.com/security/notices/USN-4465-1 + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-15436 on Ubuntu 20.04 (focal) - medium. + Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. It was discovered that the block layer implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 21:15:00 UTC + 2020-11-23 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15436.html + https://git.kernel.org/linus/2d3a8e2deddea6c89961c422ec0c5b851e648c14 + https://lkml.org/lkml/2020/6/7/379 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-15570 on Ubuntu 20.04 (focal) - medium. + The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-06 14:15:00 UTC + 2020-07-06 14:15:00 UTC + mdeslaur + Seong-Joong Kim + https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1882180 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15570.html + https://github.com/sungjungk/whoopsie_killer2/blob/master/README.md + https://github.com/sungjungk/whoopsie_killer2/blob/master/whoopsie_killer2.py + https://launchpad.net/ubuntu/+source/whoopsie + https://www.youtube.com/watch?v=oZXGwC7PWYE + https://ubuntu.com/security/notices/USN-4450-1 + + + + + + + + + + CVE-2020-15646 on Ubuntu 20.04 (focal) - medium. + If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-08 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15646.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646 + + + + + + + + + + CVE-2020-15701 on Ubuntu 20.04 (focal) - medium. + An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-06 23:15:00 UTC + 2020-05-13 + Seong-Joong Kim + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1877023 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15701.html + https://ubuntu.com/security/notices/USN-4449-1 + https://ubuntu.com/security/notices/USN-4449-2 + + + + + + + + + + CVE-2020-15702 on Ubuntu 20.04 (focal) - medium. + TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-06 23:15:00 UTC + 2020-08-04 17:00:00 UTC + mdeslaur + Ryota Shiga + 2020-08-04 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15702.html + https://ubuntu.com/security/notices/USN-4449-1 + https://ubuntu.com/security/notices/USN-4449-2 + + + + + + + + + + CVE-2020-15703 on Ubuntu 20.04 (focal) - medium. + There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-31 04:15:00 UTC + unknown + mdeslaur + Vaisha Bernard + 2020-09-24 + https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1888235 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15703.html + https://ubuntu.com/security/notices/USN-4537-1 + https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html + + + + + + + + + + CVE-2020-15704 on Ubuntu 20.04 (focal) - medium. + The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-01 00:15:00 UTC + 2020-08-04 17:00:00 UTC + mdeslaur + Thomas Chauchefoin + 2020-08-04 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15704.html + https://ubuntu.com/security/notices/USN-4451-1 + https://ubuntu.com/security/notices/USN-4451-2 + + + + mdeslaur> This is ZDI-CAN-11504 mdeslaur> Issue is located in a Ubuntu-specific patch + + + + + + + + + CVE-2020-15705 on Ubuntu 20.04 (focal) - medium. + GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-29 18:15:00 UTC + 2020-07-29 17:00:00 UTC + Mathieu Trudel-Lapierre + 2020-07-29 17:00:00 UTC + https://launchpad.net/bugs/1801968 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15705.html + https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass + https://www.openwall.com/lists/oss-security/2020/07/29/3 + https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html + https://ubuntu.com/security/notices/USN-4432-1 + + + + amurray| grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low + + + + + + + + + + + + CVE-2020-15706 on Ubuntu 20.04 (focal) - high. + GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-07-29 18:15:00 UTC + 2020-07-29 17:00:00 UTC + Chris Coulson + 2020-07-29 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15706.html + https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass + https://www.openwall.com/lists/oss-security/2020/07/29/3 + https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html + https://ubuntu.com/security/notices/USN-4432-1 + + + + amurray| grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low sbeattie| 809f3a268 script: Avoid a use-after-free when redefining a function during execution + + + + + + + + + + + + CVE-2020-15707 on Ubuntu 20.04 (focal) - medium. + Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-29 18:15:00 UTC + 2020-07-29 17:00:00 UTC + Colin Watson and Chris Coulson + 2020-07-29 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15707.html + https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass + https://www.openwall.com/lists/oss-security/2020/07/29/3 + https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html + https://ubuntu.com/security/notices/USN-4432-1 + + + + sbeattie| efilinux: Fix integer overflows in grub_cmd_initrd e961f8f8cdb25245900dc0884047e856346035b3 sbeattie| Title: grub2: integer overflows in efilinux grub_cmd_initrd and grub_initrd_init leads to heap based buffer overflow sbeattie| code is not upstream in grub2 but carried as part of patches by Ubuntu, Debian, Red Hat and possibly others. amurray| grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low + + + + + + + + + + + + CVE-2020-15708 on Ubuntu 20.04 (focal) - medium. + Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 02:15:00 UTC + 2020-08-04 17:00:00 UTC + mdeslaur + Trent Shea + 2020-08-04 17:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15708.html + https://ubuntu.com/security/notices/USN-4452-1 + + + + mdeslaur> This is ZDI-CAN-11561. mdeslaur> caused by the switch to systemd socket activation, so bionic and mdeslaur> earlier are not affected + + + + + + + + + CVE-2020-15709 on Ubuntu 20.04 (focal) - medium. + Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-05 04:15:00 UTC + 2020-08-03 14:41:00 UTC + mdeslaur + Jason A. Donenfeld + https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15709.html + https://www.openwall.com/lists/oss-security/2020/08/03/1 + https://ubuntu.com/security/notices/USN-4457-1 + https://ubuntu.com/security/notices/USN-4457-2 + + + + + + + + + + CVE-2020-15710 on Ubuntu 20.04 (focal) - medium. + Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-19 03:15:00 UTC + 2020-09-17 + avital + Ratchanan Srirattanamet + 2020-09-17 + https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1884738 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15710.html + https://ubuntu.com/security/notices/USN-4519-1 + + + + + + + + + + CVE-2020-15778 on Ubuntu 20.04 (focal) - low. + ** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-07-24 14:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1860487 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15778.html + https://github.com/cpandya2909/CVE-2020-15778 + https://www.openssh.com/security.html + https://lwn.net/Articles/835962/ + + + + seth-arnold> openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. mdeslaur> mdeslaur> the upstream OpenSSH project will not be fixing this issue as mdeslaur> it may result in breaking existing workflows. As such, we will mdeslaur> not be fixing this issue in Ubuntu. + + + + + + + + + + + + CVE-2020-15780 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-15 22:15:00 UTC + 2020-07-15 22:15:00 UTC + Jason A. Donenfeld + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15780.html + https://www.openwall.com/lists/oss-security/2020/06/15/3 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354 + https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh + https://ubuntu.com/security/notices/USN-4425-1 + https://ubuntu.com/security/notices/USN-4426-1 + https://ubuntu.com/security/notices/USN-4439-1 + https://ubuntu.com/security/notices/USN-4440-1 + + + + sbeattie> acpi configfs interface added in 4.8/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-15810 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-02 17:15:00 UTC + 2020-08-24 00:00:00 UTC + mdeslaur + Amit Klein + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968934 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15810.html + https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m + https://ubuntu.com/security/notices/USN-4477-1 + https://ubuntu.com/security/notices/USN-4551-1 + + + + + + + + + + CVE-2020-15811 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-09-02 17:15:00 UTC + 2020-08-24 00:00:00 UTC + mdeslaur + Régis Leroy + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968932 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15811.html + https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv + https://ubuntu.com/security/notices/USN-4477-1 + https://ubuntu.com/security/notices/USN-4551-1 + + + + + + + + + + CVE-2020-15852 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154. Andy Lutomirski discovered that the Linux kernel did not properly handle I/O port permissions for paravirtualized (PV) guests on x86 platforms in some situations. An attacker in a paravirtualized guest could possibly use this to gain access to restricted I/O devices. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-20 19:15:00 UTC + Andy Lutomirski + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15852.html + https://www.openwall.com/lists/oss-security/2020/07/16/1 + http://www.openwall.com/lists/oss-security/2020/07/21/2 + http://xenbits.xen.org/xsa/advisory-329.html + https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2 + https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-15861 on Ubuntu 20.04 (focal) - medium. + Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-20 01:17:00 UTC + 2020-08-06 00:00:00 UTC + leosilva + Tobias Neitzel + https://github.com/net-snmp/net-snmp/issues/145 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15861.html + https://ubuntu.com/security/notices/USN-4471-1 + + + + + + + + + + CVE-2020-15862 on Ubuntu 20.04 (focal) - medium. + Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-20 01:17:00 UTC + 2020-08-06 00:00:00 UTC + leosilva + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966544 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15862.html + https://ubuntu.com/security/notices/USN-4471-1 + https://ubuntu.com/security/notices/USN-4471-2 + + + + seth-arnold> see Debian's triage notes + + + + + + + + + CVE-2020-15900 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-28 16:15:00 UTC + 2020-07-28 16:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=702582 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15900.html + https://artifex.com/security-advisories/CVE-2020-15900 + https://ubuntu.com/security/notices/USN-4445-1 + + + + sbeattie> according to debian, jntroduced by 7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (9.28rc1) + + + + + + + + + CVE-2020-16092 on Ubuntu 20.04 (focal) - low. + In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-11 16:15:00 UTC + 2020-08-11 16:15:00 UTC + mdeslaur + Ziming Zhang + https://bugzilla.redhat.com/show_bug.cgi?id=1860283 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16092.html + https://access.redhat.com/security/cve/CVE-2020-16092 + https://ubuntu.com/security/notices/USN-4467-1 + + + + + + + + + + CVE-2020-16119 on Ubuntu 20.04 (focal) - high. + Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-01-14 01:15:00 UTC + 2020-10-13 + cascardo + Hadar Manor + 2020-10-13 + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883840 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16119.html + https://www.openwall.com/lists/oss-security/2020/10/13/7 + https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695 + https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/ + https://ubuntu.com/security/notices/USN-4580-1 + https://ubuntu.com/security/notices/USN-4579-1 + https://ubuntu.com/security/notices/USN-4578-1 + https://ubuntu.com/security/notices/USN-4577-1 + https://ubuntu.com/security/notices/USN-4576-1 + + + + sbeattie> patch applied to the ubuntu-kernels was NACKed by upstream. The subsequent revision submitted upstream still needs rework and has not been accepted as of 2021-01-13. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-16120 on Ubuntu 20.04 (focal) - medium. + Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11. Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 20:15:00 UTC + 2020-10-13 17:00:00 UTC + cascardo + Giuseppe Scrivano + 2020-10-13 17:00:00 UTC + https://bugs.launchpad.net/bugs/1894980 + https://bugs.launchpad.net/bugs/1900141 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16120.html + https://www.openwall.com/lists/oss-security/2020/10/13/6 + https://ubuntu.com/security/notices/USN-4578-1 + https://ubuntu.com/security/notices/USN-4577-1 + https://ubuntu.com/security/notices/USN-4576-1 + + + + sbeattie> this issue most likely only has an impact on Ubuntu systems as it is dependent on both unprivileged user namespaces being enabled as well as a non-upstream patch that allows overlayfs mounts in user namespaces. sbeattie> the backport of this issue introduced a regression, LP: #1900141 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-16121 on Ubuntu 20.04 (focal) - low. + PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-07 04:15:00 UTC + 2020-09-24 + mdeslaur + Vaisha Bernard + 2020-09-24 + https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16121.html + https://ubuntu.com/security/notices/USN-4538-1 + https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html + + + + + + + + + + CVE-2020-16122 on Ubuntu 20.04 (focal) - medium. + PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-07 04:15:00 UTC + 2020-06-13 01:14:00 UTC + mdeslaur + Sami Niemimäki + https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16122.html + https://ubuntu.com/security/notices/USN-4538-1 + + + + + + + + + + CVE-2020-16123 on Ubuntu 20.04 (focal) - medium. + An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 00:15:00 UTC + 2020-11-23 17:00:00 UTC + avital + James Henstridge + 2020-11-23 17:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1895928 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16123.html + https://ubuntu.com/security/notices/USN-4640-1 + + + + + + + + + + CVE-2020-16126 on Ubuntu 20.04 (focal) - medium. + An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-11 04:15:00 UTC + 2020-11-03 + mdeslaur + Kevin Backhouse + 2020-11-03 + https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1900255 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16126.html + https://ubuntu.com/security/notices/USN-4616-1 + https://ubuntu.com/security/notices/USN-4616-2 + + + + mdeslaur> This vulnerability is in an Ubuntu-specific patch and doesn't mdeslaur> affect the upstream code. + + + + + + + + + CVE-2020-16127 on Ubuntu 20.04 (focal) - medium. + An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-11 04:15:00 UTC + 2020-11-03 + mdeslaur + Kevin Backhouse + 2020-11-03 + https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1900255 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16127.html + https://ubuntu.com/security/notices/USN-4616-1 + + + + mdeslaur> This vulnerability is in an Ubuntu-specific patch and doesn't mdeslaur> affect the upstream code. + + + + + + + + + CVE-2020-16128 on Ubuntu 20.04 (focal) - medium. + The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 04:15:00 UTC + 2020-12-08 + mdeslaur + Kevin Backhouse + 2020-12-08 + https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16128.html + https://ubuntu.com/security/notices/USN-4664-1 + + + + + + + + + + CVE-2020-16135 on Ubuntu 20.04 (focal) - medium. + libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-29 21:15:00 UTC + 2020-07-29 21:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16135.html + https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238 + https://bugs.libssh.org/T232 + https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120 + https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=1493b4466fa394b321d196ad63dd6a4fa395d337 + https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=dbfb7f44aa905a7103bdde9a198c1e9b0f480c2e + https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=65ae496222018221080dd753a52f6d70bf3ca5f3 + https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=df0acab3a077bd8ae015e3e8b4c71ff31b5900fe + https://ubuntu.com/security/notices/USN-4447-1 + + + + + + + + + + CVE-2020-16287 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701785 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16287.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16288 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701791 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16288.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16289 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701788 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16289.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16290 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701786 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16290.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16291 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701787 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16291.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16292 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701793 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16292.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16293 on Ubuntu 20.04 (focal) - medium. + A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701795 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16293.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16294 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701794 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16294.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16295 on Ubuntu 20.04 (focal) - medium. + A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701796 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16295.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16296 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701792 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16296.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + mdeslaur> also includes fix for CVE-2020-17538 + + + + + + + + + CVE-2020-16297 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701800 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16297.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16298 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701799 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16298.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16299 on Ubuntu 20.04 (focal) - medium. + A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701801 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16299.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16300 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701807 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16300.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16301 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701808 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16301.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16302 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701815 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16302.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16303 on Ubuntu 20.04 (focal) - medium. + A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701818 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16303.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16304 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701816 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16304.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + Debian> PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger + + + + + + + + + CVE-2020-16305 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701819 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16305.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16306 on Ubuntu 20.04 (focal) - medium. + A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701821 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16306.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16307 on Ubuntu 20.04 (focal) - medium. + A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701822 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16307.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16308 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701829 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16308.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16309 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701827 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16309.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16310 on Ubuntu 20.04 (focal) - medium. + A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701828 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16310.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + + + + + + + CVE-2020-16587 on Ubuntu 20.04 (focal) - medium. + A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 21:15:00 UTC + 2020-12-09 21:15:00 UTC + mdeslaur + https://github.com/AcademySoftwareFoundation/openexr/issues/491 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16587.html + https://ubuntu.com/security/notices/USN-4676-1 + + + + + + + + + + CVE-2020-16588 on Ubuntu 20.04 (focal) - medium. + A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 21:15:00 UTC + 2020-12-09 21:15:00 UTC + mdeslaur + https://github.com/AcademySoftwareFoundation/openexr/issues/493 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16588.html + https://ubuntu.com/security/notices/USN-4676-1 + + + + + + + + + + CVE-2020-16589 on Ubuntu 20.04 (focal) - medium. + A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 21:15:00 UTC + 2020-12-09 21:15:00 UTC + mdeslaur + https://github.com/AcademySoftwareFoundation/openexr/issues/494 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16589.html + https://ubuntu.com/security/notices/USN-4676-1 + + + + + + + + + + CVE-2020-1747 on Ubuntu 20.04 (focal) - low. + A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-24 15:15:00 UTC + Riccardo Schirone + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953013 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1747.html + https://github.com/yaml/pyyaml/pull/386 + + + + mdeslaur> FullLoader was introduced in 5.1. FullLoader should not be used mdeslaur> on untrusted input, setting priority to low. + + + + + + + + + CVE-2020-17489 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-11 21:15:00 UTC + 2020-08-11 21:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968311 + https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17489.html + https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377 + https://ubuntu.com/security/notices/USN-4464-1 + + + + mdeslaur> per upstream bug, appears to have been introduced in 3.34 + + + + + + + + + CVE-2020-1749 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Xiumei Mu discovered that the IPSec implementation in the Linux kernel did not properly encrypt IPv6 traffic in some situations. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-09 15:15:00 UTC + 2020-03-04 08:53:00 UTC + Xiumei Mu + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1749.html + https://access.redhat.com/security/cve/CVE-2020-1749 + https://bugzilla.redhat.com/show_bug.cgi?id=1809833 + https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=6c8991f41546 + https://ubuntu.com/security/notices/USN-4391-1 + https://ubuntu.com/security/notices/USN-4390-1 + https://ubuntu.com/security/notices/USN-4388-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-1751 on Ubuntu 20.04 (focal) - medium. + An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-17 19:15:00 UTC + 2020-04-17 19:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25423 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1751.html + https://ubuntu.com/security/notices/USN-4416-1 + + + + leosilva> -esm releases only supports amd64 arch mdeslaur> introduced in https://sourceware.org/git/?p=glibc.git;a=commit;h=d400dcac5e + + + + + + + + + CVE-2020-17538 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 03:15:00 UTC + 2020-08-13 03:15:00 UTC + mdeslaur + https://bugs.ghostscript.com/show_bug.cgi?id=701792 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-17538.html + https://ubuntu.com/security/notices/USN-4469-1 + + + + mdeslaur> same commit as CVE-2020-16296 + + + + + + + + + CVE-2020-1759 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-13 13:15:00 UTC + Ilya Dryomov + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956139 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1759.html + https://www.openwall.com/lists/oss-security/2020/04/07/2 + + + + + + + + + + CVE-2020-1946 on Ubuntu 20.04 (focal) - medium. + In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 10:15:00 UTC + 2020-12-31 00:00:00 UTC + mdeslaur, leosilva + Damian Lukowski + https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793 (not public) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1946.html + https://www.openwall.com/lists/oss-security/2021/03/24/3 + https://ubuntu.com/security/notices/USN-4899-1 + https://ubuntu.com/security/notices/USN-4899-2 + + + + sbeattie> command injection in configuration parsing + + + + + + + + + CVE-2020-1967 on Ubuntu 20.04 (focal) - high. + Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-04-21 14:15:00 UTC + mdeslaur + Bernd Edlinger + 2020-04-21 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1967.html + https://www.openssl.org/news/secadv/20200421.txt + + + + mdeslaur> introduced in 1.1.1d + + + + + + + + + CVE-2020-1971 on Ubuntu 20.04 (focal) - high. + The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 16:15:00 UTC + 2020-12-08 + David Benjamin + 2020-12-08 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1971.html + https://www.openssl.org/news/secadv/20201208.txt + https://ubuntu.com/security/notices/USN-4662-1 + https://ubuntu.com/security/notices/USN-4745-1 + + + + mdeslaur> edk2 doesn't use the OpenSSL GENERAL_NAME_cmp function, so it is mdeslaur> not vulnerable to this issue. + + + + + + + + + CVE-2020-24386 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-04 17:15:00 UTC + 2021-01-04 12:00:00 UTC + mdeslaur + 2021-01-04 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24386.html + https://ubuntu.com/security/notices/USN-4674-1 + + + + mdeslaur> per upstream, Vulnerable version: 2.2.26-2.3.11.3 + + + + + + + + + CVE-2020-24394 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. It was discovered that the NFS server implementation in the Linux kernel did not properly honor umask settings when setting permissions while creating file system objects if the underlying file system did not support ACLs. An attacker could possibly use this to expose sensitive information or violate system integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-19 13:15:00 UTC + 2020-08-19 13:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24394.html + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832 + https://ubuntu.com/security/notices/USN-4465-1 + https://ubuntu.com/security/notices/USN-4483-1 + https://ubuntu.com/security/notices/USN-4485-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-24490 on Ubuntu 20.04 (focal) - medium. + Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-02 22:15:00 UTC + 2020-10-14 00:00:00 UTC + Andy Nguyen + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24490.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html + https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649 + https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e + https://ubuntu.com/security/notices/USN-4592-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + sbeattie| This issue affected kernels 4.18 and later; as such Ubuntu 20.04's 5.4 kernel was fixed around 2020/09/21, before the advisory was issued. sbeattie| it is asserted that b2cc9761f144e8ef714be8c590603073b80ddc13 made the vulnerability accessible. sbeattie> it's not clear if https://lore.kernel.org/linux-bluetooth/20201016180956.707681-1-luiz.dentz@gmail.com/ is needed as well. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-24502 on Ubuntu 20.04 (focal) - medium. + Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24502.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html + + + + sbeattie| these are Intel's out-of-tree drivers. + + + + + + + + + + + + + CVE-2020-24503 on Ubuntu 20.04 (focal) - medium. + Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24503.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html + + + + sbeattie| these are Intel's out-of-tree drivers. + + + + + + + + + + + + + CVE-2020-24583 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-01 13:15:00 UTC + 2020-09-01 10:00:00 UTC + mdeslaur + 2020-09-01 10:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24583.html + https://ubuntu.com/security/notices/USN-4479-1 + + + + mdeslaur> This issue is caused by a behavioural change in Python 3.7. mdeslaur> While python3.7 is available for bionic, it doesn't replace mdeslaur> python3.6, so bionic is not affected by this issue. + + + + + + + + + CVE-2020-24584 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-01 13:15:00 UTC + 2020-09-01 10:00:00 UTC + mdeslaur + 2020-09-01 10:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24584.html + https://ubuntu.com/security/notices/USN-4479-1 + + + + mdeslaur> This issue is caused by a behavioural change in Python 3.7. mdeslaur> While python3.7 is available for bionic, it doesn't replace mdeslaur> python3.6, so bionic is not affected by this issue. + + + + + + + + + CVE-2020-24606 on Ubuntu 20.04 (focal) - medium. + Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-24 18:15:00 UTC + 2020-08-24 18:15:00 UTC + mdeslaur + Lubos Uhliarik + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968933 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24606.html + https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg + https://ubuntu.com/security/notices/USN-4477-1 + https://ubuntu.com/security/notices/USN-4551-1 + + + + + + + + + + CVE-2020-24654 on Ubuntu 20.04 (focal) - medium. + In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-02 17:15:00 UTC + 2020-09-01 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24654.html + https://ubuntu.com/security/notices/USN-4482-1 + + + + + + + + + + CVE-2020-24659 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-04 15:15:00 UTC + 2020-09-04 15:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969547 + https://gitlab.com/gnutls/gnutls/-/issues/1071 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24659.html + https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 + https://security.gentoo.org/glsa/202009-01 + https://ubuntu.com/security/notices/USN-4491-1 + + + + + + + + + + CVE-2020-24889 on Ubuntu 20.04 (focal) - medium. + A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-16 15:15:00 UTC + https://github.com/LibRaw/LibRaw/issues/334 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24889.html + + + + mdeslaur> affected code was introduced in 20.0, and is not present in mdeslaur> versions earlier than that, contrary to the CVE description mdeslaur> See "Hasselblad L1D-20c, X1D II 50C" in mdeslaur> https://www.libraw.org/news/libraw-0-20-Release + + + + + + + + + CVE-2020-25097 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-19 05:15:00 UTC + 2021-03-19 05:15:00 UTC + mdeslaur + Jianjun Chen + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985068 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25097.html + https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6 + https://ubuntu.com/security/notices/USN-4895-1 + + + + + + + + + + CVE-2020-25219 on Ubuntu 20.04 (focal) - medium. + url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-09 21:15:00 UTC + 2020-09-09 21:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25219.html + https://github.com/libproxy/libproxy/issues/134 + https://ubuntu.com/security/notices/USN-4514-1 + + + + + + + + + + CVE-2020-25220 on Ubuntu 20.04 (focal) - medium. + The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-10 02:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25220.html + https://bugzilla.redhat.com/show_bug.cgi?id=1868453 + https://www.spinics.net/lists/stable/msg405099.html + https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.194 + https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140 + https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.233 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=82fd2138a5ffd7e0d4320cdb669e115ee976a26e + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25221 on Ubuntu 20.04 (focal) - medium. + get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-10 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25221.html + https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2 + http://www.openwall.com/lists/oss-security/2020/09/10/4 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7 + https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a + https://www.openwall.com/lists/oss-security/2020/09/08/4 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-25275 on Ubuntu 20.04 (focal) - medium. + Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-04 17:15:00 UTC + 2021-01-04 12:00:00 UTC + mdeslaur + Innokentii Sennovskiy + 2021-01-04 12:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25275.html + https://ubuntu.com/security/notices/USN-4674-1 + https://ubuntu.com/security/notices/USN-4674-2 + + + + mdeslaur> per upstream, Vulnerable version: 2.3.11-2.3.11.3 mdeslaur> we backported fix to earlier releases, so they are vulnerable + + + + + + + + + CVE-2020-25613 on Ubuntu 20.04 (focal) - low. + An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-10-06 13:15:00 UTC + 2020-10-06 13:15:00 UTC + mdeslaur + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25613.html + https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/ + https://ubuntu.com/security/notices/USN-4882-1 + + + + + + + + + + CVE-2020-25623 on Ubuntu 20.04 (focal) - medium. + Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 12:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25623.html + https://github.com/erlang/otp/releases/tag/OTP-23.1 + https://www.erlang.org/downloads + https://www.erlang.org/news + + + + mdeslaur> per upstream, introduced in OTP 22.3.1 and corrected in OTP mdeslaur> 22.3.4.6. It was also introduced in OTP 23.0 and corrected in mdeslaur> OTP 23.1 + + + + + + + + + CVE-2020-25654 on Ubuntu 20.04 (focal) - medium. + An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-24 20:15:00 UTC + 2020-10-27 + mdeslaur + Ken Gaillot + https://bugzilla.redhat.com/show_bug.cgi?id=1888191 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25654.html + https://lists.clusterlabs.org/pipermail/developers/2020-October/002324.html + https://www.openwall.com/lists/oss-security/2020/10/27/1 + https://ubuntu.com/security/notices/USN-4623-1 + + + + + + + + + + CVE-2020-25659 on Ubuntu 20.04 (focal) - medium. + python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 16:15:00 UTC + 2020-10-28 00:00:00 UTC + leosilva + Hubert Kario + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973247 + https://bugzilla.redhat.com/show_bug.cgi?id=1889988 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25659.html + https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476 + https://ubuntu.com/security/notices/USN-4613-1 + + + + + + + + + + CVE-2020-25660 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-23 22:15:00 UTC + 2020-11-23 22:15:00 UTC + Ilya Dryomov + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25660.html + https://www.openwall.com/lists/oss-security/2020/11/17/4 + https://ubuntu.com/security/notices/USN-4706-1 + + + + sbeattie| introduced in 321548010578d6ff7bbf2e5ce8a550008b131423 (15.1.0, backported to 14.2.5) mdeslaur> fixed in 15.2.7-0ubuntu0.20.04.1 in focal-updates, and mdeslaur> 15.2.7-0ubuntu0.20.10.1 in groovy-updates, but not yet in mdeslaur> security pocket. + + + + + + + + + CVE-2020-25661 on Ubuntu 20.04 (focal) - negligible. + A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-11-05 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25661.html + https://access.redhat.com/security/cve/CVE-2020-25661 + + + + + + + + + + CVE-2020-25662 on Ubuntu 20.04 (focal) - negligible. + A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-11-05 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25662.html + https://access.redhat.com/security/cve/CVE-2020-25662 + + + + + + + + + + CVE-2020-25692 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 01:15:00 UTC + 2020-10-30 00:00:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9370 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25692.html + https://ubuntu.com/security/notices/USN-4622-1 + https://ubuntu.com/security/notices/USN-4622-2 + + + + + + + + + + CVE-2020-25709 on Ubuntu 20.04 (focal) - medium. + A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-18 12:15:00 UTC + 2020-11-13 00:00:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9383 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25709.html + https://ubuntu.com/security/notices/USN-4634-1 + https://ubuntu.com/security/notices/USN-4634-2 + + + + + + + + + + CVE-2020-25710 on Ubuntu 20.04 (focal) - medium. + A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 11:15:00 UTC + 2020-11-13 00:00:00 UTC + mdeslaur + https://bugs.openldap.org/show_bug.cgi?id=9384 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25710.html + https://ubuntu.com/security/notices/USN-4634-1 + https://ubuntu.com/security/notices/USN-4634-2 + + + + + + + + + + CVE-2020-25712 on Ubuntu 20.04 (focal) - medium. + A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + 2020-12-01 + mdeslaur + Jan-Niklas Sohn + 2020-12-01 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-25712.html + https://www.openwall.com/lists/oss-security/2020/12/01/3 + https://ubuntu.com/security/notices/USN-4656-1 + https://ubuntu.com/security/notices/USN-4656-2 + + + + mdeslaur> xorg server is actually the xorg-server package mdeslaur> the xorg package only contains docs amurray| ZDI-CAN-11839 mdeslaur> cd5547444de39e3ebde1e8b88342fa8e0113040b + + + + + + + + + CVE-2020-26154 on Ubuntu 20.04 (focal) - medium. + url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-30 18:15:00 UTC + 2020-09-30 18:15:00 UTC + leosilva + Li Fei + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968366 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26154.html + https://ubuntu.com/security/notices/USN-4673-1 + + + + + + + + + + CVE-2020-26262 on Ubuntu 20.04 (focal) - medium. + Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-13 19:15:00 UTC + 2021-01-11 00:00:00 UTC + pfsmorigo + 2021-01-11 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-26262.html + https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p + https://ubuntu.com/security/notices/USN-4690-1 + + + + pfsmorigo| Tested vulnerable versions: 4.5.1.3 + + + + + + + + + CVE-2020-2655 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled CertificateVerify TLS handshake messages. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean, and Robert Merget + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-2655 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2655.html + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4257-1 + + + + sbeattie> opnejdk 11 and newer + + + + + + + + + + + + CVE-2020-2659 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). It was discovered that OpenJDK incorrectly enforced the limit of datagram sockets that can be created by a code running within Java sandbox. An attacker could possibly use this issue to bypass the sandbox restrictions causing a denial of service. This issue only affected OpenJDK 8. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-15 17:15:00 UTC + 2020-01-15 17:15:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-2659 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2659.html + https://www.oracle.com/security-alerts/cpujan2020.html + https://ubuntu.com/security/notices/USN-4257-1 + + + + sbeattie> openjdk 8 and earlier + + + + + + + + + CVE-2020-27066 on Ubuntu 20.04 (focal) - medium. + In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + https://bugzilla.suse.com/show_bug.cgi?id=1180098 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27066.html + https://source.android.com/security/bulletin/pixel/2020-12-01 + + + + sbeattie| unclear what issue/kernel commit google is referencing here. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27067 on Ubuntu 20.04 (focal) - medium. + In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27067.html + https://source.android.com/security/bulletin/pixel/2020-12-01 + https://salsa.debian.org/kernel-team/kernel-sec/-/blob/master/retired/CVE-2020-27067 + + + + sbeattie| see salsa link for 4.9 stable commits. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27068 on Ubuntu 20.04 (focal) - medium. + In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-119770583 + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27068.html + https://git.kernel.org/linus/ea75080110a4c1fa011b0a73cb8f42227143ee3e + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27152 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9. It was discovered that the KVM hypervisor in the Linux kernel did not properly handle interrupts in certain situations. A local attacker in a guest VM could possibly use this to cause a denial of service (host system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 08:15:00 UTC + 2020-11-06 08:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27152.html + https://bugzilla.redhat.com/show_bug.cgi?id=1888886 + https://bugzilla.kernel.org/show_bug.cgi?id=208767 + https://www.openwall.com/lists/oss-security/2020/11/03/1 + https://ubuntu.com/security/notices/USN-4659-1 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27194 on Ubuntu 20.04 (focal) - high. + An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. Simon Scannell discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information (kernel memory) or gain administrative privileges. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-10-16 21:15:00 UTC + 2020-10-16 21:15:00 UTC + Simon Scannell + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27194.html + https://git.kernel.org/linus/5b9fbeb75b6a98955f628e205ac26689bcb1383e + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.15 + https://github.com/torvalds/linux/commit/5b9fbeb75b6a98955f628e205ac26689bcb1383e + https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/ + https://ubuntu.com/security/notices/USN-4626-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-2732 on Ubuntu 20.04 (focal) - medium. + A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-08 22:15:00 UTC + 2020-02-24 18:00:00 UTC + Paulo Bonzini + 2020-02-24 18:00:00 UTC + https://bugzilla.redhat.com/show_bug.cgi?id=1805135 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2732.html + https://www.spinics.net/lists/kvm/msg208259.html + https://www.openwall.com/lists/oss-security/2020/02/25/4 + https://ubuntu.com/security/notices/USN-4300-1 + https://ubuntu.com/security/notices/USN-4301-1 + https://ubuntu.com/security/notices/USN-4302-1 + https://ubuntu.com/security/notices/USN-4303-1 + https://ubuntu.com/security/notices/USN-4303-2 + + + + sbeattie> only systems running Intel processors are affected. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27347 on Ubuntu 20.04 (focal) - medium. + In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 03:15:00 UTC + 2020-11-04 00:00:00 UTC + leosilva + Sergey Nizovtsev + https://bugzilla.redhat.com/show_bug.cgi?id=1893339 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27347.html + https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES + https://ubuntu.com/security/notices/USN-4618-1 + + + + amurray| Affects tmux versions >= 2.9 + + + + + + + + + CVE-2020-27349 on Ubuntu 20.04 (focal) - medium. + Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-09 04:15:00 UTC + 2020-12-08 + mdeslaur + Kevin Backhouse + 2020-12-08 + https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1899193 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27349.html + https://ubuntu.com/security/notices/USN-4664-1 + + + + + + + + + + CVE-2020-27350 on Ubuntu 20.04 (focal) - medium. + APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1; + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-10 04:15:00 UTC + 2020-12-09 + mdeslaur + Kevin Backhouse + 2020-12-09 + https://bugs.launchpad.net/bugs/1899193 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27350.html + https://ubuntu.com/security/notices/USN-4667-1 + https://ubuntu.com/security/notices/USN-4667-2 + + + + + + + + + + CVE-2020-27351 on Ubuntu 20.04 (focal) - medium. + Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1; + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-10 04:15:00 UTC + 2020-12-09 + mdeslaur + Kevin Backhouse + 2020-12-09 + https://bugs.launchpad.net/bugs/1899193 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27351.html + https://ubuntu.com/security/notices/USN-4668-1 + https://ubuntu.com/security/notices/USN-4668-4 + + + + + + + + + + CVE-2020-27352 on Ubuntu 20.04 (focal) - high. + When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended. Gilad Reti and Nimrod Stoler discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 + 2021-02-10 + amurray + Gilad Reti and Nimrod Stoler + 2021-02-10 + https://bugs.launchpad.net/snapd/+bug/1910456 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27352.html + https://github.com/docker-snap/docker-snap/security/advisories/GHSA-798c-v3jq-h646 + https://ubuntu.com/security/notices/USN-4728-1 + + + + + + + + + + CVE-2020-2754 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2754.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + + + + + + + + + + + CVE-2020-2755 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2755.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + + + + + + + + + + + CVE-2020-2756 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2756.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + + + + + + + + + + + CVE-2020-27560 on Ubuntu 20.04 (focal) - negligible. + ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. + + Ubuntu 20.04 + + + + Negligible + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 14:15:00 UTC + 2020-10-22 14:15:00 UTC + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972797 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27560.html + https://ubuntu.com/security/notices/USN-4670-1 + + + + + + + + + + CVE-2020-2757 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2757.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + + + + + + + + + + + CVE-2020-27616 on Ubuntu 20.04 (focal) - low. + ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 08:15:00 UTC + 2020-11-06 08:15:00 UTC + mdeslaur + Gaoning Pan + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27616.html + https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06080.html + https://www.openwall.com/lists/oss-security/2020/11/03/2 + https://ubuntu.com/security/notices/USN-4650-1 + + + + + + + + + + CVE-2020-27638 on Ubuntu 20.04 (focal) - medium. + receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 13:15:00 UTC + 2020-10-22 13:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972521 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27638.html + https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea + https://bugs.debian.org/972521 + https://fastd.readthedocs.io/en/stable/releases/v21.html + https://ubuntu.com/security/notices/USN-4610-1 + https://ubuntu.com/security/notices/USN-4718-1 + + + + + + + + + + CVE-2020-2767 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2767.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + sbeattie> only affects openjdk 11 and 14 + + + + + + + + + + + + CVE-2020-2773 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2773.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + + + + + + + + + + + CVE-2020-27748 on Ubuntu 20.04 (focal) - low. + A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-06-01 14:15:00 UTC + 2020-11-24 00:00:00 UTC + leosilva + Jens Mueller + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975370 + https://bugzilla.redhat.com/show_bug.cgi?id=1899769 + https://bugzilla.mozilla.org/show_bug.cgi?id=1613425 + https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177 + https://bugs.launchpad.net/ubuntu/+source/xdg-utils/+bug/1909941 (regression) + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27748.html + https://ubuntu.com/security/notices/USN-4649-1 + + + + leosilva> the patch was made in a stable release removing the leosilva> functionality of --attach in thuderbird and other applications leosilva> we decided to mark it as ignored since it causes regression cross applications. leosilva> Also, considers it not as medium since the attach ability requires users permissions. + + + + + + + + + CVE-2020-27777 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. Daniel Axtens discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations. A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-15 17:15:00 UTC + 2020-12-15 17:15:00 UTC + Daniel Axtens + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27777.html + https://git.kernel.org/linus/bd59380c5ba4147dcbaad3e582b55ccfd120b764 + https://lkml.org/lkml/2020/12/8/950 + https://ubuntu.com/security/notices/USN-4679-1 + https://ubuntu.com/security/notices/USN-4680-1 + https://ubuntu.com/security/notices/USN-4708-1 + https://ubuntu.com/security/notices/USN-4751-1 + + + + sbeattie| fix needs typo correction from lkml link in refs + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27778 on Ubuntu 20.04 (focal) - low. + A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + 2020-11-25 00:00:00 UTC + mdeslaur + https://gitlab.freedesktop.org/poppler/poppler/-/issues/742 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27778.html + https://ubuntu.com/security/notices/USN-4646-1 + + + + + + + + + + CVE-2020-2778 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2778.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + sbeattie> only affects openjdk-11 and newer + + + + + + + + + + + + CVE-2020-27783 on Ubuntu 20.04 (focal) - medium. + A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-03 17:15:00 UTC + 2020-12-03 17:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27783.html + https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e (lxml-4.6.1) + https://ubuntu.com/security/notices/USN-4666-1 + https://ubuntu.com/security/notices/USN-4666-2 + + + + sbeattie| according to lxml upstream, first commit does not fix completely, second commit is needed/fixes issue better. + + + + + + + + + CVE-2020-27786 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 05:15:00 UTC + cascardo + ADLab of venustech + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27786.html + https://www.openwall.com/lists/oss-security/2020/12/01/1 + + + + cascardo> commit 39675f7a7c7e7702f7d5341f1e0d01db746543a0 would be a pre-req. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-2781 on Ubuntu 20.04 (focal) - low. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2781.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + + + + + + + + + + + CVE-2020-27821 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-08 22:15:00 UTC + 2020-12-08 22:15:00 UTC + Alexander Bulekov + https://bugzilla.redhat.com/show_bug.cgi?id=1902651 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27821.html + https://ubuntu.com/security/notices/USN-4725-1 + + + + mdeslaur> exec.c in earlier releases + + + + + + + + + CVE-2020-27825 on Ubuntu 20.04 (focal) - medium. + A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-11 19:15:00 UTC + Adam Zabrocki + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27825.html + https://github.com/torvalds/linux/commit/bbeb97464eefc65f506084fd9f18f21653e01137#diff-446a57a3a8781d7d3fb410eb7162dd2002dd363bf1ea936c4fd10397660033e0 + https://www.openwall.com/lists/oss-security/2020/12/11/1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-27827 on Ubuntu 20.04 (focal) - medium. + A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-18 17:15:00 UTC + 2021-01-13 + mdeslaur + Jonas Rudloff + 2021-01-13 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27827.html + https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html + https://ubuntu.com/security/notices/USN-4691-1 + + + + + + + + + + CVE-2020-27840 on Ubuntu 20.04 (focal) - high. + A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-05-12 15:15:00 UTC + 2021-03-24 + mdeslaur + Douglas Bagnall + 2021-03-24 + https://bugzilla.samba.org/show_bug.cgi?id=14595 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-27840.html + https://www.samba.org/samba/security/CVE-2020-27840.html + https://ubuntu.com/security/notices/USN-4888-1 + https://ubuntu.com/security/notices/USN-4888-2 + + + + mdeslaur> This issue is actually in the ldb package, the samba package mdeslaur> uses the system ldb library, not the included one + + + + + + + + + CVE-2020-2800 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2800.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + + + + + + + + + + + CVE-2020-2803 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2803.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + + + + + + + + + + + CVE-2020-2805 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2805.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + + + + + + + + + + + CVE-2020-2816 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2816.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + sbeattie> only affects openjdk-11 and newer + + + + + + + + + + + + CVE-2020-28196 on Ubuntu 20.04 (focal) - medium. + MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-06 08:15:00 UTC + 2020-11-06 08:15:00 UTC + leosilva + Demi Obenour + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973880 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28196.html + https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html + https://ubuntu.com/security/notices/USN-4635-1 + + + + + + + + + + CVE-2020-2830 on Ubuntu 20.04 (focal) - medium. + Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-15 14:15:00 UTC + 2020-04-15 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2830.html + https://www.oracle.com/security-alerts/cpuapr2020.html + https://ubuntu.com/security/notices/USN-4337-1 + + + + + + + + + + + + + + CVE-2020-28374 on Ubuntu 20.04 (focal) - high. + In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-01-13 04:15:00 UTC + 2021-01-12 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28374.html + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2896c93811e39d63a4d9b63ccf12a8fbc226e5e4 + https://github.com/open-iscsi/tcmu-runner/pull/644 + https://ubuntu.com/security/notices/USN-4694-1 + https://ubuntu.com/security/notices/USN-4713-1 + https://ubuntu.com/security/notices/USN-4711-1 + https://ubuntu.com/security/notices/USN-4709-1 + https://ubuntu.com/security/notices/USN-4713-2 + https://ubuntu.com/security/notices/USN-4753-1 + https://ubuntu.com/security/notices/USN-4901-1 + + + + sbeattie> MITIGATION XCOPY support is enabled by default, but can be disabled via: echo 0 > /sys/kernel/config/target/core/<backstore>/<name>/attrib/emulate_3pc or targetcli /backstores/<backstore>/<name> set attribute emulate_3pc=0 . This workaround does *not* affect XCOPY requests sent to tcmu-runner based backstores. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-28476 on Ubuntu 20.04 (focal) - medium. + ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-23336. Reason: This candidate is a reservation duplicate of CVE-2021-23336. Notes: All CVE users should reference CVE-2021-23336 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-18 12:15:00 UTC + https://github.com/tornadoweb/tornado/issues/2981 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28476.html + https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ + https://snyk.io/vuln/SNYK-PYTHON-TORNADO-1017109 + + + + mdeslaur> per tornado developers, this isn't an issue in tornado itself, mdeslaur> but in the python standard library. mdeslaur> as of 2021-01-29, no details on possible fix from upstream + + + + + + + + + + + + CVE-2020-28916 on Ubuntu 20.04 (focal) - medium. + hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 07:15:00 UTC + 2020-12-04 07:15:00 UTC + Cheol-woo Myung + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28916.html + https://www.openwall.com/lists/oss-security/2020/12/01/2 + https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03011.html + https://ubuntu.com/security/notices/USN-4725-1 + + + + + + + + + + CVE-2020-28926 on Ubuntu 20.04 (focal) - medium. + ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-30 18:15:00 UTC + 2020-11-30 18:15:00 UTC + pfsmorigo + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-28926.html + https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/ + https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a (v1_3_0) + https://sourceforge.net/projects/minidlna/ + https://ubuntu.com/security/notices/USN-4722-1 + + + + + + + + + + CVE-2020-29361 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-16 14:15:00 UTC + 2020-12-16 14:15:00 UTC + mdeslaur + David Cook + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29361.html + https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html + https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2 + https://ubuntu.com/security/notices/USN-4677-1 + https://ubuntu.com/security/notices/USN-4677-2 + + + + + + + + + + CVE-2020-29363 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-16 14:15:00 UTC + 2020-12-16 14:15:00 UTC + mdeslaur + David Cook + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29363.html + https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html + https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x + https://ubuntu.com/security/notices/USN-4677-1 + + + + + + + + + + CVE-2020-29368 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. Jann Horn discovered a race condition in the copy-on-write implementation in the Linux kernel when handling hugepages. A local attacker could use this to gain unintended write access to read-only memory pages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-28 07:15:00 UTC + 2020-11-28 07:15:00 UTC + Jann Horn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29368.html + https://git.kernel.org/linus/c444eb564fb16645c172d550359cb3d75fe8a040 + https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040 + https://ubuntu.com/security/notices/USN-4752-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29370 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-28 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29370.html + https://git.kernel.org/linus/fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 + https://bugs.chromium.org/p/project-zero/issues/detail?id=2022 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29372 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. Jann Horn discovered that a race condition existed in the madvise implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-28 07:15:00 UTC + Jann Horn + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29372.html + https://git.kernel.org/linus/bc0c4d1e176eeb614dc8734fc3ace34292771f11 + https://bugs.chromium.org/p/project-zero/issues/detail?id=2029 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0c4d1e176eeb614dc8734fc3ace34292771f11 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29373 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-28 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29373.html + https://git.kernel.org/linus/ff002b30181d30cdfbca316dadd099c3ca0d739c + https://bugs.chromium.org/p/project-zero/issues/detail?id=2011 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff002b30181d30cdfbca316dadd099c3ca0d739c + + + + cascardo> using the commit that introduced io_uring, though the earlier commit would be one that introduces io_uring sendmsg support. However, any other commits introducing other operations would be vulnerable. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29374 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-28 07:15:00 UTC + 2020-11-28 07:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29374.html + https://git.kernel.org/linus/17839856fd588f4ab6b789f482ed3ffd7c403e1f + https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 + https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f + https://ubuntu.com/security/notices/USN-4748-1 + https://ubuntu.com/security/notices/USN-4749-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-29385 on Ubuntu 20.04 (focal) - medium. + GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-26 02:15:00 UTC + 2020-12-08 + mdeslaur + Melvin Kool + https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29385.html + https://mail.gnome.org/archives/distributor-list/2020-December/msg00000.html + https://ubuntu.com/security/notices/USN-4663-1 + + + + mdeslaur> per upstream bug, gdk-pixbuf < 2.39.2 is not vulnerable + + + + + + + + + CVE-2020-29565 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-04 08:15:00 UTC + 2020-12-04 08:15:00 UTC + mdeslaur + Pritam Singh + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-29565.html + https://bugs.launchpad.net/horizon/+bug/1865026 + https://review.opendev.org/c/openstack/horizon/+/758841/ + https://review.opendev.org/c/openstack/horizon/+/758843/ + https://ubuntu.com/security/notices/USN-4675-1 + + + + + + + + + + CVE-2020-3327 on Ubuntu 20.04 (focal) - medium. + A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-13 03:15:00 UTC + 2020-05-13 03:15:00 UTC + mdeslaur + https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1888160 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3327.html + https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html + https://ubuntu.com/security/notices/USN-4370-1 + https://ubuntu.com/security/notices/USN-4370-2 + https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html + https://ubuntu.com/security/notices/USN-4435-1 + https://ubuntu.com/security/notices/USN-4435-2 + + + + amurray| The previous fix for this CVE in version 0.102.3 was incomplete. + + + + + + + + + CVE-2020-3341 on Ubuntu 20.04 (focal) - medium. + A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-13 03:15:00 UTC + 2020-05-13 03:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3341.html + https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html + https://ubuntu.com/security/notices/USN-4370-1 + https://ubuntu.com/security/notices/USN-4370-2 + + + + + + + + + + CVE-2020-3350 on Ubuntu 20.04 (focal) - medium. + A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-18 03:15:00 UTC + 2020-06-18 03:15:00 UTC + mdeslaur + https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1888160 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3350.html + https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html + https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy + https://ubuntu.com/security/notices/USN-4435-1 + https://ubuntu.com/security/notices/USN-4435-2 + + + + + + + + + + CVE-2020-3481 on Ubuntu 20.04 (focal) - medium. + A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-07-20 18:15:00 UTC + 2020-07-20 18:15:00 UTC + mdeslaur + https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1888160 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3481.html + https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html + https://ubuntu.com/security/notices/USN-4435-1 + https://ubuntu.com/security/notices/USN-4435-2 + + + + + + + + + + CVE-2020-35494 on Ubuntu 20.04 (focal) - low. + There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-04 15:15:00 UTC + https://sourceware.org/bugzilla/show_bug.cgi?id=25319 + https://bugzilla.redhat.com/show_bug.cgi?id=1911439 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35494.html + + + + + + + + + + CVE-2020-35498 on Ubuntu 20.04 (focal) - medium. + A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-11 18:15:00 UTC + 2021-02-10 + mdeslaur + Joakim Hindersson + 2021-02-10 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35498.html + https://ubuntu.com/security/notices/USN-4729-1 + + + + + + + + + + CVE-2020-35499 on Ubuntu 20.04 (focal) - medium. + A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-19 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35499.html + https://bugzilla.redhat.com/show_bug.cgi?id=1910048 + https://git.kernel.org/linus/f6b8c6b5543983e9de29dc14716bfa4eb3f157c4 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-35502 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 19:15:00 UTC + 2020-12-31 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35502.html + https://www.openwall.com/lists/oss-security/2021/02/03/3 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=bbd53f1010b + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=4490d451f9b + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2020-35513 on Ubuntu 20.04 (focal) - low. + A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:15:00 UTC + Lucash Stach + https://bugzilla.redhat.com/show_bug.cgi?id=1911309 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35513.html + https://git.kernel.org/linus/880a3a5325489a143269a8e172e7563ebf9897bc + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-35733 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-15 14:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980199 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35733.html + https://erlang.org/pipermail/erlang-questions/2021-January/100357.html + + + + + + + + + + CVE-2020-35738 on Ubuntu 20.04 (focal) - medium. + WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-28 04:15:00 UTC + 2020-12-28 04:15:00 UTC + leosilva + https://github.com/dbry/WavPack/issues/91 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-35738.html + https://ubuntu.com/security/notices/USN-4682-1 + + + + + + + + + + CVE-2020-36193 on Ubuntu 20.04 (focal) - medium. + Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-18 20:15:00 UTC + 2021-01-18 20:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980428 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36193.html + https://ubuntu.com/security/notices/USN-4723-1 + + + + + + + + + + CVE-2020-36241 on Ubuntu 20.04 (focal) - medium. + autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-05 14:15:00 UTC + 2021-02-05 14:15:00 UTC + mdeslaur + Yiğit Can Yılmaz + https://bugs.launchpad.net/ubuntu/+source/gnome-autoar/+bug/1901240 + https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36241.html + https://ubuntu.com/security/notices/USN-4733-1 + + + + + + + + + + CVE-2020-36242 on Ubuntu 20.04 (focal) - medium. + In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-07 20:15:00 UTC + mdeslaur + Anders Wenhaug + https://github.com/pyca/cryptography/issues/5615 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36242.html + https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst + https://github.com/pyca/cryptography/compare/3.3.1...3.3.2 + + + + mdeslaur> Versions in groovy and earlier don't support chunking in mdeslaur> update_into. Attempting reproducer on groovy and focal errors mdeslaur> out with: mdeslaur> OverflowError: integer 4294967296 does not fit '32-bit int' mdeslaur> which seems to indicate there is a size check being performed mdeslaur> and they aren't vulnerable to this issue. + + + + + + + + + CVE-2020-36314 on Ubuntu 20.04 (focal) - medium. + fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-07 12:15:00 UTC + 2021-04-07 12:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-36314.html + https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae + https://gitlab.gnome.org/GNOME/file-roller/-/issues/108 + https://ubuntu.com/security/notices/USN-4927-1 + + + + + + + + + + CVE-2020-3810 on Ubuntu 20.04 (focal) - medium. + Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-15 14:15:00 UTC + 2020-05-12 20:00:00 UTC + amurray + https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1878177 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3810.html + https://github.com/Debian/apt/issues/111 + https://github.com/julian-klode/apt/commit/de4efadc3c92e26d37272fd310be148ec61dcf36 + https://salsa.debian.org/jak/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6 + https://ubuntu.com/security/notices/USN-4359-1 + https://ubuntu.com/security/notices/USN-4359-2 + + + + + + + + + + CVE-2020-3811 on Ubuntu 20.04 (focal) - medium. + qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 13:15:00 UTC + 2020-05-26 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961060 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3811.html + https://www.openwall.com/lists/oss-security/2020/05/19/8 + https://ubuntu.com/security/notices/USN-4556-1 + https://ubuntu.com/security/notices/USN-4621-1 + + + + + + + + + + CVE-2020-3812 on Ubuntu 20.04 (focal) - medium. + qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this vulnerability to cause netqmail to disclose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-26 13:15:00 UTC + 2020-05-26 13:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961060 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3812.html + https://www.openwall.com/lists/oss-security/2020/05/198 + https://ubuntu.com/security/notices/USN-4556-1 + https://ubuntu.com/security/notices/USN-4621-1 + + + + + + + + + + CVE-2020-3898 on Ubuntu 20.04 (focal) - medium. + A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-22 18:15:00 UTC + 2020-04-21 + mdeslaur + Stephan Zeisberg + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-3898 + https://bugzilla.redhat.com/show_bug.cgi?id=1826330 + https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-3898 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-3898.html + https://support.apple.com/en-us/HT211100 + https://ubuntu.com/security/notices/USN-4340-1 + + + + sbeattie> as of 2020-04-20, does not appear to have landed upstream + + + + + + + + + CVE-2020-4031 on Ubuntu 20.04 (focal) - medium. + In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 22:15:00 UTC + 2020-06-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4031.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g + http://www.freerdp.com/2020/06/22/2_1_2-released + https://github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52 + https://ubuntu.com/security/notices/USN-4481-1 + + + + + + + + + + CVE-2020-4032 on Ubuntu 20.04 (focal) - medium. + In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-22 22:15:00 UTC + 2020-06-22 22:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4032.html + https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc + http://www.freerdp.com/2020/06/22/2_1_2-released + https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296 + https://ubuntu.com/security/notices/USN-4481-1 + + + + + + + + + + CVE-2020-4067 on Ubuntu 20.04 (focal) - medium. + In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-29 20:15:00 UTC + 2020-06-29 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4067.html + https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm + https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a + https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15 + https://github.com/coturn/coturn/issues/583 + https://www.debian.org/security/2020/dsa-4711 + https://ubuntu.com/security/notices/USN-4415-1 + + + + + + + + + + CVE-2020-4788 on Ubuntu 20.04 (focal) - medium. + IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-20 04:15:00 UTC + 2020-11-19 23:00:00 UTC + 2020-11-19 23:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1899573 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-4788.html + https://exchange.xforce.ibmcloud.com/vulnerabilities/189296 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dda3f4252e6c8b833a2ef164afd3da9808d0f07c + https://ubuntu.com/security/notices/USN-4657-1 + https://ubuntu.com/security/notices/USN-4658-1 + https://ubuntu.com/security/notices/USN-4659-1 + https://ubuntu.com/security/notices/USN-4660-1 + https://ubuntu.com/security/notices/USN-4681-1 + + + + sbeattie| Power9 support landed in ~4.9 timeframe + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-5247 on Ubuntu 20.04 (focal) - medium. + In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-28 17:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952766 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5247.html + https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v + https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3) + https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2) + https://owasp.org/www-community/attacks/HTTP_Response_Splitting + https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254 + + + + + + + + + + CVE-2020-5249 on Ubuntu 20.04 (focal) - medium. + In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-02 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5249.html + https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58 + https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3 + https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v + https://owasp.org/www-community/attacks/HTTP_Response_Splitting + + + + + + + + + + CVE-2020-5291 on Ubuntu 20.04 (focal) - low. + Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-03-31 18:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955441 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5291.html + https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj + + + + seth-arnold> Bubblewrap isn't installed setuid by default on Ubuntu mdeslaur> introduced in 0.4.0 + + + + + + + + + CVE-2020-5963 on Ubuntu 20.04 (focal) - medium. + NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure. Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-25 00:15:00 UTC + 2020-06-24 + albertomilone + Thomas E. Carroll + 2020-06-24 + https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-440/+bug/1882093 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5963.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5031 + https://ubuntu.com/security/notices/USN-4404-1 + https://ubuntu.com/security/notices/USN-4404-2 + + + + + + + + + + + + + CVE-2020-5967 on Ubuntu 20.04 (focal) - medium. + NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service. It was discovered that the UVM driver in the NVIDIA graphics driver contained a race condition. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-25 22:15:00 UTC + 2020-06-24 + albertomilone + 2020-06-24 + https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-440/+bug/1882093 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5967.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5031 + https://ubuntu.com/security/notices/USN-4404-1 + https://ubuntu.com/security/notices/USN-4404-2 + + + + + + + + + + + + + CVE-2020-5973 on Ubuntu 20.04 (focal) - medium. + NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). It was discovered that the NVIDIA virtual GPU guest drivers contained an unspecified vulnerability that could potentially lead to privileged operation execution. An attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-30 23:15:00 UTC + 2020-06-24 + albertomilone + 2020-06-24 + https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-440/+bug/1882093 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5973.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5031 + https://ubuntu.com/security/notices/USN-4404-1 + https://ubuntu.com/security/notices/USN-4404-2 + + + + + + + + + + + + + CVE-2020-6061 on Ubuntu 20.04 (focal) - medium. + An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-19 19:15:00 UTC + 2020-02-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6061.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984 + https://github.com/coturn/coturn/commit/51a7c2b9bf924890c7a3ff4db9c4976c5a93340a + https://ubuntu.com/security/notices/USN-4415-1 + + + + + + + + + + CVE-2020-6062 on Ubuntu 20.04 (focal) - medium. + An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-19 19:15:00 UTC + 2020-02-19 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6062.html + https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985 + https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8 + https://ubuntu.com/security/notices/USN-4415-1 + + + + + + + + + + CVE-2020-6750 on Ubuntu 20.04 (focal) - low. + GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-09 20:15:00 UTC + https://gitlab.gnome.org/GNOME/glib/issues/1989 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948554 + https://bugzilla.suse.com/show_bug.cgi?id=1160668 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6750.html + + + + mdeslaur> issue introduced in 2.60 + + + + + + + + + CVE-2020-6819 on Ubuntu 20.04 (focal) - high. + Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 16:15:00 UTC + 2020-04-03 + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6819.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819 + https://ubuntu.com/security/notices/USN-4317-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-6820 on Ubuntu 20.04 (focal) - high. + Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-04-24 16:15:00 UTC + 2020-04-03 00:00:00 UTC + chrisccoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6820.html + https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820 + https://ubuntu.com/security/notices/USN-4317-1 + https://ubuntu.com/security/notices/USN-4328-1 + https://ubuntu.com/security/notices/USN-4335-1 + + + + tyhicks> mozjs contains a copy of the SpiderMonkey JavaScript engine + + + + + + + + + + + + CVE-2020-6829 on Ubuntu 20.04 (focal) - medium. + When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-28 12:15:00 UTC + 2020-08-05 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6829.html + https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes + https://ubuntu.com/security/notices/USN-4455-1 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-6829 + https://ubuntu.com/security/notices/USN-4474-1 + + + + leosilva> same fix/patches of CVE-2020-12400 + + + + + + + + + + + + CVE-2020-7040 on Ubuntu 20.04 (focal) - medium. + storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 21:15:00 UTC + 2020-01-21 21:15:00 UTC + Matthias Gerstner + https://bugzilla.suse.com/show_bug.cgi?id=1156767 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7040.html + https://www.openwall.com/lists/oss-security/2020/01/20/3 + https://ubuntu.com/security/notices/USN-4508-1 + + + + + + + + + + CVE-2020-7053 on Ubuntu 20.04 (focal) - medium. + In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-14 21:15:00 UTC + 2020-01-14 18:00:00 UTC + Quan Luo and ycq + 2020-01-14 18:00:00 UTC + https://bugs.launchpad.net/bugs/1859522 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7053.html + https://ubuntu.com/security/notices/USN-4255-1 + https://ubuntu.com/security/notices/USN-4255-2 + https://ubuntu.com/security/notices/USN-4285-1 + https://ubuntu.com/security/notices/USN-4287-1 + https://ubuntu.com/security/notices/USN-4287-2 + + + + tyhicks> This issue only affects systems with Intel Graphics Processing Units (GPUs) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-7064 on Ubuntu 20.04 (focal) - medium. + In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 04:15:00 UTC + 2020-04-01 04:15:00 UTC + leosilva + https://bugs.php.net/bug.php?id=79282 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7064.html + http://git.php.net/?p=php-src.git;a=commit;h=0c77b4307df73217283a4aaf9313e1a33a0967ff + https://ubuntu.com/security/notices/USN-4330-1 + https://ubuntu.com/security/notices/USN-4330-2 + + + + sbeattie> PEAR issues should go against php-pear as of xenial + + + + + + + + + CVE-2020-7065 on Ubuntu 20.04 (focal) - medium. + In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 04:15:00 UTC + 2020-04-01 04:15:00 UTC + leosilva + https://bugs.php.net/bug.php?id=79371 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7065.html + http://git.php.net/?p=php-src.git;a=commitdiff;h=69155120e68d2e614d5c300974a1a5610cfa2e8b;hp=e2b5f18896ca4169859c8ca058a9926aad6e3763 + https://ubuntu.com/security/notices/USN-4330-1 + https://ubuntu.com/security/notices/USN-4330-2 + + + + sbeattie> PEAR issues should go against php-pear as of xenial + + + + + + + + + CVE-2020-7066 on Ubuntu 20.04 (focal) - medium. + In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-01 04:15:00 UTC + 2020-04-01 04:15:00 UTC + leosilva + https://bugs.php.net/bug.php?id=79329 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7066.html + http://git.php.net/?p=php-src.git;a=commit;h=a33d05b1474caee449b88f53d61bee720c57caf7 + https://ubuntu.com/security/notices/USN-4330-1 + https://ubuntu.com/security/notices/USN-4330-2 + + + + sbeattie> PEAR issues should go against php-pear as of xenial leosilva> php5 in precise is 5.3 and does not support the Zend API leosilva> needed to fix this issue. Since backport this is to leosilva> intrusive, marking it as ignored for precise/esm. + + + + + + + + + CVE-2020-7069 on Ubuntu 20.04 (focal) - medium. + In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 15:15:00 UTC + 2020-10-02 15:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7069.html + https://git.php.net/?p=php-src.git;a=commit;h=0216630ea2815a5789a24279a1211ac398d4de79 + https://bugs.php.net/bug.php?id=79601 + https://ubuntu.com/security/notices/USN-4583-1 + https://ubuntu.com/security/notices/USN-4583-2 + + + + sbeattie> PEAR issues should go against php-pear as of xenial + + + + + + + + + CVE-2020-7070 on Ubuntu 20.04 (focal) - medium. + In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-02 15:15:00 UTC + 2020-10-02 15:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7070.html + https://git.php.net/?p=php-src.git;a=commit;h=6559fe912661ca5ce5f0eeeb591d928451428ed0 + http://cve.circl.lu/cve/CVE-2020-8184 + https://bugs.php.net/bug.php?id=79699 + https://hackerone.com/reports/895727 + https://ubuntu.com/security/notices/USN-4583-1 + https://ubuntu.com/security/notices/USN-4583-2 + + + + sbeattie> PEAR issues should go against php-pear as of xenial + + + + + + + + + CVE-2020-7212 on Ubuntu 20.04 (focal) - medium. + The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-03-06 20:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7212.html + https://github.com/urllib3/urllib3/pull/1787 + https://github.com/urllib3/urllib3/blob/master/CHANGES.rst + https://pypi.org/project/urllib3/1.25.8/ + https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a + + + + leosilva> Introduced by a74c9cfbaed9f811e7563cfc3dce894928e0221a leosilva> fixed by a2697e7c6b275f05879b60f593c5854a816489f0 leosilva> Introduced in 1.25.2 and fixed in 1.25.8 + + + + + + + + + CVE-2020-7595 on Ubuntu 20.04 (focal) - low. + xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-21 23:15:00 UTC + 2020-01-21 23:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7595.html + https://ubuntu.com/security/notices/USN-4274-1 + + + + + + + + + + CVE-2020-7656 on Ubuntu 20.04 (focal) - low. + jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7656.html + https://snyk.io/vuln/SNYK-JS-JQUERY-569619 + + + + mdeslaur> This is likely an intrusive, backwards-incompatible change that mdeslaur> may break existing software. We will not be fixing this issue mdeslaur> in stable Ubuntu releases. + + + + + + + + + CVE-2020-7981 on Ubuntu 20.04 (focal) - untriaged. + sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. + + Ubuntu 20.04 + + + + Untriaged + Copyright (C) 2020 Canonical Ltd. + 2020-01-25 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949870 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7981.html + https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 + https://github.com/alexreisner/geocoder/compare/v1.6.0...v1.6.1 + + + + + + + + + + CVE-2020-8002 on Ubuntu 20.04 (focal) - low. + A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-01-27 05:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949954 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8002.html + + + + + + + + + + CVE-2020-8131 on Ubuntu 20.04 (focal) - medium. + Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-24 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8131.html + https://hackerone.com/reports/730239 + + + + + + + + + + CVE-2020-8169 on Ubuntu 20.04 (focal) - medium. + curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 20:15:00 UTC + 2020-06-24 + mdeslaur + Marek Szlagor, Gregory Jefferis and Jeroen Ooms + 2020-06-24 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8169.html + https://ubuntu.com/security/notices/USN-4402-1 + + + + mdeslaur> introduced in 7.62.0 + + + + + + + + + CVE-2020-8177 on Ubuntu 20.04 (focal) - medium. + curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 20:15:00 UTC + 2020-06-24 + mdeslaur + 2020-06-24 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8177.html + https://ubuntu.com/security/notices/USN-4402-1 + + + + mdeslaur> introduced in 7.20.0 + + + + + + + + + CVE-2020-8231 on Ubuntu 20.04 (focal) - low. + Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 20:15:00 UTC + 2020-08-19 + mdeslaur + Marc Aldorasi + 2020-08-19 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8231.html + https://curl.haxx.se/docs/CVE-2020-8231.html + https://ubuntu.com/security/notices/USN-4466-1 + https://ubuntu.com/security/notices/USN-4466-2 + https://ubuntu.com/security/notices/USN-4665-1 + + + + + + + + + + CVE-2020-8252 on Ubuntu 20.04 (focal) - medium. + The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-18 21:15:00 UTC + 2020-09-18 21:15:00 UTC + leosilva + https://github.com/libuv/libuv/issues/2965 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8252.html + https://hackerone.com/reports/965914 + https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 + https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ + https://ubuntu.com/security/notices/USN-4548-1 + + + + sbeattie| nodejs uses system libuv1 library mdeslaur> introduced in 1.24.0 + + + + + + + + + CVE-2020-8284 on Ubuntu 20.04 (focal) - low. + A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 20:15:00 UTC + 2020-12-09 08:00:00 UTC + mdeslaur + Varnavas Papaioannou + 2020-12-09 08:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8284.html + https://curl.se/docs/CVE-2020-8284.html + https://ubuntu.com/security/notices/USN-4665-1 + https://ubuntu.com/security/notices/USN-4665-2 + + + + + + + + + + CVE-2020-8285 on Ubuntu 20.04 (focal) - medium. + curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 20:15:00 UTC + 2020-12-09 08:00:00 UTC + mdeslaur + xnynx + 2020-12-09 08:00:00 UTC + https://github.com/curl/curl/issues/6255 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8285.html + https://curl.se/docs/CVE-2020-8285.html + https://ubuntu.com/security/notices/USN-4665-1 + https://ubuntu.com/security/notices/USN-4665-2 + + + + + + + + + + CVE-2020-8286 on Ubuntu 20.04 (focal) - medium. + curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-12-14 20:15:00 UTC + 2020-12-09 00:00:00 UTC + mdeslaur + 2020-12-09 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8286.html + https://curl.se/docs/CVE-2020-8286.html + https://ubuntu.com/security/notices/USN-4665-1 + + + + amurray| Affects curl versions between and including 7.41.0 and 7.73.0 + + + + + + + + + CVE-2020-8428 on Ubuntu 20.04 (focal) - medium. + fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-01-29 00:15:00 UTC + 2020-01-29 00:15:00 UTC + Al Viro + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8428.html + https://www.openwall.com/lists/oss-security/2020/01/28/2 + https://www.openwall.com/lists/oss-security/2020/02/02/1 + https://syzkaller.appspot.com/bug?extid=190005201ced78a74ad6 + https://ubuntu.com/security/notices/USN-4318-1 + https://ubuntu.com/security/notices/USN-4319-1 + https://ubuntu.com/security/notices/USN-4320-1 + https://ubuntu.com/security/notices/USN-4325-1 + https://ubuntu.com/security/notices/USN-4324-1 + https://usn.ubuntu.com/lsn/0065-1/ + + + + amurray| Original fix caused a regression so need second commit as well + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-8449 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-04 20:15:00 UTC + 2020-02-04 20:15:00 UTC + mdeslaur + Regis Leroy + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8449.html + http://www.squid-cache.org/Advisories/SQUID-2020_1.txt + https://ubuntu.com/security/notices/USN-4289-1 + + + + + + + + + + CVE-2020-8450 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-04 20:15:00 UTC + 2020-02-04 20:15:00 UTC + mdeslaur + Guido Vranken + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8450.html + http://www.squid-cache.org/Advisories/SQUID-2020_1.txt + https://ubuntu.com/security/notices/USN-4289-1 + + + + mdeslaur> same commits as CVE-2020-8449 + + + + + + + + + CVE-2020-8517 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-04 20:15:00 UTC + 2020-02-04 20:15:00 UTC + mdeslaur + Aaron Costello + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8517.html + http://www.squid-cache.org/Advisories/SQUID-2020_3.txt + https://ubuntu.com/security/notices/USN-4289-1 + + + + + + + + + + CVE-2020-8616 on Ubuntu 20.04 (focal) - medium. + A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 14:15:00 UTC + 2020-05-19 + mdeslaur + Lior Shafir, Yehuda Afek, and Anat Bremler-Barr + 2020-05-19 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8616.html + https://kb.isc.org/docs/cve-2020-8616 + https://ubuntu.com/security/notices/USN-4365-1 + https://ubuntu.com/security/notices/USN-4365-2 + + + + + + + + + + CVE-2020-8617 on Ubuntu 20.04 (focal) - medium. + Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-05-19 14:15:00 UTC + 2020-05-19 + mdeslaur + Tobias Klein + 2020-05-19 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8617.html + https://kb.isc.org/docs/cve-2020-8617 + https://ubuntu.com/security/notices/USN-4365-1 + https://ubuntu.com/security/notices/USN-4365-2 + + + + + + + + + + CVE-2020-8618 on Ubuntu 20.04 (focal) - medium. + An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 22:15:00 UTC + 2020-06-17 + mdeslaur + 2020-06-17 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8618.html + https://kb.isc.org/docs/cve-2020-8618 + https://ubuntu.com/security/notices/USN-4399-1 + + + + amurray| Affects version 9.16.0 through 9.16.3 + + + + + + + + + CVE-2020-8619 on Ubuntu 20.04 (focal) - medium. + In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-17 22:15:00 UTC + 2020-06-17 + mdeslaur + 2020-06-17 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8619.html + https://kb.isc.org/docs/cve-2020-8619 + https://ubuntu.com/security/notices/USN-4399-1 + + + + mdeslaur> upstream advisory says BIND 9.11.14 -> 9.11.19, probably mdeslaur> introduced in race condition fixes introduced in 9.11.4. + + + + + + + + + CVE-2020-8620 on Ubuntu 20.04 (focal) - medium. + In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 21:15:00 UTC + 2020-08-20 + mdeslaur + Emanuel Almeida + 2020-08-20 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8620.html + https://kb.isc.org/docs/cve-2020-8620 + https://ubuntu.com/security/notices/USN-4468-1 + + + + amurray| Affects versions 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3 + + + + + + + + + CVE-2020-8621 on Ubuntu 20.04 (focal) - medium. + In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 21:15:00 UTC + 2020-08-20 + mdeslaur + Joseph Gullo + 2020-08-20 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8621.html + https://kb.isc.org/docs/cve-2020-8621 + https://ubuntu.com/security/notices/USN-4468-1 + + + + amurray| Affects versions 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3 + + + + + + + + + CVE-2020-8622 on Ubuntu 20.04 (focal) - medium. + In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 21:15:00 UTC + 2020-08-20 + mdeslaur + Dave Feldman, Jeff Warren, and Joel Cunningham + 2020-08-20 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8622.html + https://kb.isc.org/docs/cve-2020-8622 + https://ubuntu.com/security/notices/USN-4468-1 + https://ubuntu.com/security/notices/USN-4468-2 + + + + amurray| Affects versions 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND Supported Preview Edition + + + + + + + + + CVE-2020-8623 on Ubuntu 20.04 (focal) - medium. + In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 21:15:00 UTC + 2020-08-20 + mdeslaur + Lyu Chiy + 2020-08-20 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8623.html + https://kb.isc.org/docs/cve-2020-8623 + https://ubuntu.com/security/notices/USN-4468-1 + + + + amurray| Affects versions 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition + + + + + + + + + CVE-2020-8624 on Ubuntu 20.04 (focal) - low. + In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-08-21 21:15:00 UTC + 2020-08-20 + mdeslaur + Joop Boonen + 2020-08-20 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8624.html + https://kb.isc.org/docs/cve-2020-8624 + https://ubuntu.com/security/notices/USN-4468-1 + + + + amurray| Affects versions 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition + + + + + + + + + CVE-2020-8625 on Ubuntu 20.04 (focal) - medium. + BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-17 23:15:00 UTC + 2021-02-17 + mdeslaur + 2021-02-17 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8625.html + https://kb.isc.org/docs/cve-2020-8625 + https://ubuntu.com/security/notices/USN-4737-1 + https://ubuntu.com/security/notices/USN-4737-2 + + + + + + + + + + CVE-2020-8647 on Ubuntu 20.04 (focal) - medium. + There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-06 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8647.html + https://bugzilla.kernel.org/show_bug.cgi?id=206359 + https://usn.ubuntu.com/lsn/0066-1/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-8648 on Ubuntu 20.04 (focal) - medium. + There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. It was discovered that the virtual terminal implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-06 01:15:00 UTC + 2020-02-06 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8648.html + https://bugzilla.kernel.org/show_bug.cgi?id=206361 + https://ubuntu.com/security/notices/USN-4342-1 + https://ubuntu.com/security/notices/USN-4344-1 + https://ubuntu.com/security/notices/USN-4345-1 + https://ubuntu.com/security/notices/USN-4346-1 + https://usn.ubuntu.com/lsn/0066-1/ + + + + cascardo> This looks like a race between set_selection_kernel and paste_selection that may lead to data leak. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-8649 on Ubuntu 20.04 (focal) - medium. + There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-06 01:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8649.html + https://bugzilla.kernel.org/show_bug.cgi?id=206357 + https://usn.ubuntu.com/lsn/0066-1/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-8689 on Ubuntu 20.04 (focal) - medium. + Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-13 04:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8689.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00379.html + + + + + + + + + + CVE-2020-8694 on Ubuntu 20.04 (focal) - medium. + Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-12 18:15:00 UTC + 2020-11-10 18:00:00 UTC + Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss + 2020-11-10 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8694.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html + https://platypusattack.com/ + https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Platypus + https://ubuntu.com/security/notices/USN-4626-1 + https://ubuntu.com/security/notices/USN-4627-1 + + + + sbeattie> fix will be to adjust the access control bits on the RAPL sysfs files. + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-8695 on Ubuntu 20.04 (focal) - medium. + Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side-channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-12 18:15:00 UTC + 2020-11-10 18:00:00 UTC + Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss + 2020-11-10 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8695.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html + https://platypusattack.com/ + https://ubuntu.com/security/notices/USN-4628-1 + + + + + + + + + + CVE-2020-8696 on Ubuntu 20.04 (focal) - low. + Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-11-12 18:15:00 UTC + 2020-11-10 18:00:00 UTC + Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff + 2020-11-10 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8696.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html + https://ubuntu.com/security/notices/USN-4628-1 + + + + + + + + + + CVE-2020-8698 on Ubuntu 20.04 (focal) - medium. + Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-11-12 18:15:00 UTC + 2020-11-10 18:00:00 UTC + Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff + 2020-11-10 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8698.html + https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html + https://ubuntu.com/security/notices/USN-4628-1 + + + + + + + + + + CVE-2020-8831 on Ubuntu 20.04 (focal) - high. + Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-04-22 22:15:00 UTC + 2020-04-02 00:00:00 UTC + amurray + Maximilien Bourgeteau + 2020-04-02 00:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862348 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8831.html + https://ubuntu.com/security/notices/USN-4315-1 + https://ubuntu.com/security/notices/USN-4315-2 + + + + + + + + + + CVE-2020-8833 on Ubuntu 20.04 (focal) - medium. + Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-04-22 22:15:00 UTC + 2020-04-02 00:00:00 UTC + amurray + Maximilien Bourgeteau + 2020-04-02 00:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8833.html + https://ubuntu.com/security/notices/USN-4315-1 + https://ubuntu.com/security/notices/USN-4315-2 + + + + + + + + + + CVE-2020-8835 on Ubuntu 20.04 (focal) - high. + In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) Manfred Paul discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information (kernel memory) or gain administrative privileges. + + Ubuntu 20.04 + + + + High + Copyright (C) 2020 Canonical Ltd. + 2020-04-02 18:15:00 UTC + 2020-03-30 16:00:00 UTC + kernel-sec + Manfred Paul + 2020-03-30 16:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8835.html + https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results + https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/ + https://www.openwall.com/lists/oss-security/2020/03/30/3 + https://ubuntu.com/security/notices/USN-4313-1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2d67fec0b43edce8c416101cdc52e71145b5fef + https://www.zerodayinitiative.com/advisories/ZDI-20-350/ + + + + sbeattie> introduced by upstream commit 581738a681b6, which was mistakenly backported to upstream stable 5.4 kernel (b4de258dede528f88f401259aab3147fb6da1ddf). Ubuntu's 5.3 kernels are affected because 5.4 stable backport commits were pulled into Ubuntu's 5.3 kernels. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-8927 on Ubuntu 20.04 (focal) - medium. + A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-09-15 10:15:00 UTC + 2020-09-15 10:15:00 UTC + leosilva + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8927.html + https://github.com/google/brotli/releases/tag/v1.0.9 + https://ubuntu.com/security/notices/USN-4568-1 + + + + + + + + + + CVE-2020-8992 on Ubuntu 20.04 (focal) - low. + ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. Shijie Luo discovered that the ext4 file system implementation in the Linux kernel did not properly check for a too-large journal size. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (soft lockup). + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-14 05:15:00 UTC + 2020-02-14 05:15:00 UTC + Shijie Luo + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-8992.html + https://patchwork.ozlabs.org/patch/1236118/ + https://lore.kernel.org/r/20200211011752.29242-1-luoshijie1@huawei.com + https://ubuntu.com/security/notices/USN-4318-1 + https://ubuntu.com/security/notices/USN-4324-1 + https://ubuntu.com/security/notices/USN-4342-1 + https://ubuntu.com/security/notices/USN-4344-1 + https://ubuntu.com/security/notices/USN-4419-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-9369 on Ubuntu 20.04 (focal) - medium. + Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-24 18:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952428 + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9369.html + https://github.com/sympa-community/sympa/issues/886 + https://sympa-community.github.io/security/2020-001.html + + + + msalvatore> Affects 6.2.38 to 6.2.52 inclusive + + + + + + + + + CVE-2020-9383 on Ubuntu 20.04 (focal) - low. + An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. Jordy Zomer discovered that the floppy driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. + + Ubuntu 20.04 + + + + Low + Copyright (C) 2020 Canonical Ltd. + 2020-02-25 16:15:00 UTC + 2020-02-25 16:15:00 UTC + Jordy Zomer + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9383.html + https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3 + https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3 + https://ubuntu.com/security/notices/USN-4342-1 + https://ubuntu.com/security/notices/USN-4344-1 + https://ubuntu.com/security/notices/USN-4345-1 + https://ubuntu.com/security/notices/USN-4346-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-9391 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-02-25 18:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9391.html + https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a + http://www.openwall.com/lists/oss-security/2020/02/25/6 + https://bugzilla.redhat.com/show_bug.cgi?id=1797052 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dcde237319e626d1ec3c9d8b7613032f0fd4663a + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2020-9490 on Ubuntu 20.04 (focal) - medium. + Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-08-07 16:15:00 UTC + 2020-08-07 16:15:00 UTC + mdeslaur + Felix Wilhelm + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9490.html + https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490 + https://www.openwall.com/lists/oss-security/2020/08/07/4 + https://ubuntu.com/security/notices/USN-4458-1 + + + + + + + + + + CVE-2020-9633 on Ubuntu 20.04 (focal) - medium. + Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-06-12 14:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9633.html + https://helpx.adobe.com/security/products/flash-player/apsb20-30.html + https://security.gentoo.org/glsa/202006-09 + + + + + + + + + + CVE-2020-9746 on Ubuntu 20.04 (focal) - medium. + Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2020 Canonical Ltd. + 2020-10-14 14:15:00 UTC + chriscoulson + http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9746.html + https://helpx.adobe.com/security/products/flash-player/apsb20-58.html + + + + + + + + + + CVE-2021-0326 on Ubuntu 20.04 (focal) - high. + In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 17:15:00 UTC + 2021-02-10 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981971 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-0326.html + https://www.openwall.com/lists/oss-security/2021/02/03/4 + https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt + https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch + https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e + https://ubuntu.com/security/notices/USN-4734-1 + https://ubuntu.com/security/notices/USN-4734-2 + + + + + + + + + + CVE-2021-0342 on Ubuntu 20.04 (focal) - medium. + In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-11 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-0342.html + https://git.kernel.org/linus/96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-0447 on Ubuntu 20.04 (focal) - medium. + [Unknown description] + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-03 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-0447.html + https://source.android.com/security/bulletin/pixel/2021-03-01 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-1052 on Ubuntu 20.04 (focal) - medium. + NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-08 01:15:00 UTC + 2021-01-07 + albertomilone + 2021-01-07 + https://bugs.launchpad.net/ubuntu/+bug/1906680 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1052.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5142 + https://ubuntu.com/security/notices/USN-4689-1 + https://ubuntu.com/security/notices/USN-4689-2 + https://ubuntu.com/security/notices/USN-4689-3 + + + + amurray| CVE-2021-1052 and CVE-2021-1053 affect the following NVIDIA driver series: 450, 455, 418-server, 440-server, 450-server sbeattie> Does not affect 390 series drivers sbeattie| NVIDIA series 455 are superseded by series 460 sbeattie| NVIDIA series 440-server are superseded by series 450 + + + + + + + + + + + + + + + + CVE-2021-1053 on Ubuntu 20.04 (focal) - medium. + NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-08 01:15:00 UTC + 2021-01-07 + albertomilone + 2021-01-07 + https://bugs.launchpad.net/ubuntu/+bug/1906680 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1053.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5142 + https://ubuntu.com/security/notices/USN-4689-1 + https://ubuntu.com/security/notices/USN-4689-2 + https://ubuntu.com/security/notices/USN-4689-3 + + + + amurray| CVE-2021-1052 and CVE-2021-1053 affect the following NVIDIA driver series: 450, 455, 418-server, 440-server, 450-server sbeattie> Does not affect 390 series drivers. sbeattie| NVIDIA series 455 are superseded by the 460 series. sbeattie| NVIDIA series 440-server are superseded by the 450-server series. + + + + + + + + + + + + + + + + CVE-2021-1056 on Ubuntu 20.04 (focal) - medium. + NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux kernel did not properly restrict device-level GPU isolation. A local attacker could use this to cause a denial of service or possibly expose sensitive information. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-08 01:15:00 UTC + 2021-01-07 + albertomilone + Xinyuan Lyu + 2021-01-07 + https://bugs.launchpad.net/ubuntu/+bug/1906680 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1056.html + https://nvidia.custhelp.com/app/answers/detail/a_id/5142 + https://ubuntu.com/security/notices/USN-4689-1 + https://ubuntu.com/security/notices/USN-4689-2 + + + + amurray| CVE-2021-1052, CVE-2021-1053, and CVE-2021-1056 affect the following NVIDIA driver series: 450, 455, 418-server, 440-server, 450-server sbeattie| NVIDIA series 455 are superseded by the 460 series. sbeattie| NVIDIA series 440-server are superseded by 450-server. + + + + + + + + + + + + + + + + + CVE-2021-1252 on Ubuntu 20.04 (focal) - medium. + A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-08 05:15:00 UTC + 2021-04-08 05:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1252.html + https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html + https://ubuntu.com/security/notices/USN-4918-1 + https://ubuntu.com/security/notices/USN-4918-2 + https://ubuntu.com/security/notices/USN-4918-3 + + + + + + + + + + CVE-2021-1404 on Ubuntu 20.04 (focal) - medium. + A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-08 05:15:00 UTC + 2021-04-08 05:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1404.html + https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html + https://ubuntu.com/security/notices/USN-4918-1 + https://ubuntu.com/security/notices/USN-4918-2 + https://ubuntu.com/security/notices/USN-4918-3 + + + + + + + + + + CVE-2021-1405 on Ubuntu 20.04 (focal) - medium. + A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-08 05:15:00 UTC + 2021-04-08 05:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1405.html + https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html + https://ubuntu.com/security/notices/USN-4918-1 + https://ubuntu.com/security/notices/USN-4918-2 + https://ubuntu.com/security/notices/USN-4918-3 + + + + + + + + + + CVE-2021-20209 on Ubuntu 20.04 (focal) - medium. + A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-25 20:15:00 UTC + 2021-02-03 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20209.html + https://www.openwall.com/lists/oss-security/2021/02/03/3 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686 + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20210 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 19:15:00 UTC + 2021-02-03 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20210.html + https://www.openwall.com/lists/oss-security/2021/02/03/3 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=1b1370f7a8a + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20211 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 19:15:00 UTC + 2021-02-03 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20211.html + https://www.openwall.com/lists/oss-security/2021/02/03/3 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=245e1cf32 + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20212 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 19:15:00 UTC + 2021-02-03 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20212.html + https://www.openwall.com/lists/oss-security/2021/02/03/3 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5cfb7bc8fe + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20213 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 19:15:00 UTC + 2021-02-03 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20213.html + https://www.openwall.com/lists/oss-security/2021/02/03/3 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=7530132349 + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20214 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 19:15:00 UTC + 2021-02-05 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20214.html + https://www.openwall.com/lists/oss-security/2021/02/03/3 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=cf5640eb2a + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20215 on Ubuntu 20.04 (focal) - medium. + A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 19:15:00 UTC + 2021-02-05 00:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20215.html + https://www.openwall.com/lists/oss-security/2021/02/03/3 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=064eac5fd0 + https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=fdee85c0bf3 + https://ubuntu.com/security/notices/USN-4886-1 + + + + + + + + + + CVE-2021-20219 on Ubuntu 20.04 (focal) - medium. + A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-23 17:15:00 UTC + Evgenii Shatokhin + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20219.html + https://www.openwall.com/lists/oss-security/2021/03/17/10 + https://www.openwall.com/lists/oss-security/2021/03/17/16 + + + + sbeattie> Red Hat's backport of 3d63b7e4ae0d "n_tty: Fix stall at n_tty_receive_char_special()." was incomplete and could result in an infinite loop. + + + + + + + + + + + + + CVE-2021-20240 on Ubuntu 20.04 (focal) - medium. + A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-28 11:15:00 UTC + 2021-02-17 00:00:00 UTC + mdeslaur + https://bugzilla.redhat.com/show_bug.cgi?id=1926787 + https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20240.html + https://ubuntu.com/security/notices/USN-4743-1 + + + + mdeslaur> vulnerable code introduced in: mdeslaur> https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f + + + + + + + + + CVE-2021-20254 on Ubuntu 20.04 (focal) - medium. + A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-05-05 14:15:00 UTC + 2021-04-29 + mdeslaur + Peter Eriksson + 2021-04-29 + https://bugzilla.samba.org/show_bug.cgi?id=14571 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20254.html + https://www.samba.org/samba/security/CVE-2021-20254.html + https://ubuntu.com/security/notices/USN-4930-1 + https://ubuntu.com/security/notices/USN-4931-1 + + + + mdeslaur> 3.6 and higher + + + + + + + + + CVE-2021-20261 on Ubuntu 20.04 (focal) - medium. + A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw. It was discovered that a race condition existed in the floppy device driver in the Linux kernel. An attacker with access to the floppy device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-11 21:15:00 UTC + 2021-03-11 21:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20261.html + https://git.kernel.org/linus/a0c80efe5956ccce9fe7ae5c78542578c07bc20a + https://bugzilla.redhat.com/show_bug.cgi?id=1932150 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a + https://ubuntu.com/security/notices/USN-4904-1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-20265 on Ubuntu 20.04 (focal) - medium. + A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-10 16:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20265.html + https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + CVE-2021-20277 on Ubuntu 20.04 (focal) - high. + A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-05-12 14:15:00 UTC + 2021-03-24 + mdeslaur + Douglas Bagnall + 2021-03-24 + https://bugzilla.samba.org/show_bug.cgi?id=14655 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-20277.html + https://www.samba.org/samba/security/CVE-2021-20277.html + https://ubuntu.com/security/notices/USN-4888-1 + https://ubuntu.com/security/notices/USN-4888-2 + + + + mdeslaur> This issue is actually in the ldb package, the samba package mdeslaur> uses the system ldb library, not the included one + + + + + + + + + CVE-2021-21261 on Ubuntu 20.04 (focal) - medium. + Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.10.0. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-14 20:15:00 UTC + 2021-01-14 20:15:00 UTC + pfsmorigo + Simon McVittie + https://bugs.launchpad.net/bugs/1911473 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21261.html + https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2 + https://ubuntu.com/security/notices/USN-4721-1 + + + + + + + + + + CVE-2021-21300 on Ubuntu 20.04 (focal) - medium. + Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-09 20:15:00 UTC + 2021-03-09 10:00:00 PST + mdeslaur + Matheus Tavares + 2021-03-09 10:00:00 PST + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21300.html + https://ubuntu.com/security/notices/USN-4761-1 + + + + + + + + + + CVE-2021-21381 on Ubuntu 20.04 (focal) - medium. + Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`. Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-11 17:15:00 UTC + 2021-03-11 17:15:00 UTC + Anton Lydike + https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1918482 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984859 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21381.html + https://github.com/flatpak/flatpak/issues/4146 + https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp + https://github.com/flatpak/flatpak/commit/8279c5818425b6812523e3805bbe242fb6a5d961 + https://github.com/flatpak/flatpak/commit/a7401e638bf0c03102039e216ab1081922f140ae + https://github.com/flatpak/flatpak/commit/eb7946bb6248923d8c90fe9b84425fef97ae580d + https://github.com/flatpak/flatpak/pull/4156 + https://github.com/flatpak/flatpak/releases/tag/1.10.2 + https://ubuntu.com/security/notices/USN-4951-1 + + + + + + + + + + CVE-2021-22876 on Ubuntu 20.04 (focal) - medium. + curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 18:15:00 UTC + 2021-03-31 06:00:00 UTC + mdeslaur + Viktor Szakats + 2021-03-31 06:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22876.html + https://curl.se/docs/CVE-2021-22876.html + https://ubuntu.com/security/notices/USN-4898-1 + https://ubuntu.com/security/notices/USN-4903-1 + + + + amurray| affects curl versions between 7.1.1 and 7.75.0 + + + + + + + + + CVE-2021-22890 on Ubuntu 20.04 (focal) - medium. + curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 18:15:00 UTC + 2021-03-31 06:00:00 UTC + mdeslaur + Mingtao Yang + 2021-03-31 06:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-22890.html + https://curl.se/docs/CVE-2021-22890.html + https://ubuntu.com/security/notices/USN-4898-1 + + + + amurray| affects curl versions between 7.63.0 and 7.75.0 + + + + + + + + + CVE-2021-23358 on Ubuntu 20.04 (focal) - medium. + The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-29 14:15:00 UTC + 2021-03-29 14:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986171 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23358.html + https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984 + https://ubuntu.com/security/notices/USN-4913-1 + https://ubuntu.com/security/notices/USN-4913-2 + + + + + + + + + + CVE-2021-23841 on Ubuntu 20.04 (focal) - medium. + The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-16 17:15:00 UTC + 2021-02-16 17:15:00 UTC + Tavis Ormandy + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-23841.html + https://www.openssl.org/news/secadv/20210216.txt + https://ubuntu.com/security/notices/USN-4738-1 + https://ubuntu.com/security/notices/USN-4745-1 + + + + mdeslaur> edk2 doesn't use the affected function + + + + + + + + + + + + CVE-2021-25682 on Ubuntu 20.04 (focal) - medium. + It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 03:15:00 UTC + 2021-02-02 18:00:00 UTC + mdeslaur + Itai Greenhut + 2021-02-02 18:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25682.html + https://ubuntu.com/security/notices/USN-4720-1 + https://ubuntu.com/security/notices/USN-4720-2 + + + + + + + + + + CVE-2021-25683 on Ubuntu 20.04 (focal) - medium. + It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 03:15:00 UTC + 2021-02-02 18:00:00 UTC + mdeslaur + Itai Greenhut + 2021-02-02 18:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25683.html + https://ubuntu.com/security/notices/USN-4720-1 + https://ubuntu.com/security/notices/USN-4720-2 + + + + + + + + + + CVE-2021-25684 on Ubuntu 20.04 (focal) - medium. + It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-06-11 03:15:00 UTC + 2021-02-02 18:00:00 UTC + mdeslaur + Itai Greenhut + 2021-02-02 18:00:00 UTC + https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-25684.html + https://ubuntu.com/security/notices/USN-4720-1 + https://ubuntu.com/security/notices/USN-4720-2 + + + + + + + + + + CVE-2021-26937 on Ubuntu 20.04 (focal) - medium. + encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-09 20:15:00 UTC + 2021-02-09 20:15:00 UTC + mdeslaur + Felix Weinmann + https://savannah.gnu.org/bugs/?60030 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-26937.html + https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html + https://seclists.org/oss-sec/2021/q1/124 + https://seclists.org/oss-sec/2021/q1/129 + https://ubuntu.com/security/notices/USN-4747-1 + https://ubuntu.com/security/notices/USN-4747-2 + + + + mdeslaur> as of 2021-02-18, proposed patch on mailing list not yet mdeslaur> commited to upstream repo, but has been released by Debian + + + + + + + + + CVE-2021-27135 on Ubuntu 20.04 (focal) - medium. + xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-10 16:15:00 UTC + 2021-02-10 16:15:00 UTC + mdeslaur + Tavis Ormandy + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27135.html + https://www.openwall.com/lists/oss-security/2021/02/09/7 + https://www.openwall.com/lists/oss-security/2021/02/09/9 + https://www.openwall.com/lists/oss-security/2021/02/10/7 + https://ubuntu.com/security/notices/USN-4746-1 + + + + + + + + + + CVE-2021-27803 on Ubuntu 20.04 (focal) - medium. + A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-26 23:15:00 UTC + 2021-02-26 23:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-27803.html + https://www.openwall.com/lists/oss-security/2021/02/25/3 + https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt + http://www.openwall.com/lists/oss-security/2021/02/27/1 + https://ubuntu.com/security/notices/USN-4757-1 + https://ubuntu.com/security/notices/USN-4757-2 + + + + + + + + + + CVE-2021-28041 on Ubuntu 20.04 (focal) - medium. + ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-05 21:15:00 UTC + 2021-03-05 21:15:00 UTC + mdeslaur + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28041.html + https://www.openwall.com/lists/oss-security/2021/03/03/1 + https://www.openssh.com/security.html + https://www.openssh.com/txt/release-8.5 + https://ubuntu.com/security/notices/USN-4762-1 + + + + seth-arnold> openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. + + + + + + + + + CVE-2021-28650 on Ubuntu 20.04 (focal) - medium. + autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-17 06:15:00 UTC + 2021-03-17 06:15:00 UTC + mdeslaur + Ondrej Holy + https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28650.html + https://ubuntu.com/security/notices/USN-4937-1 + + + + + + + + + + CVE-2021-28957 on Ubuntu 20.04 (focal) - medium. + An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-21 05:15:00 UTC + 2021-03-21 05:15:00 UTC + mdeslaur + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985643 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-28957.html + https://bugs.launchpad.net/lxml/+bug/1888153 + https://github.com/lxml/lxml/pull/316 + https://github.com/lxml/lxml/pull/316/commits/10ec1b4e9f93713513a3264ed6158af22492f270 + https://lists.debian.org/debian-lts-announce/2021/03/msg00031.html + https://ubuntu.com/security/notices/USN-4896-1 + https://ubuntu.com/security/notices/USN-4896-2 + + + + + + + + + + CVE-2021-3156 on Ubuntu 20.04 (focal) - high. + Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 21:15:00 UTC + 2021-01-26 18:00:00 UTC + mdeslaur + 2021-01-26 18:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3156.html + https://ubuntu.com/security/notices/USN-4705-1 + https://ubuntu.com/security/notices/USN-4705-2 + + + + + + + + + + CVE-2021-3181 on Ubuntu 20.04 (focal) - medium. + rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-19 15:15:00 UTC + 2021-01-19 15:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980326 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3181.html + https://gitlab.com/muttmua/mutt/-/issues/323 + https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17 + http://www.openwall.com/lists/oss-security/2021/01/19/10 + https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19 + https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14 + https://ubuntu.com/security/notices/USN-4703-1 + + + + + + + + + + CVE-2021-3281 on Ubuntu 20.04 (focal) - medium. + In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-02 07:15:00 UTC + 2021-02-01 10:00:00 UTC + mdeslaur + Wang Baohua + 2021-02-01 10:00:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3281.html + https://www.djangoproject.com/weblog/2021/feb/01/security-releases/ + https://ubuntu.com/security/notices/USN-4715-1 + https://ubuntu.com/security/notices/USN-4715-2 + + + + + + + + + + CVE-2021-3286 on Ubuntu 20.04 (focal) - medium. + SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 18:16:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3286.html + https://github.com/spotweb/spotweb/issues/653 + + + + + + + + + + CVE-2021-3308 on Ubuntu 20.04 (focal) - medium. + An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-26 20:15:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981052 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3308.html + https://xenbits.xen.org/xsa/advisory-360.html + http://www.openwall.com/lists/oss-security/2021/01/26/4 + http://xenbits.xen.org/xsa/advisory-360.html + + + + mdeslaur> hypervisor packages are in universe. For mdeslaur> issues in the hypervisor, add appropriate mdeslaur> tags to each section, ex: mdeslaur> Tags_xen: universe-binary + + + + + + + + + CVE-2021-3325 on Ubuntu 20.04 (focal) - medium. + Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-01-27 19:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3325.html + https://github.com/mikaku/Monitorix/commit/d6816e20da1a98bcdc6372d9c36a093df5238f4a + https://github.com/mikaku/Monitorix/compare/v3.13.0...v3.13.1 + https://github.com/mikaku/Monitorix/issues/309 + + + + + + + + + + CVE-2021-3345 on Ubuntu 20.04 (focal) - high. + _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-01-29 15:15:00 UTC + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3345.html + https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08 + https://gnupg.org + https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html + https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html + + + + + + + + + + CVE-2021-3393 on Ubuntu 20.04 (focal) - medium. + An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-01 14:15:00 UTC + 2021-02-12 00:00:00 UTC + Heikki Linnakangas + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3393.html + https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ + https://ubuntu.com/security/notices/USN-4735-1 + + + + + + + + + + CVE-2021-3410 on Ubuntu 20.04 (focal) - medium. + A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-02-23 23:15:00 UTC + 2021-02-23 23:15:00 UTC + leosilva + https://github.com/cacalabs/libcaca/issues/52 + https://bugzilla.redhat.com/show_bug.cgi?id=1928437 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3410.html + https://ubuntu.com/security/notices/USN-4921-1 + + + + + + + + + + CVE-2021-3429 on Ubuntu 20.04 (focal) - medium. + When instructing cloud-init to set a random password for a new user account, versions before 21.1.19 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-03-26 00:00:00 UTC + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985540 + https://bugs.launchpad.net/cloud-init/+bug/1918303 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3429.html + https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668 + + + + + + + + + + CVE-2021-3449 on Ubuntu 20.04 (focal) - high. + An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 15:15:00 UTC + 2021-03-25 + mdeslaur + 2021-03-25 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3449.html + https://www.openssl.org/news/secadv/20210325.txt + https://ubuntu.com/security/notices/USN-4891-1 + + + + mdeslaur> does not affect 1.0.2 mdeslaur> edk2 doesn't implement a server, so not vulnerable to this issue + + + + + + + + + CVE-2021-3450 on Ubuntu 20.04 (focal) - high. + The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). + + Ubuntu 20.04 + + + + High + Copyright (C) 2021 Canonical Ltd. + 2021-03-25 15:15:00 UTC + mdeslaur + Xiang Ding + 2021-03-25 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3450.html + https://www.openssl.org/news/secadv/20210325.txt + + + + mdeslaur> only affects 1.1.1h and later mdeslaur> edk2 in Ubuntu contains an embedded OpenSSL earlier than 1.1.1h + + + + + + + + + CVE-2021-3497 on Ubuntu 20.04 (focal) - medium. + GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 21:15:00 UTC + 2021-04-19 21:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986910 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3497.html + https://gstreamer.freedesktop.org/security/sa-2021-0002.html + https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3?merge_request_iid=903 + https://ubuntu.com/security/notices/USN-4928-1 + + + + + + + + + + CVE-2021-3498 on Ubuntu 20.04 (focal) - medium. + GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. + + Ubuntu 20.04 + + + + Medium + Copyright (C) 2021 Canonical Ltd. + 2021-04-19 21:15:00 UTC + 2021-04-19 21:15:00 UTC + leosilva + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986911 + http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3498.html + https://gstreamer.freedesktop.org/security/sa-2021-0003.html + https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0?merge_request_iid=903 + https://ubuntu.com/security/notices/USN-4928-1 + + + + leosilva> xenial does not uses affected variable/code dest_context. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /etc/lsb-release + ^[\s\S]*DISTRIB_CODENAME=([a-z]+)$ + 1 + + + + + + gcc-h8300-hms + + + + + + gcc-msp430 + + + gcc-snapshot + + + + + + flatnuke + + + + + + ctn + + + maildirsync + + + mh-book + + + libui-dialog-perl + + + seahorse + + + + + + + + + + + + + + + + + + matanza + + + + + + swish-e + + + + + + + + + cadaver + + + + + + + + + mini-httpd + + + + + + + + + + + + + + + libipc-pubsub-perl + + + libpoe-component-pubsub-perl + + + + + + loggerhead + + + + + + lft + + + + + + fetchmail + + + + + + + + + + + + + + + + + + libphp-adodb + + + dokuwiki + + + php-htmlpurifier + + + libnusoap-php + + + + + + php-xajax + + + + + + libparallel-forkmanager-perl + + + batmand + + + gpw + + + + + + tla + + + + + + libxerces2-java + + + + + + + + + + + + + + + + + + tinymce + + + + + + linux-image-5.4.0-1054-aws + + + linux-image-5.8.0-1041-aws + + + linux-image-unsigned-5.4.0-1055-azure + + + linux-image-unsigned-5.8.0-1039-azure + + + linux-image-unsigned-5.4.0-1049-gcp + + + linux-image-unsigned-5.8.0-1038-gcp + + + linux-image-unsigned-5.4.0-1049-gke + + + linux-image-unsigned-5.4.0-1021-gkeop + + + + + + linux-image-unsigned-5.4.0-1044-kvm + + + + + + linux-image-aws-lts-20.04 + + + linux-image-aws + + + linux-image-azure-lts-20.04 + + + linux-image-azure + + + linux-image-gcp-lts-20.04 + + + linux-image-gcp + + + + + + + + + + + + linux-image-kvm + + + + + + linux-image-oem-20.04 + + + linux-image-oracle-lts-20.04 + + + linux-image-oracle + + + + + + + + + + + + linux-image-unsigned-5.10.0-1038-oem + + + linux-image-unsigned-5.6.0-1056-oem + + + linux-image-unsigned-5.4.0-1052-oracle + + + linux-image-unsigned-5.8.0-1037-oracle + + + linux-image-5.4.0-1041-raspi + + + linux-image-5.4.0-1006-raspi2 + + + linux-image-5.4.0-40-generic + + + linux-image-5.8.0-29-generic + + + + + + linux-image-5.4.0-1055-azure + + + linux-image-5.8.0-1039-azure + + + linux-image-5.4.0-1049-gcp + + + linux-image-5.8.0-1038-gcp + + + linux-image-5.4.0-1049-gke + + + linux-image-5.4.0-1021-gkeop + + + + + + linux-image-5.4.0-1044-kvm + + + linux-image-5.10.0-1038-oem + + + linux-image-5.6.0-1056-oem + + + linux-image-5.4.0-1052-oracle + + + linux-image-5.8.0-1037-oracle + + + + + + + + + ht + + + + + + gstreamer1.0-libav + + + + + + + + + vice + + + kino + + + + + + + + + + + + ruby-parser + + + python3-pyrad + + + darktable + + + dcraw + + + + + + + + + + + + + + + libnet-server-perl + + + + + + + + + bzr + + + python3-tornado + + + python3-urllib3 + + + + + + + + + + + + + + + smokeping + + + + + + + + + + + + libgadu3 + + + ruby-i18n + + + libxml-security-java + + + + + + python-mode + + + + + + + + + transifex-client + + + node-connect + + + + + + eog + + + + + + + + + pinpoint + + + + + + + + + libconvert-asn1-perl + + + python3-beaker + + + chrony + + + ruby-net-ldap + + + libcommons-beanutils-java + + + + + + + + + + + + node-qs + + + libdbi-perl + + + + + + phpmyadmin + + + 9base + + + php-font-lib + + + + + + + + + python3-bottle + + + + + + + + + + + + duplicity + + + python3-rope + + + + + + + + + + + + krfb + + + liblzo2-2 + + + + + + ansible + + + + + + + + + + + + liblwipv6-2 + + + micro-httpd + + + php-dompdf + + + + + + php-pear + + + + + + vino + + + cgminer + + + + + + node-express + + + + + + + + + + + + + + + zoph + + + + + + + + + libgit2-28 + + + + + + libmpfr6 + + + xbindkeys-config + + + cabextract + + + libmspack0 + + + + + + libjasypt-java + + + + + + + + + kgb + + + pax + + + man-db + + + + + + socat + + + + + + vsftpd + + + + + + + + + libnetty-java + + + + + + + + + libnewlib-arm-none-eabi + + + nvi + + + + + + vigor + + + realmd + + + byzanz + + + + + + + + + + + + ruby-rack + + + android-libunwind + + + + + + + + + + + + + + + groovy + + + + + + + + + + + + + + + libcommons-collections3-java + + + libcommons-collections4-java + + + + + + + + + + + + + + + + + + bsdmainutils + + + + + + libcommons-httpclient-java + + + + + + gcc-avr + + + + + + + + + libjsoup-java + + + ganglia-webfrontend + + + libwolfssl24 + + + + + + + + + libemail-address-perl + + + pngcrush + + + + + + + + + latex2rtf + + + + + + + + + + + + + + + + + + stalin + + + rabbitmq-server + + + node-semver + + + node-serve-index + + + + + + node-send + + + node-tar + + + + + + gnuchess + + + + + + + + + + + + + + + arc + + + ruby-omniauth + + + phantomjs + + + + + + + + + + + + + + + libapache2-mod-fcgid + + + node-cookie-signature + + + ikiwiki + + + + + + libphp-phpmailer + + + + + + + + + + + + + + + + + + zoneminder + + + + + + + + + quantlib-refman-html + + + + + + perltidy + + + yodl + + + gajim + + + + + + node-negotiator + + + node-minimatch + + + node-ws + + + + + + + + + libjs-bootstrap4 + + + xtrlock + + + imapfilter + + + ruby-oauth + + + + + + tryton-server + + + libdbd-mysql-perl + + + + + + + + + + + + + + + + + + + + + libjgroups-java + + + + + + + + + binutils-h8300-hms + + + nescc + + + + + + + + + + + + + + + + + + + + + coreutils + + + + + + + + + libcommons-fileupload-java + + + + + + + + + + + + spip + + + + + + + + + libxstream-java + + + libjackson2-dataformat-xml-java + + + + + + npm + + + pgpdump + + + + + + libxmpcore-java + + + + + + + + + + + + libntirpc3.0 + + + libtika-java + + + libshiro-java + + + + + + libjs-mediaelement + + + libmxml1 + + + + + + python3-murano-dashboard + + + python3-muranoclient + + + + + + libapache-poi-java + + + + + + + + + + + + libxv1 + + + + + + python3-mysql.connector + + + ruby-saml + + + pngquant + + + + + + + + + + + + + + + + + + python3-jwcrypto + + + + + + elog + + + libresteasy-java + + + + + + python3-manila-ui + + + libjackrabbit-java + + + libundertow-java + + + pdns-recursor + + + dnsdist + + + kubernetes + + + + + + + + + + + + inspircd + + + charybdis + + + + + + + + + + + + + + + docker2aci + + + libxfixes3 + + + libxi6 + + + libxrandr2 + + + libxrender1 + + + libxtst6 + + + libxvmc1 + + + + + + libass9 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + libimage-info-perl + + + + + + epubcheck + + + + + + puppet-module-swift + + + + + + + + + + + + rsync + + + + + + + + + + + + + + + + + + libmozjs-52-0 + + + qt5-image-formats-plugins + + + libconfig-model-perl + + + + + + + + + + + + + + + jruby + + + + + + + + + rbenv + + + + + + php-cas + + + libsimple-xml-java + + + python3-pysaml2 + + + libc-ares2 + + + smarty3 + + + pluxml + + + python3-fedora + + + ruby-haml + + + + + + libsass1 + + + + + + jabberd2 + + + + + + + + + + + + + + + + + + unrar-free + + + vorbis-tools + + + yadm + + + docker-registry + + + + + + + + + mpg321 + + + + + + + + + sipcrack + + + + + + libstdc++5 + + + + + + + + + gcc-m68hc1x + + + libyaml-cpp0.6 + + + + + + + + + + + + r-cran-readxl + + + + + + + + + openvpn + + + libspice-server1 + + + + + + + + + ledger + + + libapr1 + + + + + + + + + python-numpy + + + simplesamlphp + + + + + + + + + git-annex + + + + + + + + + flightgear + + + + + + + + + + + + + + + + + + rtpproxy + + + python3-scrapy + + + + + + + + + yadifa + + + + + + + + + + + + obs-build + + + docker.io + + + tar-split + + + node-tough-cookie + + + upx-ucl + + + + + + libjackson2-databind-java + + + libjackson-json-java + + + spice-vdagent + + + xdg-user-dirs + + + + + + + + + + + + python3-mistune + + + + + + libtcnative-1 + + + node-growl + + + node-pg + + + node-fresh + + + node-superagent + + + node-mime + + + + + + ruby-ox + + + libcatalyst-plugin-static-simple-perl + + + ruby-yajl + + + + + + cacti + + + + + + tboot + + + ohcount + + + xrdp + + + + + + optipng + + + yard + + + + + + + + + libgme0 + + + fossil + + + + + + kildclient + + + context + + + + + + + + + nip2 + + + + + + rtv + + + + + + whitedune + + + ocaml-batteries-included + + + tin + + + + + + + + + + + + + + + + + + global + + + tkabber + + + + + + + + + + + + + + + qtpass + + + gifsicle + + + opentmpfiles + + + + + + libjgraphx-java + + + + + + + + + graphite-web + + + libyaml-snake-java + + + + + + lxc-templates + + + node-chownr + + + + + + + + + x11vnc + + + + + + puppet-module-puppetlabs-apache + + + + + + libxdmcp6 + + + libice6 + + + + + + + + + golang-golang-x-crypto-dev + + + + + + + + + + + + python3-sleekxmpp + + + + + + + + + + + + liblog4j2-java + + + + + + libbatik-java + + + + + + + + + + + + gstreamer1.0-plugins-ugly + + + s-nail + + + ruby-zip + + + python3-openpyxl + + + libapache2-mod-auth-openidc + + + + + + + + + libcacard0 + + + + + + partclone + + + + + + praat + + + apng2gif + + + + + + + + + apt-cacher + + + apt-cacher-ng + + + rkhunter + + + + + + libresteasy3.0-java + + + + + + + + + + + + + + + feh + + + + + + lynis + + + + + + apktool + + + + + + + + + rpcbind + + + + + + libetpan20 + + + lrzip + + + smb4k + + + + + + + + + + + + + + + + + + + + + osc + + + dnstracer + + + + + + cron + + + + + + + + + phpunit + + + + + + + + + + + + + + + libstb0 + + + + + + ruby-doorkeeper + + + + + + librelp0 + + + + + + libcjson1 + + + + + + beep + + + ruby-json-jwt + + + triplea + + + umlet + + + sympa + + + + + + libdom4j-java + + + zutils + + + latexdraw + + + jabref + + + + + + + + + nasm + + + + + + freecol + + + libprocessing-core-java + + + hoteldruid + + + python3-pykmip + + + + + + + + + libplexus-archiver-java + + + + + + libquazip5-1 + + + + + + p7zip-rar + + + mruby + + + + + + htp + + + libhtp2 + + + awstats + + + + + + + + + + + + + + + matrix-synapse + + + + + + abcm2ps + + + + + + + + + + + + + + + + + + + + + + + + + + + lldpad + + + libpostgresql-jdbc-java + + + + + + vcftools + + + libjpeg62 + + + vim-syntastic + + + r-cran-haven + + + jpegoptim + + + + + + + + + + + + nikto + + + + + + + + + libcommons-compress-java + + + + + + + + + enigmail + + + + + + + + + python3-gnupg + + + + + + s3ql + + + + + + intel-microcode + + + + + + pass + + + yarnpkg + + + + + + + + + phpldapadmin + + + liblog4net1.2-cil + + + + + + + + + + + + + + + libapache2-mod-security2 + + + tcpreplay + + + dvbcut + + + zip + + + + + + catimg + + + node-macaddress + + + + + + + + + clementine + + + libh2-java + + + + + + + + + mutt + + + neomutt + + + libjsf-api-java + + + mitmproxy + + + + + + + + + btrfsmaintenance + + + + + + cgit + + + + + + + + + + + + + + + packer + + + + + + fig2dev + + + modsecurity-crs + + + + + + ruby-loofah + + + + + + node-cached-path-relative + + + + + + node-extend + + + + + + tinc + + + + + + shellinabox + + + + + + + + + gitolite3 + + + ccextractor + + + goxel + + + + + + love + + + + + + renderdoc + + + retroarch + + + zam-plugins + + + + + + + + + php-tcpdf + + + gpp + + + python3-marshmallow + + + + + + telegram-desktop + + + jekyll + + + + + + + + + ckeditor + + + + + + python3-requests + + + + + + + + + + + + + + + + + + + + + + + + + + + keepalived + + + + + + + + + liburiparser1 + + + + + + + + + + + + arm-trusted-firmware + + + tryton-client + + + + + + + + + + + + + + + consul + + + + + + + + + onionshare + + + + + + + + + + + + ssvnc + + + + + + rdesktop + + + + + + libokhttp-java + + + + + + tcc + + + catdoc + + + + + + + + + openssh-client-ssh1 + + + + + + recon-ng + + + + + + + + + + + + + + + + + + re2c + + + libjodd-java + + + virtualbox-guest-additions-iso + + + + + + node-mixin-deep + + + node-hoek + + + node-sshpk + + + ruby-rails-html-sanitizer + + + node-deep-extend + + + ruby-sprockets + + + node-url-parse + + + + + + libsdl2-image-2.0-0 + + + libsdl-image1.2 + + + xserver-xorg-video-nouveau + + + + + + + + + isakmpd + + + libreswan + + + + + + + + + + + + puppet-module-puppetlabs-apt + + + puppet-module-puppetlabs-mysql + + + jhead + + + + + + patch + + + myrepos + + + linuxvnc + + + + + + cimg-examples + + + node-ssri + + + adminer + + + python3-asyncssh + + + python3-bleach + + + + + + + + + libaxis-java + + + + + + + + + + + + libpgobject-util-dbadmin-perl + + + libpam-yubico + + + fdkaac + + + + + + + + + + + + + + + + + + + + + python3-libnmap + + + + + + + + + libcrypt-jwt-perl + + + + + + + + + + + + rkt + + + + + + icedtea-netx + + + + + + libhibernate-validator-java + + + bwa + + + robocode + + + + + + node-set-value + + + httpie + + + libjs-angularjs + + + checkstyle + + + phppgadmin + + + + + + ruby-openid + + + php-imagick + + + + + + libjs-jquery + + + node-jquery + + + + + + monit + + + + + + + + + + + + + + + dhcpcd5 + + + signing-party + + + + + + + + + oca-core + + + + + + + + + supervisor + + + minissdpd + + + miniupnpd + + + + + + + + + python3-django + + + + + + + + + + + + nomad + + + + + + python3-parso + + + libqb0 + + + libapache2-mod-auth-mellon + + + sks + + + libmatio9 + + + libssh2-1 + + + libzmq5 + + + node-fstream + + + calamares + + + nsd + + + libonig5 + + + mudlet + + + + + + + + + + + + rainloop + + + + + + libmodsecurity3 + + + ruby-mini-magick + + + + + + python3-engineio + + + libsdl1.2debian + + + libsdl2-2.0-0 + + + gdnsd + + + dpic + + + libquartz-java + + + libquartz2-java + + + pdfresurrect + + + + + + basilisk2 + + + + + + + + + libslirp0 + + + slirp + + + slirp4netns + + + + + + libmodbus5 + + + milkytracker + + + schism + + + + + + sphinxsearch + + + brandy + + + + + + + + + + + + + + + ksh + + + + + + node-mysql + + + python3-django-js-reverse + + + csync2 + + + + + + directvnc + + + vncsnapshot + + + x2vnc + + + + + + python3-os-vif + + + + + + + + + + + + + + + + + + gcc-opt + + + + + + + + + sitecopy + + + tdom + + + + + + libpam-p11 + + + + + + + + + python3-lmdb + + + + + + + + + + + + focuswriter + + + + + + ruby-excon + + + python3-waitress + + + postfix-mta-sts-resolver + + + runc + + + + + + + + + + + + + + + libtomcrypt1 + + + ruby-netaddr + + + unoconv + + + libntlm0 + + + libpdl-io-matlab-perl + + + mldemos + + + + + + + + + libtk-img + + + + + + + + + sfftobmp + + + xloadimage + + + liblog4j1.2-java + + + + + + davical + + + + + + tnef + + + + + + sarg + + + libunivalue0 + + + ruby-rack-cors + + + limnoria + + + + + + gnome-font-viewer + + + gnome-sushi + + + + + + + + + yabasic + + + libspiro1 + + + + + + + + + midori + + + + + + + + + sa-exim + + + + + + + + + + + + + + + + + + + + + node-kind-of + + + + + + keepass2 + + + + + + + + + + + + + + + + + + python3-ruamel.yaml + + + + + + + + + + + + + + + + + + + + + + + + libvo-amrwbenc0 + + + + + + node-mongodb + + + + + + + + + + + + + + + + + + tmpreaper + + + debian-lan-config + + + + + + + + + + + + + + + prometheus + + + evolution-ews + + + xcftools + + + + + + libc3p0-java + + + + + + node-mqtt-packet + + + ruby-nokogiri + + + binaryen + + + + + + + + + + + + tintin++ + + + + + + + + + + + + + + + advancecomp + + + + + + + + + + + + + + + + + + golang-google-grpc-dev + + + + + + + + + + + + libexif12 + + + gdisk + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + r-cran-rmysql + + + + + + ruby-json + + + + + + targetcli-fb + + + + + + containernetworking-plugins + + + + + + + + + + + + + + + zim + + + centreon-engine + + + ruby-faye + + + + + + + + + puma + + + + + + + + + + + + libawl-php + + + + + + + + + + + + python3-markdown2 + + + + + + + + + + + + libxmlgraphics-commons-java + + + + + + mailman + + + libmozjs-68-0 + + + gssproxy + + + + + + + + + minidlna + + + + + + libimlib2 + + + + + + + + + + + + + + + sabnzbdplus + + + gitlab-runner + + + + + + axel + + + + + + python3-rsa + + + + + + rebar + + + node-elliptic + + + + + + libpam-tacplus + + + velocity + + + + + + + + + python3-rtslib-fb + + + + + + ngircd + + + bison + + + bsdiff + + + libjboss-xnio-java + + + cifs-utils + + + + + + + + + + + + + + + + + + + + + chocolate-doom + + + crispy-doom + + + ruby-faye-websocket + + + node-prismjs + + + miller + + + node-fetch + + + python3-django-filters + + + ruby-omniauth-auth0 + + + junit4 + + + sopel + + + node-object-path + + + node-ajv + + + + + + + + + + + + nim + + + kdepim-runtime + + + accountwizard + + + + + + ark + + + balsa + + + prometheus-blackbox-exporter + + + python3-asyncpg + + + python3-django-celery-results + + + iwd + + + libcommons-configuration2-java + + + + + + python3-jsonpickle + + + + + + node-node-sass + + + + + + snmptt + + + ruby-twitter-stream + + + + + + shotcut + + + geary + + + kleopatra + + + checkinstall + + + python3-flask-cors + + + freedombox + + + libappimage0 + + + python3-djangorestframework + + + libhibernate3-java + + + python3-m2crypto + + + + + + ruby-gon + + + + + + + + + libmd4c0 + + + etcd-discovery + + + kdeconnect + + + + + + nanopb + + + hugo + + + motion + + + libkpmcore9 + + + libjs-prototype + + + + + + + + + pngcheck + + + + + + node-axios + + + + + + + + + + + + libjackson2-dataformat-cbor + + + + + + libjs-three + + + node-xmlhttprequest + + + node-xmlhttprequest-ssl + + + slic3r + + + + + + + + + + + + tomb + + + sma + + + golang-golang-x-text-dev + + + rclone + + + + + + + + + + + + + + + gobby + + + crmsh + + + + + + spotweb + + + postsrsd + + + + + + python3-autobahn + + + opensmtpd + + + python3-django-channels + + + + + + node-socket.io-parser + + + + + + + + + + + + ruby-sanitize + + + ipmitool + + + ruby-secure-headers + + + + + + libghc-cmark-gfm-prof + + + python3-cmarkgfm + + + r-cran-commonmark + + + ruby-commonmarker + + + uap-core + + + + + + + + + + + + + + + openfortivpn + + + + + + libhiredis0.14 + + + node-minimist + + + node-yargs-parser + + + ruby-websocket-extensions + + + + + + + + + grunt + + + node-ua-parser-js + + + + + + node-pathval + + + libjs-codemirror + + + node-nodemailer + + + node-y18n + + + node-ini + + + + + + tcpdump + + + prosody-modules + + + node-dot-prop + + + ruby-actionpack-page-caching + + + jison + + + + + + node-bl + + + liblwip0 + + + ppp + + + cloud-init + + + + + + mongo-tools + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + privoxy + + + stunnel4 + + + isync + + + kexec-tools + + + + + + + + + containers-storage + + + + + + + + + + + + libmongodb-java + + + + + + git-lfs + + + python3-flask-security + + + ruby-carrierwave + + + ruby-mechanize + + + python3-aiohttp + + + containerd + + + node-xmldom + + + ckeditor3 + + + + + + python3-django-registration + + + + + + python3-eventlet + + + lib3mf1 + + + libimage-exiftool-perl + + + + + + libuv1 + + + node-hosted-git-info + + + node-browserslist + + + node-postcss + + + + + + + + + python3-django-hyperkitty + + + + + + + + + + + + steghide + + + + + + + + + + + + + + + + + + + + + + + + ruby-kramdown-rfc2629 + + + libphp-magpierss + + + + + + node-color-string + + + python3-mpmath + + + umoci + + + ircii + + + python3-pikepdf + + + libnet-netmask-perl + + + libnetwork-ipv4addr-perl + + + libcommons-io-java + + + node-redis + + + composer + + + siftool + + + python3-pydantic + + + + + + libdata-validate-ip-perl + + + php-seclib + + + seafile-gui + + + dma + + + ruby-sidekiq + + + + + + + + + librlottie0-1 + + + + + + + + + google-guest-agent + + + libjson-smart-java + + + python3-impacket + + + leocad + + + + + + wget + + + python3-django-postorius + + + + + + + + + + + + + + + dmg2img + + + radsecproxy + + + ruby-addressable + + + fail2ban + + + ruby-bindata + + + prosody + + + python3-flask-caching + + + postgresql-12-partman + + + eterm + + + + + + + + + node-got + + + libgcrypt20 + + + node-css-what + + + node-trim-newlines + + + + + + libjdom1-java + + + libjdom2-java + + + python3-websockets + + + libebml4v5 + + + thefuck + + + slapi-nis + + + + + + + + + postgresql-12-pglogical + + + manuskript + + + + + + + + + tpm2-tools + + + + + + + + + kimageformat-plugins + + + + + + node-uri-js + + + + + + + + + xinetd + + + iproute2 + + + lintian + + + pwgen + + + sniffit + + + + + + unzip + + + libpgf6 + + + lldpd + + + pound + + + mcabber + + + rspamd + + + + + + + + + icoutils + + + + + + python3-flask + + + node-braces + + + netatalk + + + libapache2-mod-jk + + + icecast2 + + + libemail-address-list-perl + + + libigraph0v5 + + + coturn + + + python3-aioxmpp + + + + + + + + + python3-werkzeug + + + node-knockout + + + + + + libpam-python + + + + + + + + + + + + file-roller + + + + + + libjson-c4 + + + + + + blueman + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + tmux + + + + + + + + + fastd + + + xdg-utils + + + + + + + + + python3-tornado4 + + + + + + + + + + + + + + + bubblewrap + + + storebackup + + + ruby-geocoder + + + + + + flashplugin-installer + + + + + + + + + screen + + + xterm + + + monitorix + + + + + + + + unix + + + + focal + + + 0:20140405-0ubuntu1 + + + 0:1.21-0.1 + + + 0:0.10.5-1ubuntu2 + + + 0:2.0.1-7ubuntu1 + + + 0:3.8.1-1ubuntu1 + + + 0:1.06.27-1ubuntu7 + + + 0:0.12.2-2.1ubuntu1 + + + 0:1.6.5-1.2 + + + 0:2.29-0ubuntu2 + + + 0:20140202+stable-4 + + + 0:0.16.0-0ubuntu2 + + + 0:1.5.0-5 + + + 0:2.6.11-2ubuntu4 + + + 0:1.5.0-8 + + + 0:2.1.0-1 + + + 0:1.3.5+dfsg-15 + + + 0:1.16.33-3.1ubuntu6 + + + 0:1.0.2 + + + 0:2.2.0-1 + + + 0:4.9.7+dfsg1-1 + + + 0:0.13~20190125-3ubuntu1 + + + 0:2.26.2-6ubuntu1 + + + 0:2.0.3-1 + + + 0:9.28-2 + + + 0:0.8.9-3build1 + + + 0:0.15.3-1ubuntu1 + + + 0:2.6.0~bzr6574-1ubuntu1 + + + 0:3.2.0-1ubuntu1 + + + 0:1.6-2 + + + 0:2.7.5-5ubuntu1 + + + 0:2.3.3-1 + + + 0:3.18.1-1ubuntu2 + + + 0:2.24.29-1ubuntu2 + + + 0:3.2-4ubuntu1 + + + 0:1.9.2-3 + + + 0:3.0.6.RELEASE-14 + + + 0:2.6-3ubuntu2 + + + 0:2.2.4-1 + + + 0:0.7.0-3 + + + 4:4.1.12-2 + + + 1:2.2.5+dfsg-1ubuntu1 + + + 0:0.12.6-1 + + + 0:2.0.1-1ubuntu1 + + + 0:2.5.2+dfsg-1 + + + 0:3.8.5-2 + + + 0:0.10.5-2 + + + 0:3.2.12-1 + + + 0:3.5.2-2ubuntu1 + + + 0:2.04-1ubuntu26.8 + + + 0:1.142.10 + + + 4:4.13.97-0ubuntu2 + + + 0:2.06-1.2ubuntu2 + + + 0:5.4.0-9.12 + + + 0:5.4.0-1005.5 + + + 0:5.8.0-1035.37~20.04.1 + + + 0:5.4.0-1006.6 + + + 0:5.8.0-1033.35~20.04.1 + + + 0:5.8.0-1032.34~20.04.1 + + + 0:5.4.0-1033.35 + + + 0:5.4.0-1008.9 + + + 0:5.8.0-23.24~20.04.1 + + + 0:5.4.0-1004.4 + + + 0:5.4.0.9 + + + 0:5.4.0.1005 + + + 0:5.8.0.1035 + + + 0:5.4.0.1006 + + + 0:5.8.0.1033 + + + 0:5.8.0.1032 + + + 0:5.4.0.1033 + + + 0:5.4.0.1008 + + + 0:5.8.0.23 + + + 0:5.4.0.1004 + + + 0:5.10.0.1008 + + + 0:5.6.0.1007 + + + 0:5.8.0.1031 + + + 0:5.4.0.1007 + + + 0:5.4.0.24 + + + 0:5.8.0.14 + + + 0:5.10.0-1008.9 + + + 0:5.6.0-1007.7 + + + 0:5.8.0-1031.32~20.04.2 + + + 0:5.4.0-1007.7 + + + 0:5.4.0-24.28 + + + 0:5.8.0-14.16~20.04.1 + + + 0:0.0~r118-1 + + + 0:1.6.5+dfsg-1 + + + 0:1.6.6+dfsg-1 + + + 0:42.0+build2-0ubuntu1 + + + 0:0.0~r131-2 + + + 1:38.3.0+build1-0ubuntu2 + + + 4:4.2.6-1 + + + 0:2.6.1+dfsg-1 + + + 0:0.6.2+dfsg-3 + + + 0:16 + + + 0:20140715-0ubuntu1 + + + 1:4.2.8p12+dfsg-3ubuntu4 + + + 4:4.2.7.1-1 + + + 0:3.22.0-5ubuntu2.1 + + + 4:4.2.8.1-1 + + + 0:4.16.4-1 + + + 4:4.2.9.1-1 + + + 0:40.0.2214.94-0ubuntu1.1120 + + + 0:2.1.1-1 + + + 0:2.0.2-1 + + + 4:4.2.10.1-1 + + + 0:1.17.24ubuntu1 + + + 4:4.2.12-1 + + + 4:4.2.12-2 + + + 1:2.1.4-2 + + + 0:3.7.1-2 + + + 0:0.24.1-2 + + + 0:3.1.2-2 + + + 0:1.6-1.1 + + + 0:0.4-3 + + + 0:4.10.0-1 + + + 0:2.23-0ubuntu1 + + + 0:50.1.0+build2-0ubuntu1 + + + 1:45.3.0+build1-0ubuntu4 + + + 0:7.99.90.20170502-0ubuntu1 + + + 0:1.9.2-1 + + + 2:1.16.2.901-1ubuntu4 + + + 0:3.15.4-4.2 + + + 0:1.0b4+ds-14 + + + 0:44.0.2403.89-0ubuntu1.1195 + + + 0:2.1.0-7 + + + 0:2.7.6.1-1 + + + 0:0.3.9+dfsg-1 + + + 0:1.7.3.2-2ubuntu2 + + + 0:1.4.2-1 + + + 0:3.0.2-18ubuntu1 + + + 0:2.4.4-1 + + + 0:10.14.1.0-1ubuntu1 + + + 0:1.6-1 + + + 1:4.0.34-1 + + + 4:4.4.5-1 + + + 0:0.98.7+dfsg-0ubuntu1 + + + 0:1.005-3 + + + 0:2.1.0-3 + + + 0:1.81.6-13 + + + 0:2.3.0+dfsg-2 + + + 0:0.016-24 + + + 0:0.16.0-1 + + + 1:13.20.0~dfsg-1 + + + 0:4.3.14-1 + + + 0:1.4.45-1ubuntu3 + + + 0:1.6.4-3 + + + 0:8.1.0+r23-2 + + + 0:1.1-4.1 + + + 1:0.62~dfsg-0.1 + + + 0:2.4.15-1ubuntu1 + + + 0:3.8.10.2-1 + + + 0:1.6.8-1 + + + 0:9.27-1 + + + 0:0.9.1-6 + + + 0:3.15.4-6 + + + 0:16.0~rc3+dfsg2-1 + + + 0:0.18.2-1 + + + 4:4.4.6.1-1 + + + 0:1.9.2+dfsg-1 + + + 0:4.12.0-0.3 + + + 0:2.4.1-1 + + + 0:3.2.2-1 + + + 0:4.1-1 + + + 0:8u91-b14-1 + + + 0:7.0.0-5 + + + 2:10.1.5-5055683-5ubuntu1 + + + 0:3.1-11ubuntu1 + + + 0:4.4.1-1 + + + 15:6.3.1+svn253039 + + + 1:5.4.0+Amtel3.6.0-1build1 + + + 0:17 + + + 0:20151011-0ubuntu1 + + + 0:3.2.10-1build1 + + + 0:5.5.0-1 + + + 0:1.9.2+dfsg-2 + + + 0:1.56-1 + + + 0:1.10.2-2 + + + 0:3.13.0+dfsg-1 + + + 0:4.0.10-4 + + + 0:5.14.3-3 + + + 0:1.912-1 + + + 0:1.8.13-0.1 + + + 1:0.9.2-2 + + + 0:2.5.8-1 + + + 0:2.3.16-1 + + + 0:1.8.16-0ubuntu1 + + + 0:2.6.2-2 + + + 1:0.12.4-2ubuntu2 + + + 0:3.13.2-1ubuntu1 + + + 4:4.5.3.1-1 + + + 0:3.6.6-1 + + + 0:5.4.1-1 + + + 0:1.9.1-1 + + + 0:2.8.29-3 + + + 0:0.16.2-1 + + + 0:2.2.1-1 + + + 0:4.02.3-9 + + + 0:6.2.5-1 + + + 0:0.9.4-6 + + + 0:2.28-0ubuntu1 + + + 0:3.99.5+repack1-9build1 + + + 0:2.50-1 + + + 0:5.21q-6 + + + 0:5.12.5+dfsg-9build1 + + + 2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1 + + + 0:2.1.1-1ubuntu1 + + + 0:48.0+build2-0ubuntu1 + + + 0:2.7.12-3 + + + 0:2.0.3-2 + + + 0:2.7.12-3build1 + + + 0:1.1.0-2 + + + 0:1.60-1 + + + 0:3.20161219 + + + 0:19.05.3.2-2 + + + 0:5.2.14+dfsg-2.1 + + + 0:5.11.3+dfsg-2ubuntu1 + + + 0:5.4.2-1.1 + + + 0:1.6.27-1 + + + 0:0.9.44.2-2 + + + 0:0.26.0+dfsg.1-1.1build1 + + + 0:4.6.1+dfsg-1 + + + 0:2.75.1+dfsg-1build1~1 + + + 0:3.5-2 + + + 0:1.30.4+dfsg-1 + + + 0:3.5.0+dfsg-9 + + + 0:1.8.13-10ubuntu1 + + + 0:20140328-2 + + + 0:3.08.01-1 + + + 0:0.16.6-1.1 + + + 0:3.2.3-1 + + + 0:0.3.6+dfsg-1 + + + 0:0.6.1-1 + + + 0:3.0.4-3 + + + 0:1.1.0+ds1.e6ddaae4-5 + + + 0:3.4.0+dfsg-1 + + + 0:4.0.0 + + + 0:2.12 + + + 1:2.6.13-1 + + + 0:2.5.7-1 + + + 0:4.0.4-1 + + + 0:4.039-1 + + + 0:4.041-2build1 + + + 4:4.5.4-1 + + + 0:8.11.2~dfsg-1 + + + 0:2.12.4-4 + + + 0:2.8.8-10 + + + 0:3.1.3+debian-2 + + + 0:4.0.2-1 + + + 1:1.8.12-1 + + + 0:2.28-3ubuntu1 + + + 0:2.1.0+repack1-1 + + + 1:3.12.0-1.1ubuntu1 + + + 0:2.12.4-1 + + + 0:0.3.1-1 + + + 0:2.11.0-1 + + + 0:4.4.0-1 + + + 4:4.6.0-2 + + + 1:9.11.2.P1-1ubuntu3 + + + 0:2.33.1-0.1ubuntu2 + + + 0:1.6.17-1 + + + 0:5.14.0+dfsg-1 + + + 0:1.3.2-1 + + + 0:9.0.16-3 + + + 1:3.6.3-0ubuntu1 + + + 0:1.3.5b-1 + + + 0:3.1.1-1 + + + 0:1.5.1-0ubuntu1 + + + 1:9b-2 + + + 0:1.4.9-1 + + + 0:2.7.4-1 + + + 1:7.0.0+r1-4 + + + 0:3.8.3 + + + 0:0.31-0.2 + + + 0:4.5+dfsg-1 + + + 0:2.20.1+ds-1 + + + 0:5.1.3-1 + + + 0:3.1.3-1 + + + 1:3.0.17+dfsg-1 + + + 4:4.1.7-1 + + + 0:3.4.15+dfsg-2ubuntu4 + + + 0:2.24-0ubuntu1 + + + 0:0.2.5-1.1 + + + 0:1.18-1 + + + 0:1.3.2-2 + + + 0:3.2.0+debian-2 + + + 2:2.2.2-3ubuntu2 + + + 0:2.29-1ubuntu1 + + + 0:8.0-0ubuntu3 + + + 1:3.12.0-1.1ubuntu2 + + + 0:3.20180228-1 + + + 0:4.5.2+dfsg-1 + + + 0:2.9-1 + + + 0:5.20.6-1 + + + 1:4.0.37-1 + + + 1:3.0.0~b1-2 + + + 1:2.0.0-5 + + + 0:0.8.4-1 + + + 0:4.3.1-1 + + + 0:20160507+git20160523.9086738-1 + + + 0:20160507-1 + + + 4:4.6.2-1 + + + 0:1.1.0-1 + + + 0:0.13.0-2build2 + + + 0:4.4.3-3ubuntu2.1 + + + 2:1.0.11-1 + + + 0:10.0-3 + + + 0:2.1.5-1 + + + 0:2.6 + + + 0:1.3.0-1 + + + 0:2.7.10~rc1-1 + + + 4:4.6.3-1 + + + 0:2.5.0-2 + + + 1:60.5.1+build2-0ubuntu1 + + + 0:4.5.3+dfsg-1 + + + 0:4.4.1-4 + + + 0:2.3.0-1 + + + 0:4.0.1-1 + + + 0:2.13-4 + + + 0:5.7.2-2ubuntu1 + + + 0:1.9a+ds1-1.1 + + + 0:0.4.2-1 + + + 0:2.9.2-3 + + + 0:3.1.2-1-1 + + + 0:3.1.0-1 + + + 0:2.6.1-1 + + + 0:2.5.1-0 + + + 0:1.9a+ds1-1.2 + + + 4:4.6.4+dfsg1-1 + + + 1:8.1.0+r3-5 + + + 0:5.14.2+dfsg-1 + + + 0:2.4.8-1 + + + 0:4.12.0-0.1 + + + 0:4.4.4-1 + + + 0:1.4.3-1 + + + 0:3.0.17 + + + 0:2.8.5-1 + + + 0:1.2.0-1 + + + 0:2.2.4+dfsg-2ubuntu2 + + + 0:1.12.1+dfsg-4 + + + 0:0.4.4-4 + + + 0:2.0.23-1 + + + 0:3.5.3-1 + + + 0:1.1.1-1 + + + 0:55.0.2883.87-0ubuntu1 + + + 0:3.1.0+2.6.0-4build8 + + + 0:3.1.1-5 + + + 0:2016.74-1 + + + 0:3.9.10+dfsg-1 + + + 1:13.11.2~dfsg-1 + + + 1:5.0.3-1 + + + 2:1.7.8-1 + + + 2:1.5.1-1 + + + 1:0.9.10-1 + + + 0:1.2.3-1 + + + 2:1.2.3-1 + + + 2:1.0.10-1 + + + 0:2.1.4-1 + + + 1:0.13.4-2 + + + 0:0.27.4+dfsg.1-0.1 + + + 0:2.0.13+1-1 + + + 0:044+189-1 + + + 0:2.0.2+dfsg-1 + + + 0:1.9a+ds1-2 + + + 0:20161001-2 + + + 0:1.14-2 + + + 0:1.1.19-2 + + + 0:0.8.0-6 + + + 0:0.2.8.4-12 + + + 0:1.7.2.385.g952d79e-1 + + + 0:1.14.6-1.1 + + + 0:5.0.14-1 + + + 0:2.8.9dev11-1 + + + 0:1.39-1 + + + 0:20161124-1 + + + 0:0.6.4+dfsg-1 + + + 0:3.0.1-5 + + + 0:9.4.4-1 + + + 0:3.1.4-1 + + + 0:2.16.1-1 + + + 0:20180228-1 + + + 0:3.201802280-1 + + + 0:1.6.20-1 + + + 0:1.10.2-1ubuntu1 + + + 0:3.1.3-6 + + + 1:1.2.11.dfsg-0ubuntu2 + + + 4:4.6.6-5 + + + 4:4.6.5.1-1 + + + 0:4.3.5-1 + + + 0:1.14.41-1 + + + 0:0.999999999-1 + + + 0:1.3.6+dfsg.1-1 + + + 1:13.13.1~dfsg-1 + + + 0:0.12.11-1 + + + 0:0.6.1-2 + + + 0:3.1.4-2 + + + 0:4.2.1-2 + + + 0:2.097-2 + + + 1:7.0.0+r33-2 + + + 0:0.1.17.0-1~18.04 + + + 0:3.28.6-0ubuntu1 + + + 0:1.2.24-3 + + + 0:1.3.6-1 + + + 0:2.17.92-1 + + + 0:2.7.1-3 + + + 0:4.5.0+dfsg1-0ubuntu2 + + + 0:1.12.0-4 + + + 0:8.1.4 + + + 0:3.1.31+20161214.1.c7d42e4+selfpack1-3 + + + 0:4.9.5+dfsg1-1 + + + 0:5.6-1 + + + 0:0.9.0-1 + + + 0:5.0.4-3 + + + 0:8u141-b15-1 + + + 0:8u161-b12-1ubuntu2 + + + 0:8u151-b12-1 + + + 0:6.1-1ubuntu1 + + + 0:4.046-1 + + + 0:1.3.26-1 + + + 1:2.10+dfsg-0ubuntu1 + + + 0:1.3.26-2 + + + 0:2.6.5-3 + + + 0:2.14-3 + + + 0:1.25.8-1 + + + 0:1.3.26-3 + + + 0:3.7.1-1ubuntu2 + + + 0:1.12.0-1 + + + 0:1.7.2-1 + + + 0:2.6.2~ds1-1 + + + 0:4.8.4~dfsg-1ubuntu1 + + + 0:2.14.0-8 + + + 0:0.3.2-3ubuntu1 + + + 0:3.4.8-1 + + + 0:0.3.1.5-alpha-2 + + + 0:1.3.26-4 + + + 0:7.3.0-16ubuntu3 + + + 1:20180425-1ubuntu1 + + + 2:3.49.1-1ubuntu1 + + + 0:3.100-2 + + + 0:1.36+u20170803+dfsg1-1 + + + 0:1.51+dfsg1-3 + + + 0:1.10.0-1 + + + 0:1.15-1 + + + 0:2.79+dfsg0-1 + + + 0:1.0.0-2 + + + 0:2.26-0ubuntu2 + + + 0:1.9.3-1 + + + 0:2.4.7-1ubuntu2 + + + 0:0.14.0-1ubuntu3 + + + 0:0.35-2 + + + 0:1.4.25-1 + + + 1:4.5-1ubuntu1 + + + 0:5.0.0-0ubuntu1 + + + 0:2.29.1-1ubuntu1 + + + 0:3.1.2+dfsg1-1 + + + 0:0.0.20180422.a-2 + + + 0:1.6.3-2 + + + 0:1.6.1-2 + + + 0:3.2.1+debian-2 + + + 0:73.0.1+build1-0ubuntu1 + + + 0:1.6.37-1 + + + 1:68.5.0+build1-0ubuntu1 + + + 0:1.25.6-1 + + + 0:1.25.10-1 + + + 1:1.16.2-1ubuntu1 + + + 0:1.14.15-1 + + + 0:1.3.26-6 + + + 1:5.5.8-1 + + + 0:4.1.0~repack-2 + + + 0:2.29-5ubuntu1 + + + 0:6.20170818-1 + + + 0:1.3.26-7 + + + 0:1.3.28-2 + + + 0:1.3.26-19 + + + 8:6.9.7.4+dfsg-16ubuntu8 + + + 0:2.6-3 + + + 8:6.9.7.4+dfsg-16ubuntu2 + + + 1:2017.2.1+dfsg-4 + + + 0:0.18.5-1 + + + 0:1.3.26-15 + + + 0:4.4.2-3 + + + 0:1.3.26-8 + + + 0:2.18.2-1 + + + 0:2.18.3-1 + + + 0:2.18.4-1 + + + 0:2.18.6-1 + + + 0:1.3.26-9 + + + 0:1.33-2 + + + 1:13.17.1~dfsg-1ubuntu1 + + + 0:2.83-1 + + + 0:0.10.2-3 + + + 0:1.3.26-10 + + + 0:2.3.7-1build1 + + + 0:1.3.26-11 + + + 8:6.9.10.8+dfsg-1ubuntu2 + + + 1:13.18.3~dfsg-1ubuntu4 + + + 1:3.26.0-0ubuntu1 + + + 0:6.0.5-1 + + + 0:1.3.26-12 + + + 0:1.12.0+ds1-1 + + + 0:4.8.2+dfsg-1 + + + 0:1.9.1-1ubuntu1 + + + 0:20180302-3 + + + 0:2.30-2ubuntu1 + + + 0:2.32-8ubuntu1 + + + 0:4.8.2+dfsg-2 + + + 0:18.06.1-0ubuntu2 + + + 0:0.10.2-1 + + + 0:1.3.26-13 + + + 0:2.3.4+dfsg-1 + + + 0:3.94-4 + + + 0:1.15.2-2 + + + 0:4.1.1-2 + + + 0:4.1.1-1 + + + 0:2.9.1-1 + + + 0:0.17.0-1ubuntu2 + + + 0:1.4.0.18-1 + + + 0:1.3.7.10-1ubuntu1 + + + 2:13.0.0~rc1-0ubuntu2 + + + 0:1.3.26-14 + + + 0:2.11.12-2 + + + 0:3.4.4-1 + + + 0:3.4.2-1 + + + 0:4.9.2-0ubuntu1 + + + 0:0.8.3-2 + + + 0:1.1.19-1 + + + 0:2.27-3ubuntu1 + + + 0:2.10.2-1 + + + 0:1.2.16-1 + + + 0:3.1.4-4 + + + 0:1.3.26-16 + + + 0:1.10.5-2 + + + 0:7.14.0-1 + + + 0:0.5.2-1 + + + 0:5.2.2-1 + + + 0:2.4.4+dfsg-1 + + + 0:2.8.2-1build2 + + + 0:0.34-1 + + + 0:1.3.26-17 + + + 0:5.0.30-1.1 + + + 0:1.3.1-1build1 + + + 0:1.3.26-18 + + + 0:1.1.38+ds1-1 + + + 0:1.1.24-0.1 + + + 0:5.8.0-5.2 + + + 0:2.30-21ubuntu1~18.04 + + + 0:1.9.7-0ubuntu1 + + + 0:0.8.1-1 + + + 0:6.1-1ubuntu1.18.04 + + + 0:0.18.8-1 + + + 0:3.1.0-2 + + + 0:0.9.5-2 + + + 0:0.7.6-1.1 + + + 0:0.9.12-2 + + + 0:0.4.6-2 + + + 0:65.0.3325.181-0ubuntu1 + + + 7:3.4.1-1 + + + 2:8.0.1453-1ubuntu1 + + + 1:13.18.3~dfsg-1 + + + 0:1.8.0~pre5-1 + + + 0:0.6.2-1 + + + 1:2.5-1 + + + 0:6.0.3-1 + + + 0:2.9.4-1 + + + 0:1.3.27-1 + + + 0:1.10.4+repack-4 + + + 0:1.10.4+repack-1 + + + 0:3.2.0-2 + + + 0:2.18.2-12build1 + + + 0:6.6.2-1 + + + 0:1.30-2 + + + 1:13.22.0~dfsg-2 + + + 0:3.0.4-2build1 + + + 1:60.2.1+build1-0ubuntu1 + + + 0:1.3.27-2 + + + 0:2.8.22-1 + + + 0:1.13.0+ds1-3 + + + 0:1.3.27-3 + + + 0:4.0.7-1 + + + 0:4.1.2+dfsg-4ubuntu3 + + + 0:1.2.1-1 + + + 0:1.91-2 + + + 0:1.15.2-1 + + + 2:18.0.0~b1-0ubuntu1 + + + 0:1.75.3-2 + + + 0:2.1.0.7-2 + + + 0:2.0.0-2 + + + 0:1.3.28-1 + + + 0:3.4.22+dfsg-1 + + + 0:7.80+dfsg1-1 + + + 0:1.1.4-5 + + + 0:3.0.4-0ubuntu2 + + + 0:0.9.12+dfsg-9ubuntu0.1 + + + 0:2.0.15-0ubuntu1.20.04.1 + + + 1:5.6.6-2build1 + + + 0:2.12.1+dfsg-1 + + + 0:4.8.2-5ubuntu1 + + + 0:3.0.0-1 + + + 0:2.16.6-1 + + + 0:2.16.3-1 + + + 0:2.16.2-1 + + + 1:1.1.2-3 + + + 2:1.0.9-2 + + + 0:0.9.164-1 + + + 0:1.4.18-1 + + + 1:3.0.7+dfsg-3 + + + 0:2.69.b+dfsg0-1 + + + 0:3.6.2+dfsg-11 + + + 1:0.0~git20180614.a8fb68e-1 + + + 0:2.1.6-1 + + + 0:3.6.10-1 + + + 0:0.9.44.8-1 + + + 0:1.12+git+1+e37ca00-0.3 + + + 0:5.2.14+dfsg-2.3+deb9u1build0.18.04.1 + + + 0:1.30.4+dfsg1-5 + + + 0:54.0+build3-0ubuntu1 + + + 1:52.2.1+build1-0ubuntu1 + + + 0:3.2+dfsg1-1 + + + 0:4.7.1+dfsg-1 + + + 0:1.3.3-3 + + + 0:1.2.2-1.1build2 + + + 0:0.5.1-3 + + + 0:4.7.2+dfsg-1 + + + 0:3.4.10-3 + + + 0:4.0.1-1~18.03 + + + 0:2.10.0-2 + + + 0:7.1.2+ds-2build1 + + + 1:2.1-7 + + + 0:1.9-3 + + + 0:3.5.1-1 + + + 0:0~20190606.20d2e5a1-2ubuntu1 + + + 0:1.10.3-1ubuntu1 + + + 0:1.14.1-1 + + + 0:1.14.1-1ubuntu1~ubuntu18.04.1 + + + 0:0.9.5-9 + + + 0:14.8.16-1 + + + 0:1.2.0-1.1 + + + 2:18.6+dfsg1-2ubuntu1 + + + 0:2.4.9-1 + + + 2:8.39-3 + + + 0:2.3.3-1build1 + + + 0:1.1.0+dfsg-3 + + + 0:3.0.2.32703.ds4-11ubuntu2 + + + 0:2.3.0+fsg-2 + + + 0:2.5.0-3 + + + 0:1.12+git+1+e37ca00-0.2 + + + 0:4.0.3-1 + + + 0:7.4.0.dfsg.1-2 + + + 0:0.3.11-1build1 + + + 0:4.7.3+dfsg-1 + + + 0:1.36+u20180108~dfsg-2 + + + 0:1.8-0.1 + + + 0:2.18.0-2 + + + 0:1.3.15-2 + + + 0:10.32-4 + + + 0:1.9a+ds1-4 + + + 0:2.28-1ubuntu1 + + + 0:1.3.5e-1build1 + + + 0:17.6.1-1 + + + 0:1.7.15 + + + 0:3-1 + + + 0:1.4.6-2 + + + 0:4.14.2.1+dfsg1-1build2 + + + 0:1.4.23-3 + + + 0:3.6.2-1 + + + 0:3.0.26-1 + + + 0:1.5.4-1 + + + 0:1.5.5-1.1 + + + 0:9.2.26-1 + + + 0:0.1.9-1 + + + 0:55.0.2+build1-0ubuntu4 + + + 1:52.4.0+build1-0ubuntu2 + + + 0:56.0+build6-0ubuntu1 + + + 0:57.0.1+build2-0ubuntu1 + + + 1:52.6.0+build1-0ubuntu1 + + + 0:1.3.2-1.1~build1 + + + 0:2.23.2-1build1 + + + 0:0.6.13-1 + + + 0:0.9.6+dfsg-4 + + + 0:2.5.0-1 + + + 0:3.24.2-0ubuntu6 + + + 0:2.3.4-1~18.04 + + + 0:1.1.6-1 + + + 0:1.3.2-1.1 + + + 0:0.2.5-1.2 + + + 0:1.6.1-1 + + + 0:1.2.5-8 + + + 0:5.2.1-1 + + + 0:1.8.0-1 + + + 0:0.631+git180528-1 + + + 0:0.631+git180528-1build1 + + + 0:3.10.2+dfsg-2 + + + 0:2.9.4+dfsg1-6.1ubuntu1 + + + 0:20180129-1 + + + 0:1.9.2-2 + + + 0:2017.75-3build1 + + + 0:1.29.7.7-1 + + + 0:4.0.0~CMake~6f54f1602475+ds1-2 + + + 0:2.2.1-2 + + + 0:67.0.4+build1-0ubuntu1 + + + 0:60.7.2+build2-0ubuntu1 + + + 0:0.162.1-1 + + + 0:3.0.3-1-1ubuntu1 + + + 0:5.6.4-8 + + + 0:3.0pl1-134ubuntu1 + + + 0:2.02~beta3-4ubuntu5 + + + 0:2.8.60-2build1 + + + 0:4.05.0-10ubuntu1 + + + 0:1.1.13-1 + + + 0:6.5.5-1ubuntu2 + + + 0:1.1.5-1build1 + + + 0:3.13-1+deb9u1 + + + 0:2.12.0-1 + + + 1:1.31.1-2 + + + 0:2.2.5+dfsg2-3build1 + + + 0:1.13.0+ds1-1 + + + 0:1.14.0+ds1-4 + + + 0:1.6.6-1 + + + 0:1.3.10+dfsg.1-1 + + + 0:9.1.17.0-3 + + + 0:1.22.8-1ubuntu1 + + + 0:1.2.15-1 + + + 1:0.13.1-1ubuntu2 + + + 0:2019.07+dfsg-1ubuntu6 + + + 0:4.4.2-1 + + + 0:2.1.2+ds1-1 + + + 0:2.7.4+reloaded3-5 + + + 0:1.4.3-2 + + + 0:1.11.0-1 + + + 0:1.2.1-1.1 + + + 0:6.2.40~dfsg-4 + + + 0:2.5+dfsg1-1 + + + 0:1.10.1-1 + + + 0:1.7-3 + + + 0:3.8.2+ds-12 + + + 0:6.2.40~dfsg-1 + + + 4:18.12.3-0ubuntu1 + + + 0:0.11.6+dfsg2-3 + + + 0:1.32.3-2build1 + + + 0:0.3.11-1 + + + 0:3.6.0-2 + + + 0:6.8.0.105+dfsg-2 + + + 0:0.7.6-1 + + + 0:16.02-3 + + + 0:1.4.1-2 + + + 0:2.40.1-7build1 + + + 0:6.0.7-1 + + + 0:5.62.0 + + + 4:5.12.5-0ubuntu1 + + + 0:1.3.6-2 + + + 0:3.6.2-2 + + + 0:0.18.8-2ubuntu1 + + + 0:1.4.1.5-1 + + + 0:17.11.2-1 + + + 0:2.7.15-4ubuntu1 + + + 0:2.7-1 + + + 0:0.28.1+dfsg-1 + + + 0:2.0.29-1 + + + 0:0.631+git180517-1 + + + 0:0.3.0-3 + + + 0:8.14.2-0.2 + + + 0:4.1.2-1 + + + 0:3.6.5-2ubuntu1 + + + 0:1.4.0.13-1 + + + 0:4.2.0-6 + + + 0:2.2.2-1 + + + 0:7.20190129-3 + + + 0:0.10.1-2 + + + 0:13.2.4+dfsg1-0ubuntu1 + + + 0:0.14.0-1ubuntu4 + + + 0:1.3.8.2-1 + + + 0:4.1.4-1 + + + 0:2.9.9-3 + + + 0:3.9.0-2 + + + 0:1.0.1+git20180808.4e642bd-1 + + + 0:1.4.0.15-1 + + + 0:2.19.81+really-2.18.2-13 + + + 0:19.05.5-1 + + + 0:4.3.19-1 + + + 0:0.1.16-1 + + + 0:3.2.1-3 + + + 0:1.10.4+repack-11ubuntu1 + + + 0:1.5.2-0ubuntu5 + + + 1:9c-2 + + + 0:0.9.6+dfsg-5 + + + 0:2.9.8-1 + + + 0:3.9.0-1 + + + 0:1.11.1+dfsg.1-0.3 + + + 0:3.5.5-4 + + + 0:2.20.1-1 + + + 1:2.1.5-3.1 + + + 0:3.5.5-2 + + + 0:0.3.9-1 + + + 0:2.20.2-1 + + + 0:2.20.3-1 + + + 0:20180714-1 + + + 0:20190104-1 + + + 0:5.15.8-2 + + + 0:1.10.6-1 + + + 0:8.0.2+ds-1ubuntu1 + + + 1:1.8.16-2 + + + 0:2.0.13-2 + + + 0:2.0.3-0ubuntu1.20.04.1 + + + 1:9d-1 + + + 0:1.4.22-5 + + + 0:2.2.8-1ubuntu1 + + + 0:0.4.3-1ubuntu1 + + + 0:3.7.1-3 + + + 0:3.4.22+dfsg-1ubuntu1 + + + 0:1.6.4-1 + + + 0:8.11.4~dfsg-0ubuntu1 + + + 0:10.15.1~dfsg-5 + + + 0:3.20190514.0ubuntu1 + + + 0:5.0.0-1ubuntu4 + + + 1:3.1+dfsg-2ubuntu4 + + + 0:0~20181115.85588389-2ubuntu1 + + + 0:4.11.3+24-g14b62ab3e5-1ubuntu2 + + + 1:16.2.1~dfsg-1 + + + 1:4.2.8p12+dfsg-3ubuntu3 + + + 0:62.0+build2-0ubuntu1 + + + 0:62.0.3+build1-0ubuntu1 + + + 1:60.4.0+build2-0ubuntu1 + + + 0:63.0+build1-0ubuntu1 + + + 0:64.0+build3-0ubuntu1 + + + 0:0.31.2+dfsg-1 + + + 0:2.5+dfsg-1 + + + 0:3.8+dfsg1-2.1build1 + + + 0:9.2.25-1 + + + 0:1.5.6-1 + + + 4:4.9.2+dfsg1-1 + + + 0:1.2.10+dfsg-7ubuntu0.20.04.1 + + + 0:2.20.5-1 + + + 0:2.33-2ubuntu1.2 + + + 0:0.5.2-426-gc5ad4e4+dfsg5-5 + + + 0:3.8.8-1 + + + 0:10.14.2.0-1 + + + 0:7.1.4+ds-1 + + + 7:4.0.2-1ubuntu6 + + + 7:4.0.2-2 + + + 7:4.0.2-1 + + + 7:4.1-1 + + + 0:0.3.6-5 + + + 0:0.2.9-1 + + + 0:1.9-2 + + + 0:3.1.33+20180830.1.3a78a21f+selfpack1-1 + + + 0:2.1.2+ds1-1build1 + + + 0:1.8.2-1 + + + 0:2.0.0-1 + + + 0:0.18.0-1ubuntu2 + + + 1:1.7-1 + + + 0:0.41-10 + + + 0:20180716+dfsg.1-1.2 + + + 0:3.29.91-1ubuntu1 + + + 0:2.2.5-5.2ubuntu1 + + + 0:6.0.10-1 + + + 2:13.0.0-0ubuntu4 + + + 2:14.0.0~b1~git2018120609.2e720b158b-0ubuntu2 + + + 0:2.7.15-4ubuntu4 + + + 0:2.9.7 + + + 0:1.7.0-1 + + + 0:1.1+git2.10.2-3.1 + + + 0:1.5.2+repack1-1 + + + 0:7.80+dfsg1-2build1 + + + 0:3.31.90-1 + + + 0:2018.76-4 + + + 0:0.176-1.1 + + + 1:3.2.7a-7 + + + 0:0.19.0-1build1 + + + 0:0.19.0~rc1-1 + + + 0:2.2.3-1 + + + 0:2.0.6-3 + + + 0:1.0.2-1 + + + 0:4.17.11+dfsg-4 + + + 0:3.0.2-1 + + + 0:0.99.2-1 + + + 0:0.13.62-3.2 + + + 0:6.0.11-1 + + + 0:5.2.3-1 + + + 0:1.0.35-2build1 + + + 0:2.21 + + + 0:2.7.5+dfsg-1 + + + 0:4.1.8-1 + + + 0:3.4.1~rc1-1 + + + 0:4.1.0+dfsg-1ubuntu1 + + + 0:3.2.26+dfsg-3 + + + 0:1.8.4~pre1-1ubuntu2 + + + 0:0.3.6-5build1 + + + 0:3.0.0b14-1 + + + 0:0.22.0-3.2 + + + 0:3.8.3+dfsg-3.1 + + + 0:6.0.13-1 + + + 0:3.17-6 + + + 0:4.11.1+dfsg-1 + + + 8:6.9.10.23+dfsg-2.1ubuntu1 + + + 0:4.8.2-1ubuntu3 + + + 0:2.18.4-2ubuntu0.18.10.1 + + + 0:4.3.4-3 + + + 0:1.5.8-1 + + + 0:65.0+build2-0ubuntu1 + + + 0:60.6.1+build2-0ubuntu1 + + + 0:65.0.1+build2-0ubuntu1 + + + 1:60.7.0+build1-0ubuntu3 + + + 0:0.7.0-1 + + + 0:0.9.1-1 + + + 3:3.6.2-2 + + + 0:19.10.2~ds0-1build1 + + + 0:1.19.0-3ubuntu1 + + + 1:2.0.10-1 + + + 0:2.1.3-1.1 + + + 0:0.9.3-2 + + + 0:1.3.8+dfsg.1-2 + + + 0:6.1+20180210-4ubuntu1 + + + 0:5.2.14+dfsg-2.4 + + + 0:4.6.5-1 + + + 0:2.8.8-3.2 + + + 8:2007f~dfsg-6 + + + 0:2.16.4-1ubuntu2 + + + 0:1.5.2+dfsg2-14 + + + 0:1.8.2-2.1 + + + 0:1.15.0+ds1-1 + + + 0:3.4.20+dfsg-1 + + + 0:0.4.9-2 + + + 0:3.0.7.1-3 + + + 0:5.12.8-0ubuntu1 + + + 0:1.30-1 + + + 1:1.14.4-1 + + + 0:2.7.4+dfsg-1 + + + 0:2.12-2 + + + 0:0.9.11+dfsg-1.2 + + + 0:1.0.29-5 + + + 0:1.24-1 + + + 0:5.0.1+dfsg1-1 + + + 0:1.8.4-1 + + + 0:1.4~hg15873-1 + + + 0:2.9.0-2 + + + 0:2.8.8-3ubuntu3 + + + 0:1.17-6ubuntu4 + + + 0:0.19.2-2 + + + 0:1.1.7-1 + + + 0:2.7.16-2 + + + 1:1.9-2 + + + 0:3.1.2+dfsg-1.1 + + + 0:3.2.1+dfsg-5build1 + + + 0:0.6.5-2ubuntu1 + + + 0:2.34-6ubuntu1.1 + + + 0:3.6.11-2 + + + 1:7.9p1-5 + + + 0:1.3.0~git20190114.9fcc588+dfsg-1 + + + 0:0.9.11+dfsg-1.3 + + + 2:8.1.0875-4ubuntu1 + + + 0:6.0.16-1 + + + 0:2.2.6-2 + + + 0:2.3.1-1 + + + 0:2.7.16-3 + + + 0:5.7.8-1 + + + 0:0.6.1-2ubuntu0.20.04.1 + + + 0:3.0.1-0ubuntu1 + + + 0:8u162-b12-1 + + + 0:6.1.16-dfsg-6~ubuntu1.20.04.1 + + + 0:11.0.2+1-1 + + + 0:8u181-b13-1 + + + 0:10.0.2+13-1ubuntu1 + + + 0:6.0.8-dfsg-7 + + + 0:5.2.22-dfsg-2 + + + 0:0~20190606.20d2e5a1-1ubuntu2 + + + 0:3.20180807a.1 + + + 0:4.0.0-1ubuntu11 + + + 1:2.11+dfsg-1ubuntu10 + + + 0:4.17.11+dfsg-2 + + + 0:1.16.1+dfsg-2 + + + 0:1.0.4-1 + + + 0:0.4.1-3 + + + 0:3.7.2-1 + + + 0:3.430-2 + + + 0:2.0.4+dfsg1-2ubuntu2.16.04.1 + + + 0:1.2.12-10 + + + 0:2018.10.17-1 + + + 0:2.20.0-2 + + + 0:68.0.3440.75-0ubuntu1 + + + 0:2.22.2-1ubuntu1 + + + 0:2.22.3-1 + + + 0:2.22.4-1 + + + 0:2.22.5-1 + + + 0:2.22.2-1ubuntu2 + + + 0:59.0.1+build1-0ubuntu1 + + + 1:52.7.0+build1-0ubuntu1 + + + 0:60.0+build2-0ubuntu1 + + + 0:61.0.1+build1-0ubuntu0.18.04.1 + + + 0:52.9.1-1 + + + 0:1.3.27-4 + + + 0:1.16.1-1 + + + 0:0.18.11-1 + + + 0:0.27.2-1ubuntu1 + + + 1:3.00-6 + + + 0:2.31.1-6ubuntu1 + + + 0:1.20180726 + + + 0:8.10.0~dfsg-2 + + + 1:4.8.1-1ubuntu5.20.04 + + + 1:4.2.8p11+dfsg-1ubuntu1 + + + 0:0.62.0-1ubuntu1 + + + 0:0.9.11+dfsg-1ubuntu0.1 + + + 0:1.76.0-1 + + + 0:2.3.4-1.1ubuntu3 + + + 0:1.75.3-3 + + + 0:2.9.5-1 + + + 0:2.4.5+dfsg-1 + + + 0:1.15.3-1 + + + 0:5.2.4-2 + + + 0:4.5.0-1 + + + 0:1.15.4-1 + + + 0:1.12.2-1 + + + 7:4.0-1 + + + 0:3.19.0+dfsg-1 + + + 0:8.6.3 + + + 0:1.3.11-2 + + + 0:0.9.6+dfsg-3 + + + 0:1.10-1 + + + 0:1.2.17-1 + + + 0:1.4-28 + + + 1:1.8.15-1 + + + 0:2.0.11-1 + + + 0:20170120-2 + + + 0:6.3-1 + + + 0:2.32-7ubuntu4 + + + 0:0.33-2 + + + 0:0.130.1-1 + + + 0:2.26-1 + + + 0:4.05.0-11ubuntu1 + + + 0:2.8.0-1 + + + 2:1.9.4-11 + + + 0:0~20180803.dd4cae4d-1ubuntu1 + + + 0:3.6.2+dfsg-22 + + + 0:3.4.13-3 + + + 0:9.0.16-4 + + + 0:0.76.1-0ubuntu3 + + + 0:2.1.7+ds-2~ubuntu20.04.1 + + + 2:2.9-1ubuntu2 + + + 0:6.0.18-1 + + + 0:8.0.5+ds-2 + + + 0:1.9.4-1 + + + 0:2.4.41-1ubuntu1 + + + 0:8.3-0ubuntu1 + + + 1:3.03-2 + + + 0:8.0.0-3 + + + 0:3.27-6 + + + 0:4.1.6-3build1 + + + 0:0.9.20-1 + + + 0:19.03.6-0ubuntu1 + + + 0:4.2.0-1 + + + 0:2.8.6+dfsg-1 + + + 0:2.0.27-1 + + + 0:9.4.18-2build2 + + + 0:6.0.3-2 + + + 0:0.7.17-3 + + + 0:1.9.3.3-2 + + + 0:2.0.1-1 + + + 0:0.4.0-2 + + + 0:1.0.3-2 + + + 0:1.7.9-1 + + + 0:8.29-1 + + + 0:0.86.1-0ubuntu1 + + + 0:0.7.2-5 + + + 0:2.6.8-1 + + + 0:3.4.22+dfsg-2ubuntu1 + + + 0:3.4.22+dfsg-2 + + + 0:1.4~hg15968-1 + + + 0:1.2.2+ds1-2 + + + 0:2.9.2debian-1 + + + 0:4.4.1-10 + + + 0:2.24.1-1 + + + 0:1.2.3-5 + + + 0:2.7.4+reloaded3-9 + + + 0:3.8.2-0ubuntu1 + + + 0:3.8.2-0ubuntu1.1 + + + 0:4.3.8+dfsg-1ubuntu1 + + + 0:3.3.1~dfsg-3 + + + 0:2.2.4+dfsg-4 + + + 0:6.0.26-1 + + + 0:18.12-2 + + + 1:5.25.3-1 + + + 0:3.32.0-1ubuntu1 + + + 0:1.4.0-2 + + + 0:1.4+really1.3.32-1 + + + 0:0.2.68 + + + 0:7.1.0-2 + + + 0:2.10-2 + + + 0:9.0.1-2 + + + 0:67.0+build2-0ubuntu1 + + + 0:67.0.3+build1-0ubuntu1 + + + 1:60.7.2+build1-0ubuntu1 + + + 0:68.0+build3-0ubuntu1 + + + 0:60.8.0+build1-0ubuntu1 + + + 2:3.45-1ubuntu1 + + + 0:69.0.1+build1-0ubuntu2 + + + 1:68.1.0+build3-0ubuntu1 + + + 0:71.0+build5-0ubuntu1 + + + 0:70.0+build2-0ubuntu1 + + + 1:68.2.0+build1.1-0ubuntu1 + + + 1:0.0~git20200221.2aa609c-1 + + + 0:0.99.2-5 + + + 0:1.3.8+dfsg-2 + + + 0:2.9.8-2 + + + 0:7.5.0+dfsg-3build1 + + + 0:1.5.20190210-1 + + + 0:2.1-6ubuntu2 + + + 0:1.0.8-1 + + + 0:2.0.5+dfsg1-1 + + + 0:1.2.12-11 + + + 0:6.0.19-1 + + + 2:2.0.11+ds1-1 + + + 0:3.0.3-1 + + + 1:1.11.21-1 + + + 0:2.9.8-3 + + + 0:1.18-3 + + + 0:2.13-7 + + + 0:9.0.31-1 + + + 1:1.31.2-1 + + + 0:0.9.60-2 + + + 0:0.9.58.2-2 + + + 0:0.74-3-1 + + + 0:0.3.4-2 + + + 0:6.0.20-1 + + + 0:0.5.1-0.1 + + + 0:1.0.5-1 + + + 0:1.3.6-6build2 + + + 1:16.2.1~dfsg-2build2 + + + 0:2019.78-2build1 + + + 0:0.57.0-2ubuntu4 + + + 0:2.34-5ubuntu1 + + + 0:2.3.1-1ubuntu4 + + + 0:2.0.2+ds-6 + + + 0:0.14.2-1ubuntu2 + + + 0:2.2.19-3ubuntu1 + + + 0:1.5.17-3 + + + 0:4.3.1-3ubuntu2.1 + + + 0:1.0.12-1 + + + 0:6.9.2-1 + + + 0:4.3.29-1 + + + 0:0.76.1-0ubuntu4 + + + 0:1.6.0-1 + + + 0:1.9.12~dfsg-2ubuntu2 + + + 0:1.14.3+ds1-11 + + + 0:3.2.0-1 + + + 0:1.14.3+ds1-10 + + + 0:4.9.2-1.1 + + + 0:14.4.2+git20190427-2 + + + 0:3.11.1-1 + + + 0:1.2.15+dfsg2-5 + + + 0:2.0.10+dfsg1-1ubuntu1 + + + 0:2.0.5+dfsg1-2 + + + 0:1.2.12-12 + + + 0:4.1.0+dfsg-2 + + + 0:4.1.7-1 + + + 0:79.0.3945.79-0ubuntu1 + + + 0:3.31.1-1ubuntu1 + + + 0:3.0.8-2 + + + 0:0.3.2-2 + + + 0:0.16-1 + + + 0:2.7.2-5 + + + 0:3.95-2 + + + 0:4.2.0+dfsg-3 + + + 0:5.6.4-9 + + + 0:4.1.0-2 + + + 1:4.2-1ubuntu1 + + + 0:0.3.2-1 + + + 0:2.9.9.3-1 + + + 0:1.6.18-1 + + + 0:3.1.6-1 + + + 0:1.02.00+dfsg-2 + + + 2:20190805-1 + + + 0:2.7.4+reloaded3-10 + + + 0:0~20191122.bd85bf54-1ubuntu1 + + + 0:1.1.23-2build1 + + + 0:5.60.0-0ubuntu2 + + + 0:18.11.4-1 + + + 0:1.4.2.4-1 + + + 0:2.80-1.1ubuntu1.2 + + + 0:1.14.2-3 + + + 0:2.2.19-3ubuntu2 + + + 0:1.5.10-1 + + + 0:2020.0.0-5 + + + 2:4.11.5+dfsg-1ubuntu1 + + + 0:2.9.4+dfsg-1 + + + 0:0.18-2 + + + 0:2.18.1-1 + + + 0:4.0.10+git191003-1 + + + 0:2.3.1+dfsg-1 + + + 0:10.19.0~dfsg-3ubuntu1 + + + 0:0~20191122.bd85bf54-2 + + + 0:1.1.1d-2ubuntu1 + + + 0:0.9.12+dfsg-8 + + + 0:1.9.0-2 + + + 0:1.10.1+dfsg-1 + + + 0:9.2.1-28ubuntu1 + + + 0:0.4.1-1 + + + 0:78.0.3904.70-0ubuntu1 + + + 0:2.2.7-2 + + + 0:2.0.6+ds-2 + + + 0:0.20.0-1 + + + 0:2.7.17~rc1-1 + + + 0:5.4.0-42.46 + + + 0:5.4.0-1020.20 + + + 0:5.4.0-1022.22 + + + 0:5.4.0-1021.21 + + + 0:5.4.0.42 + + + 0:5.4.0.1020 + + + 0:5.4.0.1022 + + + 0:5.4.0.1021 + + + 0:5.4.0.1015 + + + 0:5.4.0.30 + + + 0:5.4.0-1015.15 + + + 0:5.4.0-30.34 + + + 0:6.9.4-1 + + + 0:1.13.1-1ubuntu1 + + + 0:6.0.23-2 + + + 0:3.2.5-1 + + + 0:4.2.0+dfsg-1 + + + 0:0.60.0-2 + + + 0:5.3.2+dfsg1-1 + + + 0:1.4.1-1 + + + 1:4.1.33-3 + + + 0:1.0.0~rc8+git20190923.3e425f80-0ubuntu1 + + + 0:2.7.17-1ubuntu5 + + + 0:3.8.0~rc1-1 + + + 1:68.3.0+build2-0ubuntu1 + + + 0:72.0.1+build1-0ubuntu1 + + + 1:68.4.1+build1-0ubuntu1 + + + 0:8.2001.0-1ubuntu1 + + + 0:0.73-1 + + + 0:3.0.20+dfsg-3build1 + + + 0:4.11.3+24-g14b62ab3e5-1ubuntu1 + + + 0:1.18.2-3 + + + 0:0.7-2 + + + 1:0.5.31-1 + + + 0:2.7.18-1~20.04.1 + + + 0:3.8.2-1ubuntu1.2 + + + 0:2.10.1-1 + + + 0:8.8.3-3 + + + 0:2.4.2+dfsg-2 + + + 0:1.2.17-9 + + + 0:6.1+20191019-1ubuntu1 + + + 0:1.13.3-1ubuntu1 + + + 0:9.4.26-1 + + + 0:5.2.4+dfsg1-1 + + + 0:6.0.24-1 + + + 0:1.1.9.2-1 + + + 0:2.7.18~rc1-2 + + + 0:3.8.2-1ubuntu1.1 + + + 0:5.4.0-48.52 + + + 0:5.4.0-1025.25 + + + 0:5.4.0-1026.26 + + + 0:5.4.0-1024.24 + + + 0:5.4.0.48 + + + 0:5.4.0.1025 + + + 0:5.4.0.1026 + + + 0:5.4.0.1024 + + + 0:5.4.0.1019 + + + 0:5.4.0.34 + + + 0:5.4.0-1019.21 + + + 0:5.4.0-34.38 + + + 0:3.0.12-1 + + + 0:2019.11.09-2 + + + 1:3.04-1 + + + 0:3.4.0-1ubuntu2 + + + 0:3.34.0-2 + + + 0:3.0.7-1 + + + 1:3.2.7b-3 + + + 0:4.2.1+dfsg-1 + + + 0:4.1.2+dfsg-5 + + + 1:1.31.6-1 + + + 0:3.0.9.2-1 + + + 0:5.4.0-51.56 + + + 0:5.4.0-1028.29 + + + 0:5.4.0-1031.32 + + + 0:5.4.0-1026.27 + + + 0:5.4.0.51 + + + 0:5.4.0.1028 + + + 0:5.4.0.1031 + + + 0:5.4.0.36 + + + 0:5.4.0-1021.24 + + + 0:5.4.0-36.41 + + + 0:2.0.7+ds-2 + + + 0:8.7.0-6ubuntu1 + + + 3:4.5.3-1 + + + 0:4.2.1-19 + + + 0:1.0.0~rc10-0ubuntu1 + + + 0:1.4+really1.3.34+hg16181-1 + + + 0:4.3.0+dfsg-2 + + + 0:0.9~dfsg0-1 + + + 0:5.8-3ubuntu1 + + + 0:6.0.3+dfsg-1 + + + 0:1.0.49-2 + + + 2:2.18.06-1+deb10u1build0.20.04.1 + + + 1:4.2-3ubuntu1 + + + 0:244-3ubuntu1 + + + 0:0.6.36-2 + + + 0:2.9.10+dfsg-5 + + + 1:4.1.45-1 + + + 0:2.48.7-1ubuntu0.20.04.1 + + + 0:10.34-7 + + + 0:74.0+build3-0ubuntu1 + + + 1:68.6.0+build2-0ubuntu1 + + + 0:2.9-1ubuntu4 + + + 0:0.20.0-3 + + + 2:8.1.2269-1ubuntu5 + + + 0:0.9.12+dfsg-9ubuntu0.2 + + + 0:20.0.2-5ubuntu1 + + + 0:3.4.0-2ubuntu1 + + + 3:4.7.2-1 + + + 0:1.8.1-2 + + + 0:2.3.1-9ubuntu1.1 + + + 0:8u212-b01-1 + + + 0:11.0.1+13-3ubuntu3.19.04.1 + + + 0:4.0.6-2 + + + 0:1.9.4-2ubuntu1.2 + + + 0:6.0.6-dfsg-1 + + + 0:8u212-b03-0ubuntu1 + + + 0:11.0.4+1-1ubuntu1 + + + 1:10.3.17-1 + + + 0:8u232-b09-1 + + + 0:11.0.5+10-2ubuntu1 + + + 0:8.0.18-0ubuntu3 + + + 0:6.0.14-dfsg-1 + + + 1:10.3.19-1 + + + 0:1.6.14 + + + 0:1.17.6-2 + + + 0:0.26 + + + 0:1.34.0-4 + + + 1:1.3.4-2.5ubuntu3.3 + + + 0:4.1.9-1 + + + 0:3.31.4+git20190225-1ubuntu1 + + + 0:2.7.1+ds-3 + + + 0:1.8.0-2.1 + + + 0:1.16.1-2 + + + 0:4.8.2-1ubuntu4 + + + 0:3.3.3+ds-3 + + + 2:5.2.2.1+dfsg-1ubuntu1 + + + 0:3.45.1-3 + + + 0:6.0.0-2 + + + 0:1.10.4+dfsg1-1 + + + 0:10.15.2~dfsg-1 + + + 0:74.0.3729.131-0ubuntu1 + + + 0:3.27.2-3 + + + 0:0.34.1.1-1 + + + 1:7.9p1-6 + + + 1:7.9p1-10 + + + 0:1.14.0+ds1-3 + + + 0:2.22.6-1 + + + 0:2.22.0-1 + + + 0:2018.11.26-1 + + + 0:1.32.3-2 + + + 0:8.7.4-1 + + + 0:1.2.18+ds1-2ubuntu1 + + + 0:0.17-21 + + + 0:2018.11.26-1.1 + + + 0:1.6.36-5 + + + 0:8u222-b10-1ubuntu2 + + + 0:11.0.4+11-1ubuntu2 + + + 0:2.01.5-2 + + + 0:4.2.2-2 + + + 0:2.8.75-1 + + + 0:3.4.1+dfsg-1 + + + 0:4.3.1+dfsg2-1 + + + 0:1.8.3-1 + + + 0:14.4.2+git20190427-1 + + + 0:4.3.1-2 + + + 0:2.1-2.1build1 + + + 0:5.3.28+dfsg1-0.6ubuntu1 + + + 0:2.24.2-1 + + + 0:2.26.1-3 + + + 0:2.25.4-1ubuntu1 + + + 0:2.24.4-1 + + + 0:2.24.0-1 + + + 0:2.26.2-1 + + + 0:2.26.3-1ubuntu2 + + + 1:4.2.8p12+dfsg-3ubuntu4.20.04.1 + + + 0:2.3.2-1 + + + 0:5.0.3+dfsg1-1 + + + 0:0.3.5.8-1 + + + 0:1.5.13-3 + + + 0:3.20190228-1 + + + 0:1.39.2-1 + + + 0:1.16.1-0ubuntu1 + + + 0:2.2.5+dfsg2-3 + + + 0:8.0.5+ds-1 + + + 0:18.9.0-6ubuntu1 + + + 0:8.0.5+ds-3 + + + 0:1.1.9-1 + + + 0:2018.20181218.49446-2 + + + 1:0.9.15-2build1 + + + 0:8.26-1 + + + 0:5.1.1+dfsg1-1 + + + 0:66.0+build3-0ubuntu1 + + + 0:66.0.1+build1-0ubuntu1 + + + 0:69.0+build2-0ubuntu1 + + + 0:0.70-6 + + + 0:1.30+dfsg-7ubuntu0.20.04.1 + + + 0:0.6.21-6ubuntu0.3 + + + 0:5.4.0-56.62 + + + 0:5.4.0-1030.31 + + + 0:5.4.0-1032.33 + + + 0:5.4.0-1030.32 + + + 0:5.8.0-31.33~20.04.1 + + + 0:5.4.0.56 + + + 0:5.4.0.1030 + + + 0:5.4.0.1032 + + + 0:5.8.0.31 + + + 0:5.6.0.1053 + + + 0:5.4.0.1023 + + + 0:5.4.0.37 + + + 0:5.6.0-1053.57 + + + 0:5.4.0-1023.26 + + + 0:5.4.0-37.42 + + + 0:2.28.0-1ubuntu2 + + + 0:2.31-0ubuntu9 + + + 0:5.6.0.1048 + + + 0:5.6.0-1048.52 + + + 0:7.0.0-4ubuntu0.1 + + + 0:0.4.2.7-1 + + + 0:2.3.0+dfsg-1build1 + + + 0:2.7.0-5ubuntu1.2 + + + 0:2.9.6+dfsg-1 + + + 0:15.2.7-0ubuntu0.20.04.2 + + + 2:16.1.0-0ubuntu1 + + + 0:3.0.1-0ubuntu1.2 + + + 0:4.1.0-2ubuntu2.1 + + + 0:1.3.9-4ubuntu0.1 + + + 0:5.4.0-45.49 + + + 0:5.4.0-1023.23 + + + 0:5.4.0.45 + + + 0:5.4.0.1016 + + + 0:5.4.0.31 + + + 0:5.4.0-1016.17 + + + 0:5.4.0-31.35 + + + 4:4.9.5+dfsg1-1ubuntu1 + + + 1:1.31.7-1 + + + 0:2.1.1+dfsg1-0ubuntu0.20.04.1 + + + 0:2.2.0+dfsg1-0ubuntu0.20.04.1 + + + 0:3.31.1-4ubuntu0.1 + + + 0:0.60-1+deb10u1ubuntu1 + + + 0:2.28.1-1 + + + 1:4.0.17+dfsg-1 + + + 1:4.2-3ubuntu6.12 + + + 0:2.4.41-4ubuntu3.1 + + + 0:1.3.2-4ubuntu0.1 + + + 0:9.0.31-1ubuntu0.1 + + + 0:0.7.2-5ubuntu1.1 + + + 0:0.2.69ubuntu0.1 + + + 0:0.18-1ubuntu1 + + + 0:0.28.4+dfsg.1-2 + + + 0:76.0+build2-0ubuntu0.20.04.1 + + + 1:68.8.0+build2-0ubuntu0.20.04.2 + + + 0:77.0.1+build1-0ubuntu0.20.04.1 + + + 1:68.10.0+build1-0ubuntu0.20.04.1 + + + 0:78.0.1+build1-0ubuntu0.20.04.1 + + + 1:78.7.1+build1-0ubuntu0.20.04.1 + + + 0:1.9.4-2ubuntu1.1 + + + 2:17.0.0-0ubuntu0.20.04.1 + + + 0:1.2.3-0ubuntu0.20.04.1 + + + 0:1.2.1+dfsg-1ubuntu0.20.04.1 + + + 2:2.9-1ubuntu4.2 + + + 1:6.4.3-0ubuntu0.20.04.1 + + + 1:4.2-3ubuntu6.4 + + + 0:5.6.0.1028 + + + 0:5.6.0-1028.28 + + + 1:10.3.25-0ubuntu0.20.04.1 + + + 0:245.4-4ubuntu3.10 + + + 0:2.30.3-0ubuntu0.20.04.1 + + + 0:2.30.5-0ubuntu0.20.04.1 + + + 0:2.28.3-0ubuntu0.20.04.1 + + + 1:4.2-3ubuntu6.3 + + + 0:10.2.0-5ubuntu1~20.04 + + + 0:1.3.8-2+deb8u1build0.20.04.1 + + + 0:2.4.41-4ubuntu3.3 + + + 0:1.17.0-4ubuntu0.1 + + + 0:12.4-0ubuntu0.20.04.1 + + + 0:0.14.2-4ubuntu3.1 + + + 0:3.5-6ubuntu6.2 + + + 0:1.167.2 + + + 0:2.04-1ubuntu44.2 + + + 0:5.6.0.1031 + + + 0:5.6.0-1031.32 + + + 0:1.643-1 + + + 0:8.0.21-0ubuntu0.20.04.3 + + + 0:8u265-b01-0ubuntu2~20.04 + + + 0:11.0.8+10-0ubuntu1~20.04 + + + 0:8.0.20-0ubuntu0.20.04.1 + + + 0:8.0.22-0ubuntu0.20.04.2 + + + 0:5.7 only + + + 0:8u272-b10-0ubuntu1~20.04 + + + 0:11.0.9+11-0ubuntu1~20.04 + + + 0:8.0.21-0ubuntu0.20.04.4 + + + 0:1.13.2-1ubuntu0.2 + + + 0:2.4.7-1ubuntu2.20.04.2 + + + 0:4.12-8ubuntu0.20.04.1 + + + 0:82.0+build2-0ubuntu0.20.04.1 + + + 0:2.3.1-1ubuntu4.20.04.1 + + + 1:4.2-3ubuntu6.17 + + + 0:8.0.19-0ubuntu4 + + + 0:79.0+build1-0ubuntu0.20.04.1 + + + 0:80.0+build2-0ubuntu0.20.04.1 + + + 0:78.7.1+build1-0ubuntu0.20.04.1 + + + 0:81.0+build2-0ubuntu0.20.04.1 + + + 1:78.5.0+build3-0ubuntu0.20.04.1 + + + 0:2.10.1-2ubuntu0.1 + + + 0:83.0+build2-0ubuntu0.20.04.1 + + + 0:84.0+build3-0ubuntu0.20.04.1 + + + 0:84.0.2+build1-0ubuntu0.20.04.1 + + + 4:19.12.3-0ubuntu1.1 + + + 0:3.36.3-0ubuntu1.1 + + + 0:2.6.0-2ubuntu0.1 + + + 0:3.36.3-0ubuntu0.20.04.2 + + + 0:244.1-0ubuntu3 + + + 1:4.2-3ubuntu6.10 + + + 0:15.2.1-0ubuntu1 + + + 0:6.0.25-1 + + + 8:6.9.10.23+dfsg-2.1ubuntu11.4 + + + 0:1.1.1f-1ubuntu2 + + + 0:4.1.0-2ubuntu2 + + + 0:8.9.1-2 + + + 0:3.20210608.0ubuntu0.20.04.1 + + + 0:1.14.3-2ubuntu2~20.04.2 + + + 0:5.4.0-77.86 + + + 0:5.4.0-1051.53 + + + 0:5.8.0-1038.40~20.04.1 + + + 0:5.8.0-1036.38~20.04.1 + + + 0:5.4.0-1046.49 + + + 0:5.4.0-1046.48 + + + 0:5.4.0-1018.19 + + + 0:5.8.0-59.66~20.04.1 + + + 0:5.4.0-1041.42 + + + 0:5.4.0.77 + + + 0:5.4.0.1051 + + + 0:5.8.0.1038 + + + 0:5.8.0.1036 + + + 0:5.4.0.1046 + + + 0:5.4.0.1018 + + + 0:5.8.0.59 + + + 0:5.4.0.1041 + + + 0:5.10.0.1032 + + + 0:5.4.0.1048 + + + 0:5.4.0.1038 + + + 0:5.8.0.29 + + + 0:5.10.0-1032.33 + + + 0:5.4.0-1048.52 + + + 0:5.8.0-1033.34~20.04.1 + + + 0:5.4.0-1038.41 + + + 0:5.8.0-29.31~20.04.1 + + + 0:2.9.10+dfsg-5ubuntu0.20.04.1 + + + 0:5.4.0-73.82 + + + 0:5.4.0-1048.50 + + + 0:5.4.0-1047.49 + + + 0:5.4.0-1043.46 + + + 0:5.4.0-1043.45 + + + 0:5.4.0-1015.16 + + + 0:5.8.0-53.60~20.04.1 + + + 0:5.4.0-1039.40 + + + 0:5.4.0.73 + + + 0:5.4.0.1047 + + + 0:5.4.0.1043 + + + 0:5.8.0.53 + + + 0:5.4.0.1039 + + + 0:5.10.0.1021 + + + 0:5.4.0.1045 + + + 0:5.4.0.1035 + + + 0:5.8.0.25 + + + 0:5.10.0-1021.22 + + + 0:5.4.0-1045.49 + + + 0:5.4.0-1035.38 + + + 0:5.8.0-25.27~20.04.1 + + + 0:0.19.0-2ubuntu0.2 + + + 0:5.4.0-59.65 + + + 0:5.4.0-1034.35 + + + 0:5.4.0-1035.36 + + + 0:5.8.0-44.50~20.04.1 + + + 0:5.4.0.59 + + + 0:5.4.0.1034 + + + 0:5.8.0.44 + + + 0:5.6.0.1050 + + + 0:5.4.0.40 + + + 0:5.8.0.17 + + + 0:5.6.0-1050.54 + + + 0:5.4.0-1034.36 + + + 0:5.4.0-1026.29 + + + 0:5.4.0-40.45 + + + 0:5.8.0-17.19~20.04.1 + + + 0:5.4.0-66.74 + + + 0:5.4.0-1038.40 + + + 0:5.4.0-1040.42 + + + 0:5.4.0-1037.40 + + + 0:5.4.0-1036.38 + + + 0:5.4.0-1010.11 + + + 0:5.4.0-1033.34 + + + 0:5.4.0.66 + + + 0:5.4.0.1040 + + + 0:5.4.0.1037 + + + 0:5.4.0.1036 + + + 0:5.4.0.1010 + + + 0:5.4.0.1029 + + + 0:5.4.0-1029.32 + + + 0:5.4.0-74.83 + + + 0:5.4.0-1049.51 + + + 0:5.4.0-1044.47 + + + 0:5.4.0-1044.46 + + + 0:5.4.0-1040.41 + + + 0:5.4.0.74 + + + 0:5.4.0.1049 + + + 0:5.4.0.1044 + + + 0:5.10.0.1025 + + + 0:5.10.0-1025.26 + + + 0:5.4.0-1046.50 + + + 0:5.4.0-1036.39 + + + 0:15.2.12-0ubuntu0.20.04.1 + + + 0:12.5-0ubuntu0.20.04.1 + + + 0:8.0.19-0ubuntu2 + + + 0:0.9.12+dfsg-9ubuntu0.3 + + + 0:3.22.0-5ubuntu2.2 + + + 1:10.3.22-1 + + + 0:6.1.6-dfsg-1 + + + 0:8.0.18-0ubuntu5 + + + 0:13.0.2+8-1 + + + 0:8u242-b08-0ubuntu3 + + + 0:11.0.6+10-1ubuntu1 + + + 0:3.9.0-5~20.04 + + + 0:1.25.8-2ubuntu0.1 + + + 0:1.4.11.1-1ubuntu0.1 + + + 0:5.53-0ubuntu3.2 + + + 0:5.4.0-78.87 + + + 0:5.4.0-1052.54 + + + 0:5.4.0-1047.50 + + + 0:5.4.0-1019.20 + + + 0:5.4.0-1042.43 + + + 0:5.4.0.78 + + + 0:5.4.0.1052 + + + 0:5.4.0.1042 + + + 0:5.4.0-1052.56 + + + 0:5.4.0-1039.42 + + + 0:6.1.2-dfsg-1 + + + 0:1.61-1 + + + 0:82.0.3+build1-0ubuntu0.20.04.1 + + + 0:5.4.0-70.78 + + + 0:5.4.0-1041.43 + + + 0:5.4.0-1040.43 + + + 0:5.4.0-1039.41 + + + 0:5.4.0-1012.13 + + + 0:5.8.0-48.54~20.04.1 + + + 0:5.4.0-1036.37 + + + 0:5.4.0.70 + + + 0:5.4.0.1012 + + + 0:5.8.0.48 + + + 0:5.10.0.1019 + + + 0:5.6.0.1052 + + + 0:5.8.0.20 + + + 0:5.10.0-1019.20 + + + 0:5.6.0-1052.56 + + + 0:5.4.0-1041.44 + + + 0:5.4.0-1032.35 + + + 0:5.8.0-20.22~20.04.1 + + + 0:6.1.4-dfsg-2 + + + 0:8.0.18-0ubuntu1 + + + 0:3.8.5-1~20.04.2 + + + 0:5.10.0.1011 + + + 0:5.10.0-1011.12 + + + 0:2.30.6-0ubuntu0.20.04.1 + + + 0:4.93-13ubuntu1.5 + + + 0:4.93-13ubuntu1.1 + + + 0:1.4.2-0ubuntu1.20.04.1 + + + 0:1.8.0-3 + + + 0:1.13.2-1ubuntu0.3 + + + 1:1.10.9+submodules+notgz-1ubuntu0.20.04.1 + + + 0:5.6.0.1039 + + + 0:5.6.0-1039.43 + + + 0:4.1.0-2ubuntu2.2 + + + 0:0.23.20-1ubuntu0.1 + + + 0:5.8.0-34.37~20.04.2 + + + 0:5.8.0.34 + + + 0:2.31-0ubuntu9.1 + + + 0:7.6+dfsg-2ubuntu0.20.04.1 + + + 0:2.34-6ubuntu1 + + + 0:5.6.0.1056 + + + 0:5.6.0-1056.60 + + + 0:4.1.0+git191117-2ubuntu0.20.04.1 + + + 0:7.0.0-4ubuntu0.2 + + + 0:5.4.0-67.75 + + + 0:5.4.0-1037.39 + + + 0:5.4.0-1011.12 + + + 0:5.8.0-45.51~20.04.1 + + + 0:5.4.0.67 + + + 0:5.4.0.1011 + + + 0:5.8.0.45 + + + 0:5.8.0.18 + + + 0:5.4.0-1030.33 + + + 0:5.8.0-18.20~20.04.1 + + + 0:2.4.49+dfsg-2ubuntu1.6 + + + 0:2.26.4-1ubuntu1 + + + 0:2.28.2-0ubuntu0.20.04.1 + + + 0:4.6.6-2.1~0.20.04.1 + + + 0:3.3.1-1 + + + 0:1.18.4-1 + + + 0:3.6.0-4 + + + 0:1.16.2-3 + + + 0:4.0.0-2ubuntu1 + + + 0:73.0+build3-0ubuntu1 + + + 0:75.0+build3-0ubuntu1 + + + 1:68.7.0+build1-0ubuntu1 + + + 0:1.0~dfsg0-1 + + + 1:1.0.17-10 + + + 0:7.4.3-4ubuntu2.5 + + + 0:0.14.0-6 + + + 0:1.2.9+ds1-1ubuntu1 + + + 0:6.6.2p1-1 + + + 0:1.2.5-1 + + + 0:18.1.1-1 + + + 0:0.1.2-1+deb9u1build0.20.04.1 + + + 0:1.13.7-1ubuntu1 + + + 0:1.14~rc1-1 + + + 0:0.0~hg20200128.09e7e880e056+dfsg-1 + + + 0:5.2.0-1 + + + 0:2.0.7-2ubuntu0.1 + + + 0:2.4.7-2+4.1ubuntu5 + + + 0:4.1.0-2ubuntu1 + + + 0:19.4-56-g06e324ff-0ubuntu1 + + + 0:6.6.4p1-1 + + + 0:1.2.10+ds1-1ubuntu1 + + + 0:20190801-0ubuntu4.1 + + + 0:1.3.6c-1 + + + 0:1.0.49-4 + + + 0:1.2.11-1 + + + 4:19.12.3-2ubuntu1 + + + 1:10.0.0~b3~git2020032516.cb016333-0ubuntu1 + + + 0:2.28.4-0ubuntu0.20.04.1 + + + 0:5.4.0-71.79 + + + 0:5.4.0-1013.14 + + + 0:5.4.0-1037.38 + + + 0:5.4.0.71 + + + 0:5.4.0.1013 + + + 0:5.4.0-1042.45 + + + 0:5.4.0-1033.36 + + + 0:390.143-0ubuntu0.20.04.1 + + + 0:418.197.02-0ubuntu0.20.04.1 + + + 0:450.119.03-0ubuntu0.20.04.1 + + + 0:460.73.01-0ubuntu0.20.04.1 + + + 0:390.144-0ubuntu0.20.04.1 + + + 0:418.211.00-0ubuntu0.20.04.1 + + + 0:450.142.00-0ubuntu0.20.04.1 + + + 0:460.91.03-0ubuntu0.20.04.1 + + + 0:2.32.0-0ubuntu0.20.04.1 + + + 0:8.0.19-0ubuntu5 + + + 0:8.0.23-0ubuntu0.20.04.1 + + + 0:5.10.0.1017 + + + 0:5.10.0-1017.18 + + + 0:3.0.28-2ubuntu0.1 + + + 0:5.8.0-49.55~20.04.1 + + + 0:5.8.0.49 + + + 0:5.8.0.22 + + + 0:5.8.0-22.24~20.04.1 + + + 0:5.10.0.1014 + + + 0:5.10.0-1014.15 + + + 0:2.3.1+dfsg-1ubuntu2.1 + + + 0:3.5.1+really3.5.1-2ubuntu0.1 + + + 0:1.3.3-0ubuntu2.3 + + + 0:1.4.11.1-1ubuntu0.2 + + + 0:0.25.1-2ubuntu1.1 + + + 0:8.0.25-0ubuntu0.20.04.1 + + + 0:8u292-b10-0ubuntu1~20.04 + + + 0:11.0.11+9-0ubuntu2~20.04 + + + 0:3.8.2-0ubuntu1.3 + + + 0:11.88-1ubuntu0.1 + + + 0:5.8.0-55.62~20.04.1 + + + 0:5.8.0.55 + + + 0:5.8.0.26 + + + 0:5.8.0-26.28~20.04.1 + + + 0:7.68.0-1ubuntu2.5 + + + 0:1.34.2-1ubuntu1.3 + + + 0:1.18.0-0ubuntu1.2 + + + 0:5.8.0-1041.43~20.04.1 + + + 0:5.8.0-1037.39~20.04.1 + + + 0:5.8.0-60.67~20.04.1 + + + 0:5.8.0.1041 + + + 0:5.8.0.1037 + + + 0:5.8.0.60 + + + 0:5.8.0.30 + + + 0:5.8.0-1037.38~20.04.1 + + + 0:5.8.0-30.32~20.04.1 + + + 0:1.8.31-1ubuntu1.2 + + + 2:2.2.12-1ubuntu0.4 + + + 0:3.9.5-3~20.04.1 + + + 0:1.1.1f-1ubuntu2.2 + + + 0:85.0+build1-0ubuntu0.20.04.1 + + + 1:78.11.0+build1-0ubuntu0.20.04.2 + + + 0:86.0+build3-0ubuntu0.20.04.1 + + + 1:78.8.1+build1-0ubuntu0.20.04.1 + + + 0:87.0+build3-0ubuntu0.20.04.2 + + + 0:88.0+build2-0ubuntu0.20.04.1 + + + 0:1.4.4+dfsg-3ubuntu0.1 + + + 1:9.16.1-0ubuntu2.8 + + + 0:4.4.1-2.1ubuntu5.20.04.2 + + + 0:7.0.0-4ubuntu0.4 + + + 0:7.0.0-4ubuntu0.3 + + + 0:5.8.0-43.49~20.04.1 + + + 0:5.8.0.43 + + + 0:5.10.0.1016 + + + 0:5.6.0.1047 + + + 0:5.8.0.16 + + + 0:5.10.0-1016.17 + + + 0:5.6.0-1047.51 + + + 0:5.8.0-16.18~20.04.1 + + + 0:0.7-4ubuntu7 + + + 0:2.4.49+dfsg-2ubuntu1.7 + + + 0:2.64.6-1~ubuntu20.04.2 + + + 0:2.3.1+dfsg-1ubuntu2.2 + + + 0:2.6.0-7ubuntu1.2 + + + 0:2.64.6-1~ubuntu20.04.3 + + + 0:0~20191122.bd85bf54-2ubuntu3.2 + + + 0:4.10-1ubuntu1.4 + + + 2:2.2.12-1ubuntu0.5 + + + 0:5.10.0.1035 + + + 0:5.10.0-1035.36 + + + 0:3.0.4+dfsg1-1ubuntu0.1 + + + 0:2.7.0-5ubuntu1.4 + + + 0:5.4.0-72.80 + + + 0:5.4.0-1045.47 + + + 0:5.4.0-1042.44 + + + 0:5.4.0-1014.15 + + + 0:5.8.0-50.56~20.04.1 + + + 0:5.4.0-1038.39 + + + 0:5.4.0.72 + + + 0:5.4.0.1014 + + + 0:5.8.0.50 + + + 0:5.10.0.1022 + + + 0:5.10.0-1022.23 + + + 0:5.4.0-1034.37 + + + 0:5.10.0.1029 + + + 0:5.10.0-1029.30 + + + 0:0.27.2-8ubuntu2.2 + + + 0:0.27.2-8ubuntu2.4 + + + 0:3.8.5-1~20.04.3 + + + 0:88.0.1+build1-0ubuntu0.20.04.2 + + + 0:89.0+build2-0ubuntu0.20.04.2 + + + 0:90.0+build1-0ubuntu0.20.04.1 + + + 0:1.0.0~rc93-0ubuntu1~20.04.2 + + + 0:1.5.2-5ubuntu0.20.04.1 + + + 2:1.6.9-2ubuntu1.2 + + + 2:2.2.12-1ubuntu0.6 + + + 0:3.0.4+dfsg1-1ubuntu0.2 + + + 0:12.7-0ubuntu0.20.04.1 + + + 2:2.2.12-1ubuntu0.7 + + + 0:3.5.27.1-14ubuntu0.1 + + + 0:2.20.11-0ubuntu27.18 + + + 0:1.5.2-0ubuntu1~20.04.2 + + + 1:2.3.7.2-1ubuntu3.4 + + + 0:1.2.3-0ubuntu0.20.04.2 + + + 0:5.4.0-80.90 + + + 0:5.4.0-1054.57 + + + 0:5.4.0-1055.57 + + + 0:5.8.0-1039.42~20.04.1 + + + 0:5.4.0-1049.53 + + + 0:5.4.0-1049.52 + + + 0:5.4.0-1021.22 + + + 0:5.8.0-63.71~20.04.1 + + + 0:5.4.0.80 + + + 0:5.4.0.1054 + + + 0:5.4.0.1055 + + + 0:5.8.0.1039 + + + 0:5.8.0.63 + + + 0:5.10.0.1038 + + + 0:5.10.0-1038.40 + + + 0:5.4.0-1041.45 + + + 0:2.80-1.1ubuntu1.4 + + + 0:0.7-4ubuntu7.1 + + + 2:1.20.9-2ubuntu1.2~20.04.2 + + + 0:2.3.0-6ubuntu0.5 + + + 0:5.10.0.1026 + + + 0:5.10.0-1026.27 + + + 0:5.6.0.1054 + + + 0:5.6.0-1054.58 + + + 0:1.9.2-2ubuntu0.20.04.1 + + + 0:1.16.2-4ubuntu0.1 + + + 0:6.0.0-0ubuntu8.9 + + + 0:0.105-26ubuntu1.1 + + + 0:0.4.21-7ubuntu0.20.04.1 + + + 0:3.5.1+really3.5.1-2ubuntu0.2 + + + 0:1.1.1f-1ubuntu2.4 + + + 0:5.10.0.1033 + + + 0:5.10.0-1033.34 + + + 1:4.2-3ubuntu6.16 + + + 0:1.06-6.2~deb10u1build0.20.04.1 + + + 1:3.2.5.c-7 + + + 1:1.22.0-9ubuntu1 + + + 1:1.27.2-2ubuntu3 + + + 1:2.3.15-1ubuntu1 + + + 0:3.12.0-2 + + + 0:2.34.1-1 + + + 0:0.14-1 + + + 0:2.5.11ubuntu13 + + + 1:1.2.8-6ubuntu4 + + + 1:1.32.2-4ubuntu2.2 + + + 1:2.3.15-3ubuntu1 + + + 0:3.3.8-3ubuntu2 + + + 0:2.00-20 + + + 0:5.02-1 + + + 0:0.3.7.beta-20 + + + 1:5.22+15-2ubuntu1 + + + 1:1.22.0-15ubuntu1 + + + 1:5.25-2ubuntu1 + + + 0:4.3-17 + + + 0:6.0-21ubuntu1 + + + 0:0.105-11 + + + 0:0.105-11ubuntu1 + + + 0:10.2.2-0ubuntu5 + + + 0:6.14.12-3.2 + + + 0:0.7.19-1 + + + 0:2.13.1-0ubuntu0.20.04.3 + + + 0:1.14.3+dfsg-2ubuntu1 + + + 0:4.4-2ubuntu1 + + + 1:7.4p1-1 + + + 1:2.8+dfsg-3ubuntu2 + + + 0:0.168-0.2 + + + 1:7.5p1-10 + + + 0:2.8-2 + + + 1:1.27.2-1ubuntu3 + + + 0:4.3.5-3ubuntu2 + + + 0:2.4-0ubuntu10 + + + 0:2.1.0-1.ubuntu1 + + + 0:12.2.0-0ubuntu1 + + + 0:2.4.0-4ubuntu1 + + + 0:1.8.19p1-1ubuntu1 + + + 0:7.55.1-1ubuntu2.1 + + + 1:2.8+dfsg-3ubuntu2.1 + + + 0:0.13-4.1 + + + 0:1.9.5-1ubuntu1 + + + 0:4.4-5ubuntu1 + + + 0:1.2.2-6.2ubuntu1 + + + 0:1.15.1-2 + + + 0:2.40.18-1 + + + 0:1.9.4-2build4 + + + 0:1.0.28-3 + + + 0:1.7.0-3 + + + 1:2.11+dfsg-1ubuntu1 + + + 0:1.0.28-6 + + + 0:2.79-1 + + + 1:1.6-2 + + + 1:1.27.2-1ubuntu4 + + + 1:7.6p1-4 + + + 0:5.1.2-1 + + + 0:4.3.5-3ubuntu5 + + + 0:0.31.1-1 + + + 0:0.31.2-1 + + + 0:1.0.27-1~experimental3ubuntu2 + + + 1:4.2.8p10+dfsg-5ubuntu1 + + + 0:0.13.1-1build2 + + + 1:2.8+dfsg-3ubuntu3 + + + 0:2.4.0-5ubuntu1 + + + 0:0.170-0.4 + + + 0:3.5.8-5ubuntu1 + + + 0:2.3.0-6ubuntu0.1 + + + 2:1.2.4-11 + + + 2:1.2.4-11build1 + + + 1:2.1.27-1 + + + 0:1.1.1a-1ubuntu2 + + + 0:6.0-22ubuntu1 + + + 1:1.30.1-4ubuntu6.2 + + + 1:1.27.2-2ubuntu5 + + + 0:2.0.0~git20181120.1.e21b72c95+dfsg1-1 + + + 0:5.0.0-1ubuntu2 + + + 1:2.12+dfsg-3ubuntu9 + + + 0:4.0.10-3 + + + 0:3.0.2-2 + + + 0:5.1.9-1 + + + 0:3.1.12~ds-3 + + + 1:1.2.46-1 + + + 1:2.12+dfsg-3ubuntu8 + + + 0:2.6.6-1~ubuntu14.04.0 + + + 0:0~20181115.85588389-3ubuntu1 + + + 0:9.4.15-1~18.04.1ubuntu1 + + + 1:2.1.27-1.1 + + + 0:3.5.5+~3.2.7-1 + + + 0:0.6.55-0ubuntu10 + + + 2:14.0.0-0ubuntu2 + + + 7:4.0.3-1 + + + 0:0.06-1 + + + 0:5.7.4-1 + + + 1:3.1+dfsg-2ubuntu1 + + + 1:4.2-3ubuntu6.1 + + + 0:0.6.21-5.1 + + + 0:0.7.1-4 + + + 0:1.30+dfsg-6 + + + 0:5.4.0.1002 + + + 0:5.4.0-1002.4 + + + 0:4.5.1.1-1.1build1 + + + 0:1.1.1-1ubuntu2 + + + 1:2.11+dfsg-1ubuntu2 + + + 0:2.2.5-4ubuntu1 + + + 0:4.0.0-1ubuntu2 + + + 7:3.4.2-2build2 + + + 0:4.0.9-5 + + + 1:2.11+dfsg-1ubuntu9 + + + 0:3.22.0-1 + + + 0:0.13.0-2build1 + + + 0:2.4.38-2ubuntu2 + + + 0:0.10.3-3 + + + 0:5.4.0-0ubuntu3 + + + 0:0.19.0+dfsg-2 + + + 0:4.17.15+dfsg-2 + + + 0:2.2.5-5.2 + + + 0:7.4.3-4ubuntu2.2 + + + 0:3.2.4-1 + + + 0:3.20191115.1ubuntu1 + + + 7:4.1.3-1 + + + 0:3.0.8-6 + + + 0:1.8.3-2ubuntu4 + + + 0:0.7.git20120829-3.1 + + + 0:5.8.1+dfsg-3 + + + 0:4.10-1ubuntu1.1 + + + 0:4.10-1ubuntu1 + + + 0:4.9-2ubuntu1 + + + 0:4.9-2ubuntu4 + + + 7:4.1.4-1 + + + 0:0.0~git20190817.1.052dce1-1 + + + 0:6.0-25ubuntu1 + + + 7:4.2.4-1ubuntu0.1 + + + 7:4.2.1-2 + + + 0:0~20191122.bd85bf54-2ubuntu3 + + + 0:0~20191122.bd85bf54-2ubuntu3.1 + + + 0:5.4.0-18.22 + + + 0:5.4.0.18 + + + 0:0.16.1+dfsg1-2 + + + 0:3.4.2-3 + + + 0:2.9.2+dfsg-1 + + + 0:1.1.1f-1ubuntu1 + + + 0:1.19.1-1 + + + 0:1.4.0-1 + + + 0:6.2.1-2 + + + 0:0.8~dfsg0-1 + + + 0:1.3.2-7 + + + 0:1.0.7-1 + + + 0:3.12.0-4ubuntu1 + + + 0:2.0.0~git20190204.1.2693389a+dfsg1-2 + + + 0:0.8.1-6 + + + 0:5.4.0-1011.11 + + + 0:5.4.0-1012.12 + + + 0:5.6.0.1010 + + + 0:5.4.0.26 + + + 0:5.6.0-1010.10 + + + 0:5.4.0-26.30 + + + 0:2.31-0ubuntu7 + + + 0:1.8.31-1ubuntu1 + + + 0:0.16.105-2 + + + 0:5.6.0.1018 + + + 0:5.6.0-1018.18 + + + 0:1.9.7-1 + + + 0:5.4.0-21.25 + + + 0:5.4.0-1008.8 + + + 0:5.4.0.21 + + + 0:5.4.0-1009.9 + + + 0:5.4.0.1009 + + + 0:3.0.13-2ubuntu1 + + + 0:3.2.7-1 + + + 0:3.0.4-1 + + + 8:6.9.10.23+dfsg-2.1ubuntu11.1 + + + 0:2.9.10+dfsg-1ubuntu2 + + + 0:5.3-1ubuntu2 + + + 0:6.0.0-0ubuntu4 + + + 0:5.8+dfsg-2ubuntu2.1 + + + 0:2.3.1-4 + + + 1:3.1+dfsg-2ubuntu3 + + + 0:7.64.0-1ubuntu1 + + + 0:0.14.2-1ubuntu1 + + + 0:5.4.0-0ubuntu1 + + + 0:4.2.0+dfsg-5 + + + 0:1.22.4-2 + + + 1:3.1+dfsg-2ubuntu2 + + + 0:2.2.5-5.1 + + + 0:4.0+dfsg-0ubuntu9 + + + 0:2.30-0ubuntu2 + + + 0:5.4.0-37.41 + + + 0:5.4.0-1016.16 + + + 0:5.4.0.27 + + + 0:5.4.0-27.31 + + + 0:0.6.21-6ubuntu0.1 + + + 0:0.6.21-6ubuntu0.4 + + + 0:3.20200609.0ubuntu0.20.04.0 + + + 0:5.30.0-9ubuntu0.2 + + + 2:4.11.6+dfsg-0ubuntu1.1 + + + 1:4.2-3ubuntu5 + + + 0:6.0.0-0ubuntu6 + + + 0:5.4.0-40.44 + + + 0:5.4.0-1018.18 + + + 0:5.4.0-1019.19 + + + 0:5.6.0.1011 + + + 0:5.4.0.28 + + + 0:5.6.0-1011.11 + + + 0:5.4.0-1013.13 + + + 0:5.4.0-28.32 + + + 0:2.04-1ubuntu26.1 + + + 0:1.142.3 + + + 0:19.11.1-0ubuntu1.1 + + + 2:4.11.6+dfsg-0ubuntu1.3 + + + 0:5.6.0.1020 + + + 0:5.6.0-1020.20 + + + 0:2.7.0-5ubuntu1.3 + + + 1:2.3.7.2-1ubuntu3.1 + + + 0:5.4.0-1010.10 + + + 0:5.6.0.1008 + + + 0:5.6.0-1008.8 + + + 0:3.36.1-1ubuntu0.1 + + + 1:13.99.1-1ubuntu3.2 + + + 0:2.45.1+20.04.2 + + + 0:2.20.11-0ubuntu27.6 + + + 0:1.3-1ubuntu0.1 + + + 0:1.12.16-2ubuntu2.1 + + + 1:2.3.7.2-1ubuntu3.2 + + + 0:2.4.49+dfsg-2ubuntu1.2 + + + 0:5.4.0-52.57 + + + 0:5.8.0-25.26~20.04.1 + + + 0:5.4.0.52 + + + 0:5.6.0.1032 + + + 0:5.6.0-1032.33 + + + 0:5.4.0-1022.25 + + + 2:3.49.1-1ubuntu1.1 + + + 2:3.49.1-1ubuntu1.4 + + + 2:3.49.1-1ubuntu1.2 + + + 2:3.49.1-1ubuntu1.5 + + + 0:0.13.1+dfsg-7ubuntu0.3 + + + 0:1.0.29-0ubuntu5.1 + + + 2:2.2.12-1ubuntu0.1 + + + 0:2.64.2-1ubuntu0.1 + + + 0:3.6.13-2ubuntu1.1 + + + 0:1.13.2-1ubuntu0.1 + + + 2:4.11.6+dfsg-0ubuntu1.4 + + + 2:4.11.6+dfsg-0ubuntu1.6 + + + 0:5.3.1-1ubuntu0.1 + + + 2:1.6.9-2ubuntu1.1 + + + 2:1.20.8-2ubuntu2.4 + + + 2:1.20.8-2ubuntu2.3 + + + 0:5.6.0.1021 + + + 0:5.6.0-1021.21 + + + 2:1.20.8-2ubuntu2.6 + + + 1:4.2-3ubuntu6.6 + + + 0:19.11.3-0ubuntu0.2 + + + 2:2.2.2-3ubuntu2.2 + + + 0:5.4.0-47.51 + + + 0:5.4.0.47 + + + 0:5.6.0.1026 + + + 0:5.4.0.33 + + + 0:5.6.0-1026.26 + + + 0:5.4.0-1018.20 + + + 0:5.4.0-33.37 + + + 0:4.10-1ubuntu1.3 + + + 0:19.03.8-0ubuntu1.20.04.1 + + + 0:2.1.2-1ubuntu0.1 + + + 0:1.3.3-0ubuntu2.2 + + + 0:2.3.0-6ubuntu0.2 + + + 0:3.31.1-4ubuntu0.2 + + + 0:1.1.1+bzr982-0ubuntu32.2 + + + 0:2.4.7-2+4.1ubuntu5.1 + + + 0:6.0.0-0ubuntu8.3 + + + 0:0.98.9.2 + + + 1:11.1-1ubuntu7 + + + 0:4.10-1ubuntu1.2 + + + 0:5.6.0.1023 + + + 0:5.6.0-1023.23 + + + 0:5.8+dfsg-2ubuntu2.3 + + + 0:9.50~dfsg-5ubuntu4.1 + + + 0:1.1.13-2ubuntu1.1 + + + 1:13.99.1-1ubuntu3.8 + + + 0:0.6.55-0ubuntu12~20.04.4 + + + 0:1.1.1+bzr982-0ubuntu32.3 + + + 0:0.9.3-2ubuntu2.1 + + + 0:9.50~dfsg-5ubuntu4.2 + + + 0:2.3.0-6ubuntu0.3 + + + 0:5.3-2 + + + 0:3.36.4-1ubuntu1~20.04.2 + + + 0:3.4.4-1ubuntu1.1 + + + 0:1.1.1f-1ubuntu2.1 + + + 1:2.3.7.2-1ubuntu3.3 + + + 2:2.2.12-1ubuntu0.2 + + + 4:19.12.3-0ubuntu1.2 + + + 0:3.6.13-2ubuntu1.3 + + + 0:0.19.5-1ubuntu1 + + + 0:0.4.15-10ubuntu1.1 + + + 1:22.2.7+dfsg-1 + + + 0:2.0.3-3ubuntu4.1 + + + 0:2.8-3ubuntu0.1 + + + 0:2.4.49+dfsg-2ubuntu1.4 + + + 0:2.4.49+dfsg-2ubuntu1.5 + + + 0:0.4.15-10ubuntu1.2 + + + 0:4.5.1.1-1.1ubuntu0.20.04.2 + + + 0:3.0a-2ubuntu0.2 + + + 0:2.0.2ubuntu0.2 + + + 0:2.0.0ubuntu0.20.04.2 + + + 0:2.48.3+20.04 + + + 0:14.0.1+7-1ubuntu1 + + + 0:8u252-b09-1ubuntu1 + + + 0:11.0.7+10-2ubuntu1 + + + 8:6.9.10.23+dfsg-2.1ubuntu11.2 + + + 0:18-3ubuntu0.1 + + + 0:4.5.0-1ubuntu0.2 + + + 2:2.0.10-0ubuntu0.20.04.3 + + + 0:1.17-6ubuntu4.1 + + + 0:5.4.0-62.70 + + + 0:5.4.0-1009.10 + + + 0:5.8.0-38.43~20.04.1 + + + 0:5.4.0.62 + + + 0:5.8.0.38 + + + 0:5.4.0-1028.31 + + + 0:2.40.0+dfsg-3ubuntu0.1 + + + 3:18.3.2-0ubuntu0.20.04.4 + + + 0:0.102.4+dfsg-0ubuntu0.20.04.1 + + + 0:0.102.3+dfsg-0ubuntu0.20.04.1 + + + 0:2.13.1-0ubuntu0.20.04.4 + + + 0:5.2.0-1ubuntu0.1 + + + 1:1.10.9+submodules+notgz-1ubuntu0.20.04.2 + + + 0:0.2.3-2ubuntu0.1 + + + 0:2.0.2ubuntu0.1 + + + 0:4.5.1.1-1.1ubuntu0.20.04.1 + + + 0:5.4.0-1032.34 + + + 0:3.12.4-1ubuntu2 + + + 0:0.4.0-1ubuntu4 + + + 0:390.138-0ubuntu0.20.04.1 + + + 0:440.100-0ubuntu0.20.04.1 + + + 0:2.64.1-1 + + + 0:3.2.1-1+deb8u1build0.20.04.1 + + + 0:7.4.3-4ubuntu1.1 + + + 0:7.4.3-4ubuntu2.4 + + + 0:1.25.8-2 + + + 0:1.5.1-3 + + + 0:0.8.2-1 + + + 0:7.68.0-1ubuntu2.1 + + + 0:7.68.0-1ubuntu2.2 + + + 0:1.34.2-1ubuntu1.1 + + + 0:7.68.0-1ubuntu2.4 + + + 1:9.16.1-0ubuntu2.1 + + + 1:9.16.1-0ubuntu2.2 + + + 1:9.16.1-0ubuntu2.3 + + + 1:9.16.1-0ubuntu2.6 + + + 0:1.5-1 + + + 0:5.4.0-53.59 + + + 0:5.4.0-1029.31 + + + 0:5.8.0-28.30~20.04.1 + + + 0:5.4.0.53 + + + 0:5.8.0.28 + + + 0:5.6.0.1033 + + + 0:5.6.0-1033.35 + + + 0:3.20201110.0ubuntu0.20.04.1 + + + 0:2.20.11-0ubuntu22 + + + 0:1.0.7-6ubuntu0.1 + + + 0:32.0.0.387ubuntu0.20.04.1 + + + 0:32.0.0.445ubuntu0.20.04.1 + + + 0:418.181.07-0ubuntu0.20.04.1 + + + 0:450.102.04-0ubuntu0.20.04.1 + + + 0:460.32.03-0ubuntu0.20.04.1 + + + 0:390.141-0ubuntu0.20.04.1 + + + 0:0.103.2+dfsg-0ubuntu0.20.04.1 + + + 0:2.40.0+dfsg-3ubuntu0.2 + + + 2:4.11.6+dfsg-0ubuntu1.8 + + + 0:1.6.5-0ubuntu0.2 + + + 1:2.25.1-1ubuntu3.1 + + + 0:1.6.5-0ubuntu0.3 + + + 0:1.9.1~dfsg-1ubuntu0.20.04.1 + + + 0:2.20.11-0ubuntu27.16 + + + 0:4.8.0-1ubuntu0.1 + + + 0:353-1ubuntu1.20.04.2 + + + 2:2.9-1ubuntu4.3 + + + 1:8.2p1-4ubuntu0.2 + + + 0:0.2.3-2ubuntu0.3 + + + 0:4.5.0-1ubuntu0.3 + + + 0:1.13.2-1ubuntu0.4 + + + 2:2.2.12-1ubuntu0.3 + + + 0:20130826+dfsg3-4 + + + 0:3.12.0-1 + + + 0:1.8.5-5ubuntu1 + + + 0:12.6-0ubuntu0.20.04.1 + + + 0:0.99.beta19-2.1ubuntu1.20.04.1 + + + 0:21.1-19-gbad84ad4-0ubuntu1~20.04.1 + + + 0:1.1.1f-1ubuntu2.3 + + + 0:1.16.2-1ubuntu2.1 + + + + + gcc-arm-none-eabi + gcc-arm-none-eabi-source + + + g++-mingw-w64 + g++-mingw-w64-i686 + g++-mingw-w64-x86-64 + gcc-mingw-w64 + gcc-mingw-w64-base + gcc-mingw-w64-i686 + gcc-mingw-w64-x86-64 + gfortran-mingw-w64 + gfortran-mingw-w64-i686 + gfortran-mingw-w64-x86-64 + gnat-mingw-w64 + gnat-mingw-w64-i686 + gnat-mingw-w64-x86-64 + gobjc++-mingw-w64 + gobjc++-mingw-w64-i686 + gobjc++-mingw-w64-x86-64 + gobjc-mingw-w64 + gobjc-mingw-w64-i686 + gobjc-mingw-w64-x86-64 + + + xine-console + xine-ui + + + libcg + libcggl + nvidia-cg-toolkit + + + extract + libextractor3 + + + gir1.2-poppler-0.18 + libpoppler-cpp0v5 + libpoppler-glib8 + libpoppler-qt5-1 + libpoppler97 + poppler-utils + + + xfig + xfig-libs + + + libcoin-runtime + libcoin80c + + + expat + libexpat1 + + + paraview + python3-paraview + + + libxmlrpc-c++8v5 + libxmlrpc-core-c3 + xmlrpc-api-utils + + + ipe + libipe7.2.13 + + + xotcl + xotcl-shells + + + blender + blender-data + + + erlang-yapp + erlang-yaws + yaws + yaws-chat + yaws-mail + yaws-wiki + yaws-yapp + + + groff + groff-base + + + glibc-source + libc-bin + libc6 + libc6-amd64 + libc6-armel + libc6-i386 + libc6-lse + libc6-pic + libc6-s390 + libc6-x32 + locales + locales-all + nscd + + + git-merge-changelog + gnulib + + + gromacs + gromacs-data + gromacs-mpich + gromacs-openmpi + libgromacs5 + + + 389-ds + 389-ds-base + 389-ds-base-libs + cockpit-389-ds + python3-lib389 + + + openarena + openarena-server + + + cups + cups-bsd + cups-client + cups-common + cups-core-drivers + cups-daemon + cups-ipp-utils + cups-ppdc + cups-server-common + libcups2 + libcupsimage2 + + + gimp + gimp-data + libgimp2.0 + + + swi-prolog + swi-prolog-bdb + swi-prolog-java + swi-prolog-nox + swi-prolog-odbc + swi-prolog-x + + + ioquake3 + ioquake3-server + + + libqt5webkit5 + qml-module-qtwebkit + + + wordpress + wordpress-l10n + wordpress-theme-twentynineteen + wordpress-theme-twentyseventeen + wordpress-theme-twentysixteen + + + roundcube + roundcube-core + roundcube-mysql + roundcube-pgsql + roundcube-plugins + roundcube-sqlite3 + + + duende + maradns + maradns-deadwood + maradns-zoneserver + + + libxerces-c-samples + libxerces-c3.2 + + + x11-common + xbase-clients + xorg + xserver-xorg + xserver-xorg-input-all + xserver-xorg-video-all + xutils + + + gir1.2-nm-1.0 + libnm0 + network-manager + network-manager-config-connectivity-debian + network-manager-config-connectivity-ubuntu + + + golang-1.13 + golang-1.13-go + golang-1.13-src + + + golang-1.14 + golang-1.14-go + golang-1.14-src + + + golang-1.16 + golang-1.16-go + golang-1.16-src + + + linux-image-5.4.0-80-generic + linux-image-5.4.0-80-generic-lpae + linux-image-unsigned-5.4.0-80-generic + linux-image-unsigned-5.4.0-80-lowlatency + + + linux-image-5.8.0-63-generic + linux-image-5.8.0-63-generic-lpae + linux-image-unsigned-5.8.0-63-generic + linux-image-unsigned-5.8.0-63-generic-64k + linux-image-unsigned-5.8.0-63-lowlatency + + + linux-image-extra-virtual + linux-image-extra-virtual-hwe-18.04 + linux-image-extra-virtual-hwe-18.04-edge + linux-image-generic + linux-image-generic-hwe-18.04 + linux-image-generic-hwe-18.04-edge + linux-image-generic-lpae + linux-image-generic-lpae-hwe-18.04 + linux-image-generic-lpae-hwe-18.04-edge + linux-image-lowlatency + linux-image-lowlatency-hwe-18.04 + linux-image-lowlatency-hwe-18.04-edge + linux-image-oem + linux-image-oem-osp1 + linux-image-virtual + linux-image-virtual-hwe-18.04 + linux-image-virtual-hwe-18.04-edge + + + linux-image-gke + linux-image-gke-5.4 + + + linux-image-gkeop + linux-image-gkeop-5.4 + + + linux-image-extra-virtual-hwe-20.04 + linux-image-generic-64k-hwe-20.04 + linux-image-generic-hwe-20.04 + linux-image-generic-lpae-hwe-20.04 + linux-image-lowlatency-hwe-20.04 + linux-image-virtual-hwe-20.04 + + + linux-image-oem-20.04 + linux-image-oem-20.04-edge + linux-image-oem-20.04b + + + linux-image-raspi + linux-image-raspi-hwe-18.04 + linux-image-raspi-hwe-18.04-edge + linux-image-raspi2 + linux-image-raspi2-hwe-18.04 + linux-image-raspi2-hwe-18.04-edge + + + linux-image-extra-virtual + linux-image-extra-virtual-hwe-20.04 + linux-image-generic + linux-image-generic-hwe-20.04 + linux-image-virtual + linux-image-virtual-hwe-20.04 + + + linux-image-extra-virtual + linux-image-extra-virtual-hwe-20.04 + linux-image-extra-virtual-hwe-20.04-edge + linux-image-generic + linux-image-generic-hwe-20.04 + linux-image-generic-hwe-20.04-edge + linux-image-virtual + linux-image-virtual-hwe-20.04 + linux-image-virtual-hwe-20.04-edge + + + linux-image-5.4.0-80-generic + linux-image-5.4.0-80-lowlatency + + + linux-image-5.8.0-63-generic + linux-image-5.8.0-63-generic-64k + linux-image-5.8.0-63-lowlatency + + + quagga + quagga-bgpd + quagga-core + quagga-isisd + quagga-ospf6d + quagga-ospfd + quagga-pimd + quagga-ripd + quagga-ripngd + + + 3270-common + c3270 + pr3287 + s3270 + x3270 + xfonts-x3270-misc + + + ffmpeg + libavcodec-extra + libavcodec-extra58 + libavcodec58 + libavdevice58 + libavfilter-extra + libavfilter-extra7 + libavfilter7 + libavformat58 + libavresample4 + libavutil56 + libpostproc55 + libswresample3 + libswscale5 + + + libmyth + libmyth-python + libmythtv-perl + mytharchive + mythbrowser + mythgame + mythmusic + mythnews + mythplugins + mythtv + mythtv-backend + mythtv-backend-master + mythtv-common + mythtv-database + mythtv-frontend + mythtv-theme-mythbuntu + mythtv-transcode-utils + mythweather + mythweb + mythzoneminder + php-mythtv + + + libqt5webengine-data + libqt5webengine5 + libqt5webenginecore5 + libqt5webenginewidgets5 + qml-module-qtwebengine + qtwebengine5-examples + + + accountsservice + gir1.2-accountsservice-1.0 + libaccountsservice0 + + + elinks + elinks-data + + + bsdutils + fdisk + libblkid1 + libfdisk1 + libmount1 + libsmartcols1 + libuuid1 + mount + rfkill + util-linux + util-linux-locales + uuid-runtime + + + exactimage + libexactimage-perl + python3-exactimage + + + libraw-bin + libraw19 + + + rawtherapee + rawtherapee-data + + + mediawiki + mediawiki-classes + + + libnvpair1linux + libuutil1linux + libzfs2linux + libzpool2linux + python3-pyzfs + spl + spl-dkms + zfs-dkms + zfs-dracut + zfs-initramfs + zfs-test + zfs-zed + zfsutils-linux + + + chicken-bin + libchicken11 + + + idle-python2.7 + libpython2.7 + libpython2.7-minimal + libpython2.7-stdlib + libpython2.7-testsuite + python2.7 + python2.7-examples + python2.7-minimal + + + 0install + 0install-core + + + librrd8 + librrdp-perl + librrds-perl + lua-rrd + python3-rrdtool + rrdcached + rrdtool + rrdtool-tcl + ruby-rrd + + + ibutils + libibdm1 + + + login + passwd + uidmap + + + erlang-guestfs + gir1.2-guestfs-1.0 + guestfsd + libguestfs-gfs2 + libguestfs-gobject-1.0-0 + libguestfs-hfsplus + libguestfs-java + libguestfs-jfs + libguestfs-nilfs + libguestfs-ocaml + libguestfs-perl + libguestfs-reiserfs + libguestfs-rescue + libguestfs-rsync + libguestfs-tools + libguestfs-xfs + libguestfs-zfs + libguestfs0 + lua-guestfs + php-guestfs + python3-guestfs + ruby-guestfs + + + ldap-account-manager + ldap-account-manager-lamdaemon + + + perdition + perdition-ldap + perdition-mysql + perdition-odbc + perdition-postgresql + + + libossim1 + ossim-core + + + dcmtk + libdcmtk14 + + + c-icap + libicapapi5 + + + gambas3 + gambas3-examples + gambas3-gb-args + gambas3-gb-cairo + gambas3-gb-chart + gambas3-gb-clipper + gambas3-gb-complex + gambas3-gb-compress + gambas3-gb-compress-bzlib2 + gambas3-gb-compress-zlib + gambas3-gb-crypt + gambas3-gb-data + gambas3-gb-db + gambas3-gb-db-form + gambas3-gb-db-mysql + gambas3-gb-db-odbc + gambas3-gb-db-postgresql + gambas3-gb-db-sqlite3 + gambas3-gb-dbus + gambas3-gb-dbus-trayicon + gambas3-gb-desktop + gambas3-gb-desktop-x11 + gambas3-gb-eval-highlight + gambas3-gb-form + gambas3-gb-form-dialog + gambas3-gb-form-editor + gambas3-gb-form-mdi + gambas3-gb-form-print + gambas3-gb-form-stock + gambas3-gb-form-terminal + gambas3-gb-gmp + gambas3-gb-gsl + gambas3-gb-gtk + gambas3-gb-gtk-opengl + gambas3-gb-gtk3 + gambas3-gb-gui + gambas3-gb-gui-opengl + gambas3-gb-gui-qt + gambas3-gb-gui-qt-webkit + gambas3-gb-gui-trayicon + gambas3-gb-httpd + gambas3-gb-image + gambas3-gb-image-effect + gambas3-gb-image-imlib + gambas3-gb-image-io + gambas3-gb-inotify + gambas3-gb-jit + gambas3-gb-libxml + gambas3-gb-logging + gambas3-gb-map + gambas3-gb-markdown + gambas3-gb-media + gambas3-gb-media-form + gambas3-gb-memcached + gambas3-gb-mime + gambas3-gb-mysql + gambas3-gb-ncurses + gambas3-gb-net + gambas3-gb-net-curl + gambas3-gb-net-pop3 + gambas3-gb-net-smtp + gambas3-gb-openal + gambas3-gb-opengl + gambas3-gb-opengl-glsl + gambas3-gb-opengl-glu + gambas3-gb-opengl-sge + gambas3-gb-openssl + gambas3-gb-option + gambas3-gb-pcre + gambas3-gb-pdf + gambas3-gb-qt5 + gambas3-gb-qt5-ext + gambas3-gb-qt5-opengl + gambas3-gb-qt5-webkit + gambas3-gb-report + gambas3-gb-report2 + gambas3-gb-scanner + gambas3-gb-sdl + gambas3-gb-sdl-sound + gambas3-gb-sdl2 + gambas3-gb-sdl2-audio + gambas3-gb-settings + gambas3-gb-signal + gambas3-gb-term + gambas3-gb-term-form + gambas3-gb-util + gambas3-gb-util-web + gambas3-gb-v4l + gambas3-gb-vb + gambas3-gb-web + gambas3-gb-web-feed + gambas3-gb-web-form + gambas3-gb-xml + gambas3-gb-xml-html + gambas3-gb-xml-rpc + gambas3-gb-xml-xslt + gambas3-ide + gambas3-runtime + gambas3-script + gambas3-templates + + + gir1.2-gtk-2.0 + gtk2-engines-pixbuf + gtk2.0-examples + libgail-common + libgail18 + libgtk2.0-0 + libgtk2.0-bin + libgtk2.0-common + + + libseafile0 + python3-seafile + seafile-cli + seafile-daemon + + + zabbix-agent + zabbix-frontend-php + zabbix-java-gateway + zabbix-proxy-mysql + zabbix-proxy-pgsql + zabbix-proxy-sqlite3 + zabbix-server-mysql + zabbix-server-pgsql + + + mcollective + mcollective-client + mcollective-common + + + libspring-aop-java + libspring-beans-java + libspring-context-java + libspring-context-support-java + libspring-core-java + libspring-expression-java + libspring-instrument-java + libspring-jdbc-java + libspring-jms-java + libspring-messaging-java + libspring-orm-java + libspring-oxm-java + libspring-test-java + libspring-transaction-java + libspring-web-java + libspring-web-portlet-java + libspring-web-servlet-java + + + liblcms2-2 + liblcms2-utils + + + db4otool + libdb4o8.0-cil + monodoc-db4o-manual + + + nagios-nrpe-plugin + nagios-nrpe-server + + + libcastor-anttasks-java + libcastor-codegen-java + libcastor-core-java + libcastor-ddlgen-java + libcastor-jdo-java + libcastor-xml-java + libcastor-xml-schema-java + + + facter + libfacter3.11.0 + + + puppet + puppet-common + puppet-master + puppet-master-passenger + puppetmaster + puppetmaster-passenger + + + xemacs21-basesupport + xemacs21-basesupport-el + xemacs21-mulesupport + xemacs21-mulesupport-el + + + glusterfs-client + glusterfs-common + glusterfs-server + libgfapi0 + libgfchangelog0 + libgfrpc0 + libgfxdr0 + libglusterfs0 + + + grub-common + grub-coreboot + grub-coreboot-bin + grub-efi + grub-efi-amd64 + grub-efi-amd64-bin + grub-efi-amd64-signed-template + grub-efi-arm + grub-efi-arm-bin + grub-efi-arm64 + grub-efi-arm64-bin + grub-efi-arm64-signed-template + grub-efi-ia32 + grub-efi-ia32-bin + grub-emu + grub-firmware-qemu + grub-ieee1275 + grub-ieee1275-bin + grub-linuxbios + grub-pc + grub-pc-bin + grub-rescue-pc + grub-theme-starfield + grub-uboot + grub-uboot-bin + grub-xen + grub-xen-bin + grub-xen-host + grub2 + grub2-common + + + grub-efi-amd64-signed + grub-efi-arm64-signed + + + liblz4-1 + liblz4-tool + lz4 + + + firefox + firefox-geckodriver + firefox-mozsymbols + + + thunderbird + thunderbird-gnome-support + thunderbird-mozsymbols + xul-ext-calendar-timezones + xul-ext-gdata-provider + xul-ext-lightning + + + ocsinventory-reports + ocsinventory-server + + + ntp + ntpdate + sntp + + + tightvncserver + xtightvncviewer + + + ace-gperf + ace-netsvcs + gperf-ace + libace-6.4.5 + libace-flreactor-6.4.5 + libace-foxreactor-6.4.5 + libace-htbp-6.4.5 + libace-inet-6.4.5 + libace-inet-ssl-6.4.5 + libace-rmcast-6.4.5 + libace-ssl-6.4.5 + libace-tkreactor-6.4.5 + libace-tmcast-6.4.5 + libace-xml-utils-6.4.5 + libace-xtreactor-6.4.5 + libacexml-6.4.5 + libkokyu-6.4.5 + libnetsvcs-6.4.5 + mpc-ace + + + chromium-browser + chromium-browser-l10n + chromium-chromedriver + chromium-codecs-ffmpeg + chromium-codecs-ffmpeg-extra + + + libopenjp2-7 + libopenjp2-tools + libopenjp3d-tools + libopenjp3d7 + libopenjpip-dec-server + libopenjpip-server + libopenjpip-viewer + libopenjpip7 + + + librsync2 + rdiff + + + dpkg + dselect + libdpkg-perl + + + git + git-all + git-cvs + git-daemon-run + git-daemon-sysvinit + git-el + git-email + git-gui + git-man + git-mediawiki + git-svn + gitk + gitweb + + + jgit-cli + libjgit-ant-java + libjgit-java + + + mercurial + mercurial-common + + + gdb + gdb-multiarch + gdb-source + gdbserver + + + xdmx + xdmx-tools + xnest + xorg-server-source + xserver-common + xserver-xephyr + xserver-xorg-core + xserver-xorg-legacy + xvfb + xwayland + + + libfreeimage3 + libfreeimageplus3 + + + libjs-marked + node-marked + + + libunshield0 + unshield + + + kgb-bot + kgb-client + + + derby-tools + libderby-java + libderbyclient-java + + + clamav + clamav-base + clamav-daemon + clamav-freshclam + clamav-milter + clamav-testfiles + clamdscan + libclamav9 + + + librcsb-core-wrapper0 + python3-corepywrap + + + libradare2-4.2.1 + libradare2-common + radare2 + + + asterisk + asterisk-config + asterisk-dahdi + asterisk-mobile + asterisk-modules + asterisk-mp3 + asterisk-mysql + asterisk-ooh323 + asterisk-tests + asterisk-voicemail + asterisk-voicemail-imapstorage + asterisk-voicemail-odbcstorage + asterisk-vpb + + + python3-trove + trove-api + trove-common + trove-conductor + trove-guestagent + trove-taskmanager + + + lighttpd + lighttpd-mod-authn-gssapi + lighttpd-mod-authn-pam + lighttpd-mod-authn-sasl + lighttpd-mod-cml + lighttpd-mod-geoip + lighttpd-mod-magnet + lighttpd-mod-maxminddb + lighttpd-mod-trigger-b4-dl + lighttpd-mod-vhostdb-dbi + lighttpd-mod-vhostdb-pgsql + lighttpd-mod-webdav + lighttpd-modules-ldap + lighttpd-modules-mysql + + + libunwind-setjmp0 + libunwind8 + + + racket + racket-common + + + libuser + libuser1 + + + libopenhpi3 + openhpi + openhpi-clients + openhpi-plugin-dynamic-simulator + openhpi-plugin-ilo2-ribcl + openhpi-plugin-ipmi + openhpi-plugin-ipmidirect + openhpi-plugin-oa-soap + openhpi-plugin-ov-rest + openhpi-plugin-simulator + openhpi-plugin-slave + openhpi-plugin-snmp-bc + openhpi-plugin-sysfs + openhpi-plugin-test-agent + openhpi-plugin-watchdog + openhpid + + + libsqlite-tcl + libsqlite0 + sqlite + + + lemon + libsqlite3-0 + libsqlite3-tcl + sqlite3 + + + kodi + kodi-bin + kodi-data + kodi-eventclients-common + kodi-eventclients-kodi-send + kodi-eventclients-ps3 + kodi-eventclients-wiiremote + kodi-gbm + kodi-repository-kodi + kodi-wayland + kodi-x11 + + + ipython3 + python3-ipython + + + openjdk-8-demo + openjdk-8-jdk + openjdk-8-jdk-headless + openjdk-8-jre + openjdk-8-jre-headless + openjdk-8-jre-zero + openjdk-8-source + + + libopenjfx-java + libopenjfx-jni + openjfx + openjfx-source + + + trafficserver + trafficserver-experimental-plugins + + + freeipa-client + freeipa-client-samba + freeipa-common + python3-ipaclient + python3-ipalib + + + open-vm-tools + open-vm-tools-desktop + + + libprotobuf-java + libprotobuf-lite17 + libprotobuf17 + libprotoc17 + protobuf-compiler + python-protobuf + python3-protobuf + ruby-google-protobuf + + + libhttpclient-java + libhttpmime-java + + + sogo + sogo-common + + + libbcmail-java + libbcpg-java + libbcpkix-java + libbcprov-java + + + libtiff-opengl + libtiff-tools + libtiff5 + libtiffxx5 + + + activemq + libactivemq-java + + + libbluray-bdj + libbluray-bin + libbluray2 + + + cyrus-admin + cyrus-caldav + cyrus-clients + cyrus-common + cyrus-imapd + cyrus-murder + cyrus-nntpd + cyrus-pop3d + cyrus-replication + libcyrus-imap-perl + + + sudo + sudo-ldap + + + libgdcm-cil + libgdcm-java + libgdcm-tools + libgdcm3.0 + libvtkgdcm-cil + libvtkgdcm-java + libvtkgdcm-tools + libvtkgdcm3.0 + python3-gdcm + python3-vtkgdcm + + + quassel + quassel-client + quassel-core + quassel-data + + + chef + chef-bin + ruby-chef-config + ruby-chef-utils + + + claws-mail + claws-mail-acpi-notifier + claws-mail-address-keeper + claws-mail-archiver-plugin + claws-mail-attach-remover + claws-mail-attach-warner + claws-mail-bogofilter + claws-mail-bsfilter-plugin + claws-mail-clamd-plugin + claws-mail-dillo-viewer + claws-mail-extra-plugins + claws-mail-feeds-reader + claws-mail-fetchinfo-plugin + claws-mail-gdata-plugin + claws-mail-i18n + claws-mail-libravatar + claws-mail-litehtml-viewer + claws-mail-mailmbox-plugin + claws-mail-managesieve + claws-mail-multi-notifier + claws-mail-newmail-plugin + claws-mail-pdf-viewer + claws-mail-perl-filter + claws-mail-pgpinline + claws-mail-pgpmime + claws-mail-plugins + claws-mail-smime-plugin + claws-mail-spam-report + claws-mail-spamassassin + claws-mail-tnef-parser + claws-mail-tools + claws-mail-vcalendar-plugin + + + libjs-uglify + node-uglify + + + ocaml + ocaml-base + ocaml-base-nox + ocaml-compiler-libs + ocaml-interp + ocaml-man + ocaml-nox + ocaml-source + + + libpodofo-utils + libpodofo0.9.6 + + + libxslt1.1 + xsltproc + + + lame + libmp3lame0 + + + nsis + nsis-common + nsis-pluginapi + + + libpyside2-py3-5.14 + libshiboken2-py3-5.14 + pyside2-tools + python3-pyside2.qt3dcore + python3-pyside2.qt3dinput + python3-pyside2.qt3dlogic + python3-pyside2.qt3drender + python3-pyside2.qtcharts + python3-pyside2.qtconcurrent + python3-pyside2.qtcore + python3-pyside2.qtdatavisualization + python3-pyside2.qtgui + python3-pyside2.qthelp + python3-pyside2.qtlocation + python3-pyside2.qtmultimedia + python3-pyside2.qtmultimediawidgets + python3-pyside2.qtnetwork + python3-pyside2.qtopengl + python3-pyside2.qtopenglfunctions + python3-pyside2.qtpositioning + python3-pyside2.qtprintsupport + python3-pyside2.qtqml + python3-pyside2.qtquick + python3-pyside2.qtquickwidgets + python3-pyside2.qtscript + python3-pyside2.qtscripttools + python3-pyside2.qtscxml + python3-pyside2.qtsensors + python3-pyside2.qtsql + python3-pyside2.qtsvg + python3-pyside2.qttest + python3-pyside2.qttexttospeech + python3-pyside2.qtuitools + python3-pyside2.qtwebchannel + python3-pyside2.qtwebengine + python3-pyside2.qtwebenginecore + python3-pyside2.qtwebenginewidgets + python3-pyside2.qtwebsockets + python3-pyside2.qtwidgets + python3-pyside2.qtx11extras + python3-pyside2.qtxml + python3-pyside2.qtxmlpatterns + shiboken2 + + + libqt5concurrent5 + libqt5core5a + libqt5dbus5 + libqt5gui5 + libqt5network5 + libqt5opengl5 + libqt5printsupport5 + libqt5sql5 + libqt5sql5-ibase + libqt5sql5-mysql + libqt5sql5-odbc + libqt5sql5-psql + libqt5sql5-sqlite + libqt5sql5-tds + libqt5test5 + libqt5widgets5 + libqt5xml5 + qt5-default + qt5-flatpak-platformtheme + qt5-gtk-platformtheme + qt5-qmake + qt5-qmake-bin + qt5-xdgdesktopportal-platformtheme + qtbase5-examples + + + nova-ajax-console-proxy + nova-api + nova-api-metadata + nova-api-os-compute + nova-api-os-volume + nova-cells + nova-common + nova-compute + nova-compute-kvm + nova-compute-libvirt + nova-compute-lxc + nova-compute-qemu + nova-compute-vmware + nova-compute-xen + nova-conductor + nova-novncproxy + nova-scheduler + nova-serialproxy + nova-spiceproxy + nova-volume + python3-nova + + + gdm3 + gir1.2-gdm-1.0 + libgdm1 + + + libpam-slurm + libpam-slurm-adopt + libpmi0 + libpmi2-0 + libslurm-perl + libslurm34 + libslurmdb-perl + slurm-client + slurm-client-emulator + slurm-wlm + slurm-wlm-basic-plugins + slurm-wlm-emulator + slurm-wlm-torque + slurmctld + slurmd + slurmdbd + sview + + + libphp-swiftmailer + php-swiftmailer + + + libpng-tools + libpng16-16 + + + firejail + firejail-profiles + + + calibre + calibre-bin + + + bitlbee + bitlbee-common + bitlbee-libpurple + bitlbee-plugin-otr + + + libyara3 + yara + + + doxygen + doxygen-doxyparse + doxygen-gui + doxygen-latex + + + libapache2-mod-passenger + passenger + ruby-passenger + + + redmine + redmine-mysql + redmine-pgsql + redmine-sqlite + + + amanda-client + amanda-common + amanda-server + + + fonts-glyphicons-halflings + libjs-bootstrap + + + liboar-perl + oar-common + oar-node + oar-restful-api + oar-server + oar-server-mysql + oar-server-pgsql + oar-user + oar-user-mysql + oar-user-pgsql + oar-web-status + + + apparmor + apparmor-easyprof + apparmor-notify + apparmor-profiles + apparmor-utils + dh-apparmor + libapache2-mod-apparmor + libapparmor-perl + libapparmor1 + libpam-apparmor + python3-apparmor + python3-libapparmor + + + gir1.2-grss-0.7 + libgrss0 + + + libnode64 + nodejs + + + hexchat + hexchat-common + hexchat-lua + hexchat-perl + hexchat-plugins + hexchat-python3 + + + xchat + xchat-common + + + pdns-backend-bind + pdns-backend-geoip + pdns-backend-ldap + pdns-backend-lua + pdns-backend-mydns + pdns-backend-mysql + pdns-backend-odbc + pdns-backend-pgsql + pdns-backend-pipe + pdns-backend-remote + pdns-backend-sqlite3 + pdns-backend-tinydns + pdns-ixfrdist + pdns-server + pdns-tools + + + libfontbox-java + libjempbox-java + libpdfbox-java + + + binutils + binutils-aarch64-linux-gnu + binutils-alpha-linux-gnu + binutils-arm-linux-gnueabi + binutils-arm-linux-gnueabihf + binutils-common + binutils-for-build + binutils-for-host + binutils-hppa-linux-gnu + binutils-hppa64-linux-gnu + binutils-i686-gnu + binutils-i686-kfreebsd-gnu + binutils-i686-linux-gnu + binutils-ia64-linux-gnu + binutils-m68k-linux-gnu + binutils-multiarch + binutils-powerpc-linux-gnu + binutils-powerpc64-linux-gnu + binutils-powerpc64le-linux-gnu + binutils-riscv64-linux-gnu + binutils-s390x-linux-gnu + binutils-sh4-linux-gnu + binutils-source + binutils-sparc64-linux-gnu + binutils-x86-64-kfreebsd-gnu + binutils-x86-64-linux-gnu + binutils-x86-64-linux-gnux32 + libbinutils + libctf-nobfd0 + libctf0 + + + valgrind + valgrind-mpi + + + lhasa + liblhasa0 + + + finch + libpurple-bin + libpurple0 + pidgin + pidgin-data + + + kamailio + kamailio-autheph-modules + kamailio-berkeley-bin + kamailio-berkeley-modules + kamailio-cnxcc-modules + kamailio-cpl-modules + kamailio-erlang-modules + kamailio-extra-modules + kamailio-geoip-modules + kamailio-geoip2-modules + kamailio-ims-modules + kamailio-json-modules + kamailio-kazoo-modules + kamailio-ldap-modules + kamailio-lua-modules + kamailio-memcached-modules + kamailio-mongodb-modules + kamailio-mono-modules + kamailio-mysql-modules + kamailio-outbound-modules + kamailio-perl-modules + kamailio-phonenum-modules + kamailio-postgres-modules + kamailio-presence-modules + kamailio-python3-modules + kamailio-rabbitmq-modules + kamailio-radius-modules + kamailio-redis-modules + kamailio-ruby-modules + kamailio-sctp-modules + kamailio-snmpstats-modules + kamailio-sqlite-modules + kamailio-systemd-modules + kamailio-tls-modules + kamailio-unixodbc-modules + kamailio-utils-modules + kamailio-websocket-modules + kamailio-xml-modules + kamailio-xmpp-modules + + + gir1.2-polkit-1.0 + libpolkit-agent-1-0 + libpolkit-gobject-1-0 + policykit-1 + + + bind9 + bind9-dnsutils + bind9-host + bind9-libs + bind9-utils + bind9utils + dnsutils + + + libafsauthent2 + libafsrpc2 + libkopenafs2 + openafs-client + openafs-dbserver + openafs-fileserver + openafs-fuse + openafs-krb5 + openafs-modules-dkms + openafs-modules-source + + + gir1.2-spiceclientglib-2.0 + gir1.2-spiceclientgtk-3.0 + libspice-client-glib-2.0-8 + libspice-client-gtk-3.0-5 + spice-client-glib-usb-acl-helper + spice-client-gtk + + + libtomcat9-embed-java + libtomcat9-java + tomcat9 + tomcat9-admin + tomcat9-common + tomcat9-examples + tomcat9-user + + + mongodb + mongodb-clients + mongodb-server + mongodb-server-core + + + proftpd-basic + proftpd-mod-geoip + proftpd-mod-ldap + proftpd-mod-mysql + proftpd-mod-odbc + proftpd-mod-pgsql + proftpd-mod-snmp + proftpd-mod-sqlite + + + libjpeg-turbo-progs + libjpeg-turbo-test + libjpeg-turbo8 + libturbojpeg + + + libjpeg-progs + libjpeg9 + + + adb + android-libadb + android-libbacktrace + android-libbase + android-libcrypto-utils + android-libcutils + android-liblog + android-libnativebridge + android-libnativeloader + android-libsparse + android-libutils + android-libziparchive + android-platform-system-core-headers + android-sdk-libsparse-utils + android-tools-adb + android-tools-fastboot + android-tools-mkbootimg + append2simg + fastboot + img2simg + mkbootimg + simg2img + + + libjs-moment + node-moment + + + iperf3 + libiperf0 + + + php-symfony + php-symfony-amazon-mailer + php-symfony-asset + php-symfony-browser-kit + php-symfony-cache + php-symfony-config + php-symfony-console + php-symfony-css-selector + php-symfony-debug + php-symfony-debug-bundle + php-symfony-dependency-injection + php-symfony-dom-crawler + php-symfony-dotenv + php-symfony-event-dispatcher + php-symfony-expression-language + php-symfony-filesystem + php-symfony-finder + php-symfony-form + php-symfony-framework-bundle + php-symfony-google-mailer + php-symfony-http-client + php-symfony-http-foundation + php-symfony-http-kernel + php-symfony-inflector + php-symfony-intl + php-symfony-ldap + php-symfony-lock + php-symfony-mailchimp-mailer + php-symfony-mailer + php-symfony-mailgun-mailer + php-symfony-messenger + php-symfony-mime + php-symfony-monolog-bridge + php-symfony-options-resolver + php-symfony-phpunit-bridge + php-symfony-postmark-mailer + php-symfony-process + php-symfony-property-access + php-symfony-property-info + php-symfony-proxy-manager-bridge + php-symfony-routing + php-symfony-security + php-symfony-security-bundle + php-symfony-security-core + php-symfony-security-csrf + php-symfony-security-guard + php-symfony-security-http + php-symfony-sendgrid-mailer + php-symfony-serializer + php-symfony-stopwatch + php-symfony-templating + php-symfony-translation + php-symfony-twig-bridge + php-symfony-twig-bundle + php-symfony-validator + php-symfony-var-dumper + php-symfony-var-exporter + php-symfony-web-link + php-symfony-web-profiler-bundle + php-symfony-web-server-bundle + php-symfony-workflow + php-symfony-yaml + + + libtirpc-common + libtirpc3 + + + cryptsetup + cryptsetup-bin + cryptsetup-initramfs + cryptsetup-run + libcryptsetup12 + + + murano-api + murano-cfapi + murano-common + murano-engine + python3-murano + + + mingw-w64 + mingw-w64-common + mingw-w64-tools + + + dwarfdump + libdwarf1 + + + libtorrent-rasterbar9 + python3-libtorrent + + + libthrift-0.13.0 + libthrift-c-glib0 + libthrift-perl + php-thrift + python3-thrift + thrift-compiler + + + libnb-absolutelayout-java + libnb-apisupport3-java + libnb-ide14-java + libnb-java5-java + netbeans + + + request-tracker4 + rt4-apache2 + rt4-clients + rt4-db-mysql + rt4-db-postgresql + rt4-db-sqlite + rt4-fcgi + rt4-standalone + + + knot + knot-dnsutils + knot-host + libdnssec6 + libknot8 + libzscanner2 + + + gradle + libgradle-core-java + libgradle-plugins-java + + + collectd + collectd-core + collectd-utils + libcollectdclient1 + + + mupdf + mupdf-tools + + + cracklib-runtime + libcrack2 + python3-cracklib + + + flex + libfl2 + + + caja-owncloud + dolphin-owncloud + libowncloudsync0 + nautilus-owncloud + nemo-owncloud + owncloud-client + owncloud-client-cmd + owncloud-client-data + owncloud-client-l10n + + + libjs-jquery-ui + node-jquery-ui + + + mactelnet-client + mactelnet-server + + + capstone-tool + libcapstone3 + python-capstone + python3-capstone + + + php-http + php-pecl-http + + + magnum-api + magnum-common + magnum-conductor + python3-magnum + + + dropbear + dropbear-bin + dropbear-initramfs + dropbear-run + + + bundler + ruby-bundler + + + guile-2.0 + guile-2.0-libs + + + dracut + dracut-config-generic + dracut-config-rescue + dracut-core + dracut-network + + + pycsw + pycsw-wsgi + python3-pycsw + + + libpotrace0 + potrace + + + musl + musl-tools + + + libtre5 + tre-agrep + + + libwmf-bin + libwmf0.2-7 + libwmf0.2-7-gtk + + + tarantool + tarantool-common + + + cairo-perf-utils + libcairo-gobject2 + libcairo-script-interpreter2 + libcairo2 + + + otrs + otrs2 + + + lynx + lynx-common + + + libxml-twig-perl + xml-twig-tools + + + teeworlds + teeworlds-data + teeworlds-server + + + gir1.2-ical-3.0 + libical3 + + + gir1.2-javascriptcoregtk-4.0 + gir1.2-webkit2-4.0 + libjavascriptcoregtk-4.0-18 + libjavascriptcoregtk-4.0-bin + libwebkit2gtk-4.0-37 + libwebkit2gtk-4.0-37-gtk2 + webkit2gtk-driver + + + bluetooth + bluez + bluez-cups + bluez-hcidump + bluez-obexd + bluez-tests + libbluetooth3 + + + gir1.2-gst-plugins-bad-1.0 + gstreamer1.0-opencv + gstreamer1.0-plugins-bad + libgstreamer-opencv1.0-0 + libgstreamer-plugins-bad1.0-0 + + + lib32z1 + lib64z1 + libx32z1 + zlib1g + + + gir1.2-gsf-1 + libgsf-1-114 + libgsf-1-common + libgsf-bin + + + python-html5lib + python3-html5lib + + + godot3 + godot3-runner + godot3-server + + + libwebp6 + libwebpdemux2 + libwebpmux3 + webp + + + phamm + phamm-ldap + phamm-ldap-amavis + phamm-ldap-vacation + + + android-sdk-platform-23 + libandroid-23-java + libandroid-uiautomator-23-java + + + aapt + android-framework-res + android-libaapt + android-libandroidfw + split-select + + + digikam + digikam-data + digikam-private-libs + showfoto + + + epiphany + epiphany-data + + + epiphany-browser + epiphany-browser-data + + + libxmlsec1 + libxmlsec1-gcrypt + libxmlsec1-gnutls + libxmlsec1-nss + libxmlsec1-openssl + xmlsec1 + + + lib32ncurses6 + lib32ncursesw6 + lib32tinfo6 + lib64ncurses6 + lib64ncursesw6 + lib64tinfo6 + libncurses5 + libncurses6 + libncursesw5 + libncursesw6 + libtinfo5 + libtinfo6 + ncurses-base + ncurses-bin + ncurses-examples + ncurses-term + + + graphicsmagick + graphicsmagick-imagemagick-compat + libgraphics-magick-perl + libgraphicsmagick++-q16-12 + libgraphicsmagick-q16-3 + + + qemu + qemu-block-extra + qemu-guest-agent + qemu-kvm + qemu-system + qemu-system-arm + qemu-system-common + qemu-system-data + qemu-system-gui + qemu-system-mips + qemu-system-misc + qemu-system-ppc + qemu-system-s390x + qemu-system-sparc + qemu-system-x86 + qemu-system-x86-microvm + qemu-system-x86-xen + qemu-user + qemu-user-binfmt + qemu-user-static + qemu-utils + + + links + links2 + + + libmpg123-0 + libout123-0 + mpg123 + + + libpcre2-16-0 + libpcre2-32-0 + libpcre2-8-0 + libpcre2-posix2 + pcre2-utils + + + libpcre16-3 + libpcre3 + libpcre32-3 + libpcrecpp0v5 + pcregrep + + + timidity + timidity-daemon + timidity-el + timidity-interfaces-extra + + + libao-common + libao4 + + + tor + tor-geoipdb + + + fontforge + fontforge-common + fontforge-extras + fontforge-nox + libfontforge3 + libgdraw6 + python3-fontforge + + + libwildmidi-config + libwildmidi2 + wildmidi + + + cpp-7 + g++-7 + g++-7-multilib + gcc-7 + gcc-7-base + gcc-7-hppa64-linux-gnu + gcc-7-locales + gcc-7-multilib + gcc-7-offload-nvptx + gcc-7-source + gcc-7-test-results + gccbrig-7 + gccgo-7 + gccgo-7-multilib + gdc-7 + gdc-7-multilib + gfortran-7 + gfortran-7-multilib + gnat-7 + gnat-7-sjlj + gobjc++-7 + gobjc++-7-multilib + gobjc-7 + gobjc-7-multilib + lib32asan4 + lib32cilkrts5 + lib32gfortran4 + lib32go11 + lib32gphobos71 + lib32ubsan0 + libasan4 + libcilkrts5 + libgfortran4 + libgnat-7 + libgnatvsn7 + libgo11 + libgphobos71 + libsfasan4 + libsfcilkrts5 + libsfgfortran4 + libsfgphobos71 + libsfubsan0 + libstdc++-7-pic + libubsan0 + libx32asan4 + libx32cilkrts5 + libx32gfortran4 + libx32go11 + libx32gphobos71 + libx32ubsan0 + + + cpp + cpp-aarch64-linux-gnu + cpp-arm-linux-gnueabi + cpp-arm-linux-gnueabihf + cpp-i686-linux-gnu + cpp-powerpc-linux-gnu + cpp-powerpc64le-linux-gnu + cpp-s390x-linux-gnu + cpp-x86-64-linux-gnu + g++ + g++-aarch64-linux-gnu + g++-arm-linux-gnueabi + g++-arm-linux-gnueabihf + g++-i686-linux-gnu + g++-multilib + g++-multilib-arm-linux-gnueabi + g++-multilib-arm-linux-gnueabihf + g++-multilib-i686-linux-gnu + g++-multilib-powerpc-linux-gnu + g++-multilib-s390x-linux-gnu + g++-multilib-x86-64-linux-gnu + g++-powerpc-linux-gnu + g++-powerpc64le-linux-gnu + g++-s390x-linux-gnu + g++-x86-64-linux-gnu + gcc + gcc-aarch64-linux-gnu + gcc-arm-linux-gnueabi + gcc-arm-linux-gnueabihf + gcc-hppa64-linux-gnu + gcc-i686-linux-gnu + gcc-multilib + gcc-multilib-arm-linux-gnueabi + gcc-multilib-arm-linux-gnueabihf + gcc-multilib-i686-linux-gnu + gcc-multilib-powerpc-linux-gnu + gcc-multilib-s390x-linux-gnu + gcc-multilib-x86-64-linux-gnu + gcc-offload-nvptx + gcc-powerpc-linux-gnu + gcc-powerpc64le-linux-gnu + gcc-s390x-linux-gnu + gcc-x86-64-linux-gnu + gccbrig + gccgo + gccgo-aarch64-linux-gnu + gccgo-arm-linux-gnueabi + gccgo-arm-linux-gnueabihf + gccgo-i686-linux-gnu + gccgo-multilib + gccgo-multilib-i686-linux-gnu + gccgo-multilib-powerpc-linux-gnu + gccgo-multilib-s390x-linux-gnu + gccgo-multilib-x86-64-linux-gnu + gccgo-powerpc-linux-gnu + gccgo-powerpc64le-linux-gnu + gccgo-s390x-linux-gnu + gccgo-x86-64-linux-gnu + gdc + gdc-aarch64-linux-gnu + gdc-arm-linux-gnueabi + gdc-arm-linux-gnueabihf + gdc-i686-linux-gnu + gdc-multilib + gdc-multilib-arm-linux-gnueabihf + gdc-multilib-i686-linux-gnu + gdc-multilib-powerpc-linux-gnu + gdc-multilib-s390x-linux-gnu + gdc-multilib-x86-64-linux-gnu + gdc-powerpc-linux-gnu + gdc-powerpc64le-linux-gnu + gdc-s390x-linux-gnu + gdc-x86-64-linux-gnu + gfortran + gfortran-aarch64-linux-gnu + gfortran-arm-linux-gnueabi + gfortran-arm-linux-gnueabihf + gfortran-i686-linux-gnu + gfortran-multilib + gfortran-multilib-arm-linux-gnueabi + gfortran-multilib-arm-linux-gnueabihf + gfortran-multilib-i686-linux-gnu + gfortran-multilib-powerpc-linux-gnu + gfortran-multilib-s390x-linux-gnu + gfortran-multilib-x86-64-linux-gnu + gfortran-powerpc-linux-gnu + gfortran-powerpc64le-linux-gnu + gfortran-s390x-linux-gnu + gfortran-x86-64-linux-gnu + gm2 + gm2-aarch64-linux-gnu + gm2-arm-linux-gnueabi + gm2-arm-linux-gnueabihf + gm2-i686-linux-gnu + gm2-powerpc64le-linux-gnu + gm2-s390x-linux-gnu + gm2-x86-64-linux-gnu + gobjc + gobjc++ + gobjc++-aarch64-linux-gnu + gobjc++-arm-linux-gnueabi + gobjc++-arm-linux-gnueabihf + gobjc++-i686-linux-gnu + gobjc++-multilib + gobjc++-multilib-arm-linux-gnueabi + gobjc++-multilib-arm-linux-gnueabihf + gobjc++-multilib-i686-linux-gnu + gobjc++-multilib-powerpc-linux-gnu + gobjc++-multilib-s390x-linux-gnu + gobjc++-multilib-x86-64-linux-gnu + gobjc++-powerpc-linux-gnu + gobjc++-powerpc64le-linux-gnu + gobjc++-s390x-linux-gnu + gobjc++-x86-64-linux-gnu + gobjc-aarch64-linux-gnu + gobjc-arm-linux-gnueabi + gobjc-arm-linux-gnueabihf + gobjc-i686-linux-gnu + gobjc-multilib + gobjc-multilib-arm-linux-gnueabi + gobjc-multilib-arm-linux-gnueabihf + gobjc-multilib-i686-linux-gnu + gobjc-multilib-powerpc-linux-gnu + gobjc-multilib-s390x-linux-gnu + gobjc-multilib-x86-64-linux-gnu + gobjc-powerpc-linux-gnu + gobjc-powerpc64le-linux-gnu + gobjc-s390x-linux-gnu + gobjc-x86-64-linux-gnu + pkg-config-aarch64-linux-gnu + pkg-config-arm-linux-gnueabi + pkg-config-arm-linux-gnueabihf + pkg-config-i686-linux-gnu + pkg-config-powerpc-linux-gnu + pkg-config-powerpc64le-linux-gnu + pkg-config-s390x-linux-gnu + pkg-config-x86-64-linux-gnu + + + libnss3 + libnss3-tools + + + rtcw + rtcw-common + rtcw-server + + + tinyproxy + tinyproxy-bin + + + libytnef0 + ytnef-tools + + + libquicktime2 + quicktime-utils + quicktime-x11utils + + + aodh-api + aodh-common + aodh-evaluator + aodh-expirer + aodh-listener + aodh-notifier + python3-aodh + + + libminidjvu0 + minidjvu + + + libaprutil1 + libaprutil1-dbd-mysql + libaprutil1-dbd-odbc + libaprutil1-dbd-pgsql + libaprutil1-dbd-sqlite3 + libaprutil1-ldap + + + qbittorrent + qbittorrent-nox + + + libunrar5 + unrar + + + gigtools + libakai0 + libgig9 + + + imagemagick + imagemagick-6-common + imagemagick-6.q16 + imagemagick-6.q16hdri + imagemagick-common + libimage-magick-perl + libimage-magick-q16-perl + libimage-magick-q16hdri-perl + libmagick++-6-headers + libmagick++-6.q16-8 + libmagick++-6.q16hdri-8 + libmagickcore-6-arch-config + libmagickcore-6-headers + libmagickcore-6.q16-6 + libmagickcore-6.q16-6-extra + libmagickcore-6.q16hdri-6 + libmagickcore-6.q16hdri-6-extra + libmagickwand-6-headers + libmagickwand-6.q16-6 + libmagickwand-6.q16hdri-6 + perlmagick + + + libx265-179 + x265 + + + libtsk13 + sleuthkit + + + idn + libidn11 + libidn11-java + + + graphdefang + mimedefang + + + libzip5 + zipcmp + zipmerge + ziptool + + + gedit + gedit-common + + + libvorbis0a + libvorbisenc2 + libvorbisfile3 + + + libwpd-0.10-10 + libwpd-tools + + + gir1.2-nautilus-3.0 + libnautilus-extension1a + nautilus + nautilus-data + + + kannel + kannel-extras + + + weechat + weechat-core + weechat-curses + weechat-guile + weechat-headless + weechat-lua + weechat-perl + weechat-php + weechat-plugins + weechat-python + weechat-ruby + weechat-tcl + + + krb5-admin-server + krb5-gss-samples + krb5-k5tls + krb5-kdc + krb5-kdc-ldap + krb5-kpropd + krb5-locales + krb5-multidev + krb5-otp + krb5-pkinit + krb5-user + libgssapi-krb5-2 + libgssrpc4 + libk5crypto3 + libkadm5clnt-mit11 + libkadm5srv-mit11 + libkdb5-9 + libkrad0 + libkrb5-3 + libkrb5support0 + + + cinder-api + cinder-backup + cinder-common + cinder-scheduler + cinder-volume + python3-cinder + + + scala + scala-library + + + libxencall1 + libxendevicemodel1 + libxenevtchn1 + libxenforeignmemory1 + libxengnttab1 + libxenmisc4.11 + libxenstore3.0 + libxentoolcore1 + libxentoollog1 + xen-hypervisor-4.11-amd64 + xen-hypervisor-4.11-arm64 + xen-hypervisor-4.11-armhf + xen-hypervisor-4.9-amd64 + xen-hypervisor-4.9-arm64 + xen-hypervisor-4.9-armhf + xen-hypervisor-common + xen-system-amd64 + xen-system-arm64 + xen-system-armhf + xen-utils-4.11 + xen-utils-common + xenstore-utils + + + libuima-adapter-soap-java + libuima-adapter-vinci-java + libuima-core-java + libuima-cpe-java + libuima-tools-java + libuima-vinci-java + uima-examples + uima-utils + + + pypy-dulwich + python3-dulwich + + + libyajl2 + yajl-tools + + + backintime-common + backintime-qt + backintime-qt4 + + + icinga2 + icinga2-bin + icinga2-common + icinga2-ido-mysql + icinga2-ido-pgsql + vim-icinga2 + + + aubio-tools + libaubio5 + python3-aubio + + + vim + vim-athena + vim-common + vim-gtk + vim-gtk3 + vim-gui-common + vim-nox + vim-runtime + vim-tiny + xxd + + + hdf5-helpers + hdf5-tools + libhdf5-103 + libhdf5-cpp-103 + libhdf5-java + libhdf5-jni + libhdf5-mpich-103 + libhdf5-openmpi-103 + + + texlive + texlive-base + texlive-fonts-recommended + texlive-full + texlive-latex-base + texlive-latex-recommended + texlive-luatex + texlive-metapost + texlive-pictures + texlive-xetex + + + libkpathsea6 + libptexenc1 + libsynctex2 + libtexlua53 + libtexluajit2 + texlive-binaries + + + libmetview0d + metview + metview-data + + + sylpheed + sylpheed-i18n + sylpheed-plugins + + + lilypond + lilypond-data + + + libgiac0 + xcas + + + scummvm + scummvm-data + + + abiword + abiword-common + abiword-plugin-grammar + gir1.2-abi-3.0 + libabiword-3.0 + + + geomview + libgeomview-1.9.5 + + + libvlc-bin + libvlc5 + libvlccore9 + vlc + vlc-bin + vlc-data + vlc-l10n + vlc-plugin-access-extra + vlc-plugin-base + vlc-plugin-fluidsynth + vlc-plugin-jack + vlc-plugin-notify + vlc-plugin-qt + vlc-plugin-samba + vlc-plugin-skins2 + vlc-plugin-svg + vlc-plugin-video-output + vlc-plugin-video-splitter + vlc-plugin-visualization + + + kmail + ktnef + + + rails + ruby-actioncable + ruby-actionmailer + ruby-actionpack + ruby-actionview + ruby-activejob + ruby-activemodel + ruby-activerecord + ruby-activestorage + ruby-activesupport + ruby-rails + ruby-railties + + + libopencv-calib3d4.2 + libopencv-contrib4.2 + libopencv-core4.2 + libopencv-dnn4.2 + libopencv-features2d4.2 + libopencv-flann4.2 + libopencv-highgui4.2 + libopencv-imgcodecs4.2 + libopencv-imgproc4.2 + libopencv-ml4.2 + libopencv-objdetect4.2 + libopencv-photo4.2 + libopencv-shape4.2 + libopencv-stitching4.2 + libopencv-superres4.2 + libopencv-video4.2 + libopencv-videoio4.2 + libopencv-videostab4.2 + libopencv-viz4.2 + libopencv4.2-java + libopencv4.2-jni + opencv-data + python3-opencv + + + leptonica-progs + liblept5 + + + libcdio-utils + libcdio18 + libiso9660-11 + libudf0 + + + ncat + ndiff + nmap + nmap-common + + + liblxc-common + liblxc1 + libpam-cgfs + lxc + lxc-utils + lxc1 + + + libvncclient1 + libvncserver1 + + + libveyon-core + veyon-configurator + veyon-master + veyon-plugins + veyon-service + + + libraptor2-0 + raptor2-utils + + + mistral-api + mistral-common + mistral-engine + mistral-event-engine + mistral-executor + python3-mistral + + + pcs + pcs-snmp + + + liblucene3-contrib-java + liblucene3-java + libsolr-java + solr-common + solr-jetty + solr-tomcat + + + snap-confine + snapd + snapd-xdg-open + ubuntu-core-launcher + ubuntu-core-snapd-units + ubuntu-snappy + ubuntu-snappy-cli + + + libplist++3v5 + libplist-utils + libplist3 + python3-plist + + + ntopng + ntopng-data + + + python3-slixmpp + python3-slixmpp-lib + + + profanity + profanity-light + + + libzookeeper-java + libzookeeper-mt2 + libzookeeper-st2 + python3-zookeeper + zookeeper + zookeeper-bin + zookeeperd + + + fop + libfop-java + + + libmp3splt + mp3splt + mp3splt-gtk + + + ovmf + qemu-efi + qemu-efi-aarch64 + qemu-efi-arm + + + gir1.2-gstreamer-1.0 + gstreamer1.0-tools + libgstreamer1.0-0 + + + libgd-tools + libgd3 + + + firebird3.0-common + firebird3.0-examples + firebird3.0-server + firebird3.0-server-core + firebird3.0-utils + libfbclient2 + libib-util + + + heimdal-clients + heimdal-kcm + heimdal-kdc + heimdal-multidev + heimdal-servers + libasn1-8-heimdal + libgssapi3-heimdal + libhcrypto4-heimdal + libhdb9-heimdal + libheimbase1-heimdal + libheimntlm0-heimdal + libhx509-5-heimdal + libkadm5clnt7-heimdal + libkadm5srv8-heimdal + libkafs0-heimdal + libkdc2-heimdal + libkrb5-26-heimdal + libotp0-heimdal + libroken18-heimdal + libsl0-heimdal + libwind0-heimdal + + + flac + libflac++6v5 + libflac8 + + + deluge + deluge-common + deluge-console + deluge-gtk + deluge-web + deluged + + + libzypp-bin + libzypp-common + libzypp-config + libzypp1702 + + + debugedit + librpm8 + librpmbuild8 + librpmio8 + librpmsign8 + python-rpm + python3-rpm + rpm + rpm-common + rpm-i18n + rpm2cpio + + + libmosquitto1 + libmosquittopp1 + mosquitto + mosquitto-clients + + + jetty9 + libjetty9-extra-java + libjetty9-java + + + libsamplerate0 + samplerate-programs + + + libgrpc++1 + libgrpc6 + protobuf-compiler-grpc + python3-grpcio + ruby-grpc + ruby-grpc-tools + + + libcroco-tools + libcroco3 + + + gnome-shell + gnome-shell-common + gnome-shell-extension-prefs + + + python3-radicale + radicale + + + python3-swift + swift + swift-account + swift-container + swift-object + swift-object-expirer + swift-proxy + + + libvarnishapi2 + varnish + + + libxml2 + libxml2-utils + python-libxml2 + python3-libxml2 + + + adns-tools + libadns1 + + + faac + libfaac0 + + + jbig2dec + libjbig2dec0 + + + libsoundtouch1 + soundstretch + + + zypper + zypper-common + + + libcrypto++-utils + libcrypto++6 + + + gsoap + libgsoap-2.8.91 + + + libmtp-common + libmtp-runtime + libmtp9 + mtp-tools + + + jbigkit-bin + libjbig0 + + + libnet-remctl-perl + libremctl1 + php-remctl + python3-pyremctl + remctl-client + remctl-server + ruby-remctl + + + libmbedcrypto3 + libmbedtls12 + libmbedx509-0 + + + h2o + libh2o-evloop0.13 + libh2o0.13 + + + freeplane + freeplane-scripting-api + + + gpac + gpac-modules-base + libgpac4 + + + u-boot + u-boot-amlogic + u-boot-exynos + u-boot-imx + u-boot-mvebu + u-boot-omap + u-boot-qcom + u-boot-rockchip + u-boot-rpi + u-boot-sunxi + u-boot-tegra + u-boot-tools + + + gosa + gosa-desktop + gosa-help-de + gosa-help-en + gosa-help-fr + gosa-help-nl + gosa-plugin-connectivity + gosa-plugin-dhcp + gosa-plugin-dhcp-schema + gosa-plugin-dns + gosa-plugin-dns-schema + gosa-plugin-gofax + gosa-plugin-gofon + gosa-plugin-goto + gosa-plugin-kolab + gosa-plugin-kolab-schema + gosa-plugin-ldapmanager + gosa-plugin-mail + gosa-plugin-mit-krb5 + gosa-plugin-mit-krb5-schema + gosa-plugin-nagios + gosa-plugin-nagios-schema + gosa-plugin-netatalk + gosa-plugin-opengroupware + gosa-plugin-openxchange + gosa-plugin-openxchange-schema + gosa-plugin-phpgw + gosa-plugin-phpgw-schema + gosa-plugin-phpscheduleit + gosa-plugin-phpscheduleit-schema + gosa-plugin-pptp + gosa-plugin-pptp-schema + gosa-plugin-pureftpd + gosa-plugin-pureftpd-schema + gosa-plugin-rolemanagement + gosa-plugin-rsyslog + gosa-plugin-samba + gosa-plugin-scalix + gosa-plugin-squid + gosa-plugin-ssh + gosa-plugin-ssh-schema + gosa-plugin-sudo + gosa-plugin-sudo-schema + gosa-plugin-systems + gosa-plugin-uw-imap + gosa-plugin-webdav + gosa-schema + + + qutebrowser + qutebrowser-qtwebengine + qutebrowser-qtwebkit + + + libtasn1-6 + libtasn1-bin + + + libjs-dojo-core + libjs-dojo-dijit + libjs-dojo-dojox + shrinksafe + + + libokular5core9 + okular + okular-extra-backends + okular-mobile + qml-module-org-kde-okular + + + boinc + boinc-client + boinc-client-nvidia-cuda + boinc-client-opencl + boinc-manager + boinc-screensaver + boinc-virtualbox + libboinc-app7 + libboinc7 + + + libopenmpt-modplug1 + libopenmpt0 + openmpt123 + + + ca-certificates-mono + libmono-2.0-1 + libmono-accessibility4.0-cil + libmono-btls-interface4.0-cil + libmono-cairo4.0-cil + libmono-cecil-private-cil + libmono-codecontracts4.0-cil + libmono-compilerservices-symbolwriter4.0-cil + libmono-corlib4.5-cil + libmono-cscompmgd0.0-cil + libmono-csharp4.0c-cil + libmono-custommarshalers4.0-cil + libmono-data-tds4.0-cil + libmono-db2-1.0-cil + libmono-debugger-soft4.0a-cil + libmono-http4.0-cil + libmono-i18n-cjk4.0-cil + libmono-i18n-mideast4.0-cil + libmono-i18n-other4.0-cil + libmono-i18n-rare4.0-cil + libmono-i18n-west4.0-cil + libmono-i18n4.0-all + libmono-i18n4.0-cil + libmono-ldap4.0-cil + libmono-management4.0-cil + libmono-messaging-rabbitmq4.0-cil + libmono-messaging4.0-cil + libmono-microsoft-build-engine4.0-cil + libmono-microsoft-build-framework4.0-cil + libmono-microsoft-build-tasks-v4.0-4.0-cil + libmono-microsoft-build-utilities-v4.0-4.0-cil + libmono-microsoft-build4.0-cil + libmono-microsoft-csharp4.0-cil + libmono-microsoft-visualc10.0-cil + libmono-microsoft-web-infrastructure1.0-cil + libmono-oracle4.0-cil + libmono-parallel4.0-cil + libmono-peapi4.0a-cil + libmono-posix4.0-cil + libmono-profiler + libmono-rabbitmq4.0-cil + libmono-relaxng4.0-cil + libmono-security4.0-cil + libmono-sharpzip4.84-cil + libmono-simd4.0-cil + libmono-smdiagnostics0.0-cil + libmono-sqlite4.0-cil + libmono-system-componentmodel-composition4.0-cil + libmono-system-componentmodel-dataannotations4.0-cil + libmono-system-configuration-install4.0-cil + libmono-system-configuration4.0-cil + libmono-system-core4.0-cil + libmono-system-data-datasetextensions4.0-cil + libmono-system-data-entity4.0-cil + libmono-system-data-linq4.0-cil + libmono-system-data-services-client4.0-cil + libmono-system-data-services4.0-cil + libmono-system-data4.0-cil + libmono-system-deployment4.0-cil + libmono-system-design4.0-cil + libmono-system-drawing-design4.0-cil + libmono-system-drawing4.0-cil + libmono-system-dynamic4.0-cil + libmono-system-enterpriseservices4.0-cil + libmono-system-identitymodel-selectors4.0-cil + libmono-system-identitymodel4.0-cil + libmono-system-io-compression-filesystem4.0-cil + libmono-system-io-compression4.0-cil + libmono-system-json-microsoft4.0-cil + libmono-system-json4.0-cil + libmono-system-ldap-protocols4.0-cil + libmono-system-ldap4.0-cil + libmono-system-management4.0-cil + libmono-system-messaging4.0-cil + libmono-system-net-http-formatting4.0-cil + libmono-system-net-http-webrequest4.0-cil + libmono-system-net-http4.0-cil + libmono-system-net4.0-cil + libmono-system-numerics-vectors4.0-cil + libmono-system-numerics4.0-cil + libmono-system-reactive-core2.2-cil + libmono-system-reactive-debugger2.2-cil + libmono-system-reactive-experimental2.2-cil + libmono-system-reactive-interfaces2.2-cil + libmono-system-reactive-linq2.2-cil + libmono-system-reactive-observable-aliases0.0-cil + libmono-system-reactive-platformservices2.2-cil + libmono-system-reactive-providers2.2-cil + libmono-system-reactive-runtime-remoting2.2-cil + libmono-system-reactive-windows-forms2.2-cil + libmono-system-reactive-windows-threading2.2-cil + libmono-system-reflection-context4.0-cil + libmono-system-runtime-caching4.0-cil + libmono-system-runtime-durableinstancing4.0-cil + libmono-system-runtime-serialization-formatters-soap4.0-cil + libmono-system-runtime-serialization4.0-cil + libmono-system-runtime4.0-cil + libmono-system-security4.0-cil + libmono-system-servicemodel-activation4.0-cil + libmono-system-servicemodel-discovery4.0-cil + libmono-system-servicemodel-internals0.0-cil + libmono-system-servicemodel-routing4.0-cil + libmono-system-servicemodel-web4.0-cil + libmono-system-servicemodel4.0a-cil + libmono-system-serviceprocess4.0-cil + libmono-system-threading-tasks-dataflow4.0-cil + libmono-system-transactions4.0-cil + libmono-system-web-abstractions4.0-cil + libmono-system-web-applicationservices4.0-cil + libmono-system-web-dynamicdata4.0-cil + libmono-system-web-extensions-design4.0-cil + libmono-system-web-extensions4.0-cil + libmono-system-web-http-selfhost4.0-cil + libmono-system-web-http-webhost4.0-cil + libmono-system-web-http4.0-cil + libmono-system-web-mobile4.0-cil + libmono-system-web-mvc3.0-cil + libmono-system-web-razor2.0-cil + libmono-system-web-regularexpressions4.0-cil + libmono-system-web-routing4.0-cil + libmono-system-web-services4.0-cil + libmono-system-web-webpages-deployment2.0-cil + libmono-system-web-webpages-razor2.0-cil + libmono-system-web-webpages2.0-cil + libmono-system-web4.0-cil + libmono-system-windows-forms-datavisualization4.0a-cil + libmono-system-windows-forms4.0-cil + libmono-system-windows4.0-cil + libmono-system-workflow-activities4.0-cil + libmono-system-workflow-componentmodel4.0-cil + libmono-system-workflow-runtime4.0-cil + libmono-system-xaml4.0-cil + libmono-system-xml-linq4.0-cil + libmono-system-xml-serialization4.0-cil + libmono-system-xml4.0-cil + libmono-system4.0-cil + libmono-tasklets4.0-cil + libmono-webbrowser4.0-cil + libmono-webmatrix-data4.0-cil + libmono-windowsbase4.0-cil + libmono-xbuild-tasks4.0-cil + libmonoboehm-2.0-1 + libmonosgen-2.0-1 + mono-4.0-gac + mono-4.0-service + mono-complete + mono-csharp-shell + mono-gac + mono-mcs + mono-runtime + mono-runtime-boehm + mono-runtime-common + mono-runtime-sgen + mono-source + mono-utils + mono-xbuild + monodoc-base + monodoc-manual + + + gegl + gir1.2-gegl-0.4 + libgegl-0.4-0 + libgegl-common + + + graphviz + libcdt5 + libcgraph6 + libgv-guile + libgv-lua + libgv-perl + libgv-php7 + libgv-ruby + libgv-tcl + libgvc6 + libgvc6-plugins-gtk + libgvpr2 + liblab-gamut1 + libpathplan4 + libxdot4 + python3-gv + + + ktexteditor-data + ktexteditor-katepart + libkf5texteditor-bin + libkf5texteditor5 + libkf5texteditor5-libjs-underscore + + + libpam-kwallet-common + libpam-kwallet4 + libpam-kwallet5 + + + dpdk + dpdk-igb-uio-dkms + librte-acl20.0 + librte-bbdev0.200 + librte-bitratestats20.0 + librte-bpf0.200 + librte-bus-dpaa20.0 + librte-bus-fslmc20.0 + librte-bus-ifpga20.0 + librte-bus-pci20.0 + librte-bus-vdev20.0 + librte-bus-vmbus20.0 + librte-cfgfile20.0 + librte-cmdline20.0 + librte-common-cpt20.0 + librte-common-dpaax20.0 + librte-common-octeontx2-20.0 + librte-common-octeontx20.0 + librte-compressdev0.200 + librte-cryptodev20.0 + librte-distributor20.0 + librte-eal20.0 + librte-efd20.0 + librte-ethdev20.0 + librte-eventdev20.0 + librte-fib0.200 + librte-flow-classify0.200 + librte-gro20.0 + librte-gso20.0 + librte-hash20.0 + librte-ip-frag20.0 + librte-ipsec0.200 + librte-jobstats20.0 + librte-kni20.0 + librte-kvargs20.0 + librte-latencystats20.0 + librte-lpm20.0 + librte-mbuf20.0 + librte-member20.0 + librte-mempool-bucket20.0 + librte-mempool-dpaa2-20.0 + librte-mempool-dpaa20.0 + librte-mempool-octeontx2-20.0 + librte-mempool-octeontx20.0 + librte-mempool-ring20.0 + librte-mempool-stack20.0 + librte-mempool20.0 + librte-meter20.0 + librte-metrics20.0 + librte-net20.0 + librte-pci20.0 + librte-pdump20.0 + librte-pipeline20.0 + librte-pmd-aesni-gcm20.0 + librte-pmd-aesni-mb20.0 + librte-pmd-af-packet20.0 + librte-pmd-ark20.0 + librte-pmd-atlantic20.0 + librte-pmd-avp20.0 + librte-pmd-axgbe20.0 + librte-pmd-bbdev-fpga-lte-fec20.0 + librte-pmd-bbdev-null20.0 + librte-pmd-bbdev-turbo-sw20.0 + librte-pmd-bnx2x20.0 + librte-pmd-bnxt20.0 + librte-pmd-bond20.0 + librte-pmd-caam-jr20.0 + librte-pmd-ccp20.0 + librte-pmd-crypto-scheduler20.0 + librte-pmd-cxgbe20.0 + librte-pmd-dpaa-event20.0 + librte-pmd-dpaa-sec20.0 + librte-pmd-dpaa2-20.0 + librte-pmd-dpaa2-event20.0 + librte-pmd-dpaa2-sec20.0 + librte-pmd-dpaa20.0 + librte-pmd-dsw-event20.0 + librte-pmd-e1000-20.0 + librte-pmd-ena20.0 + librte-pmd-enetc20.0 + librte-pmd-enic20.0 + librte-pmd-failsafe20.0 + librte-pmd-fm10k20.0 + librte-pmd-hinic20.0 + librte-pmd-hns3-20.0 + librte-pmd-i40e20.0 + librte-pmd-iavf20.0 + librte-pmd-ice20.0 + librte-pmd-ifc20.0 + librte-pmd-isal20.0 + librte-pmd-ixgbe20.0 + librte-pmd-kni20.0 + librte-pmd-liquidio20.0 + librte-pmd-memif20.0 + librte-pmd-mlx4-20.0 + librte-pmd-mlx5-20.0 + librte-pmd-netvsc20.0 + librte-pmd-nfp20.0 + librte-pmd-nitrox20.0 + librte-pmd-null-crypto20.0 + librte-pmd-null20.0 + librte-pmd-octeontx-compress20.0 + librte-pmd-octeontx-crypto20.0 + librte-pmd-octeontx-event20.0 + librte-pmd-octeontx2-20.0 + librte-pmd-octeontx2-crypto20.0 + librte-pmd-octeontx2-event20.0 + librte-pmd-octeontx20.0 + librte-pmd-opdl-event20.0 + librte-pmd-openssl20.0 + librte-pmd-pcap20.0 + librte-pmd-pfe20.0 + librte-pmd-qat20.0 + librte-pmd-qede20.0 + librte-pmd-ring20.0 + librte-pmd-sfc20.0 + librte-pmd-skeleton-event20.0 + librte-pmd-softnic20.0 + librte-pmd-sw-event20.0 + librte-pmd-tap20.0 + librte-pmd-thunderx20.0 + librte-pmd-vdev-netvsc20.0 + librte-pmd-vhost20.0 + librte-pmd-virtio-crypto20.0 + librte-pmd-virtio20.0 + librte-pmd-vmxnet3-20.0 + librte-pmd-zlib20.0 + librte-port20.0 + librte-power20.0 + librte-rawdev-dpaa2-cmdif20.0 + librte-rawdev-dpaa2-qdma20.0 + librte-rawdev-ioat20.0 + librte-rawdev-ntb20.0 + librte-rawdev-octeontx2-dma20.0 + librte-rawdev-skeleton20.0 + librte-rawdev20.0 + librte-rcu0.200 + librte-reorder20.0 + librte-rib0.200 + librte-ring20.0 + librte-sched20.0 + librte-security20.0 + librte-stack0.200 + librte-table20.0 + librte-telemetry0.200 + librte-timer20.0 + librte-vhost20.0 + + + newrole + policycoreutils + + + gir1.2-gxps-0.1 + libgxps-utils + libgxps2 + + + transmission + transmission-cli + transmission-common + transmission-daemon + transmission-gtk + transmission-qt + + + bibutils + libbibutils6 + + + gnutls-bin + guile-gnutls + libgnutls-dane0 + libgnutls-openssl27 + libgnutls30 + libgnutlsxx28 + + + libipa-hbac0 + libnss-sss + libpam-sss + libsss-certmap0 + libsss-idmap0 + libsss-nss-idmap0 + libsss-simpleifp0 + libsss-sudo + libwbclient-sssd + python3-libipa-hbac + python3-libsss-nss-idmap + python3-sss + sssd + sssd-ad + sssd-ad-common + sssd-common + sssd-dbus + sssd-ipa + sssd-kcm + sssd-krb5 + sssd-krb5-common + sssd-ldap + sssd-proxy + sssd-tools + + + ceph + ceph-base + ceph-common + ceph-fuse + ceph-immutable-object-cache + ceph-mds + ceph-mgr + ceph-mgr-cephadm + ceph-mgr-dashboard + ceph-mgr-diskprediction-cloud + ceph-mgr-diskprediction-local + ceph-mgr-k8sevents + ceph-mgr-modules-core + ceph-mgr-rook + ceph-mon + ceph-osd + ceph-resource-agents + cephadm + cephfs-shell + libcephfs-java + libcephfs-jni + libcephfs2 + librados2 + libradosstriper1 + librbd1 + librgw2 + python3-ceph + python3-ceph-argparse + python3-ceph-common + python3-cephfs + python3-rados + python3-rbd + python3-rgw + radosgw + rbd-fuse + rbd-mirror + rbd-nbd + + + fuse + libfuse2 + + + fuse3 + libfuse3-3 + + + knot-resolver + knot-resolver-module-http + + + etcd + etcd-client + etcd-server + + + libtag1v5 + libtag1v5-vanilla + libtagc0 + + + discount + libmarkdown2 + + + ruby-rack-protection + ruby-sinatra + ruby-sinatra-contrib + + + libpff1 + pff-tools + python3-pypff + + + libfsntfs-utils + libfsntfs1 + python3-libfsntfs + + + libapache2-mod-svn + libsvn-java + libsvn-perl + libsvn1 + python-subversion + ruby-svn + subversion + subversion-tools + + + libfontbox2-java + libpdfbox2-java + + + gnupg1 + gnupg1-l10n + gpgv1 + + + dirmngr + gnupg + gnupg-agent + gnupg-l10n + gnupg-utils + gnupg2 + gpg + gpg-agent + gpg-wks-client + gpg-wks-server + gpgconf + gpgsm + gpgv + gpgv-static + gpgv-win32 + gpgv2 + scdaemon + + + bird + bird-bgp + + + liblnk-utils + liblnk1 + python3-liblnk + + + libnss-libvirt + libvirt-clients + libvirt-daemon + libvirt-daemon-driver-lxc + libvirt-daemon-driver-qemu + libvirt-daemon-driver-storage-gluster + libvirt-daemon-driver-storage-rbd + libvirt-daemon-driver-storage-zfs + libvirt-daemon-driver-vbox + libvirt-daemon-driver-xen + libvirt-daemon-system + libvirt-daemon-system-systemd + libvirt-daemon-system-sysv + libvirt-sanlock + libvirt-wireshark + libvirt0 + + + virtualbox + virtualbox-dkms + virtualbox-guest-dkms + virtualbox-guest-source + virtualbox-guest-utils + virtualbox-guest-x11 + virtualbox-qt + virtualbox-source + + + exempi + libexempi8 + + + jmeter + jmeter-apidoc + jmeter-ftp + jmeter-help + jmeter-http + jmeter-java + jmeter-jms + jmeter-junit + jmeter-ldap + jmeter-mail + jmeter-mongodb + jmeter-tcp + + + cpp-8 + g++-8 + g++-8-multilib + gcc-8 + gcc-8-base + gcc-8-hppa64-linux-gnu + gcc-8-locales + gcc-8-multilib + gcc-8-offload-nvptx + gcc-8-source + gcc-8-test-results + gccbrig-8 + gccgo-8 + gccgo-8-multilib + gdc-8 + gdc-8-multilib + gfortran-8 + gfortran-8-multilib + gnat-8 + gnat-8-sjlj + gobjc++-8 + gobjc++-8-multilib + gobjc-8 + gobjc-8-multilib + lib32go13 + lib32mpx2 + lib64go13 + lib64mpx2 + libgnat-8 + libgnatvsn8 + libgo13 + libmpx2 + libstdc++-8-pic + libx32go13 + + + fonts-wine + libwine + wine + wine-binfmt + wine32 + wine32-preloader + wine32-tools + wine64 + wine64-preloader + wine64-tools + + + cinnamon + cinnamon-common + + + audiofile-tools + libaudiofile1 + + + htslib-test + libhts3 + tabix + + + libsixel-bin + libsixel-examples + libsixel1 + + + sddm + sddm-theme-debian-elarun + sddm-theme-debian-maui + sddm-theme-elarun + sddm-theme-maldives + sddm-theme-maui + sddm-theme-maya + + + cgroup-tools + libcgroup1 + libpam-cgroup + + + neutron-common + neutron-dhcp-agent + neutron-l3-agent + neutron-linuxbridge-agent + neutron-macvtap-agent + neutron-metadata-agent + neutron-metering-agent + neutron-openvswitch-agent + neutron-ovn-metadata-agent + neutron-plugin-ml2 + neutron-server + neutron-sriov-agent + python3-neutron + + + clickhouse-client + clickhouse-common + clickhouse-server + clickhouse-tools + + + libykpiv1 + ykcs11 + yubico-piv-tool + + + tcpflow + tcpflow-nox + + + libesedb-utils + libesedb1 + python3-libesedb + + + evolution + evolution-common + evolution-plugin-bogofilter + evolution-plugin-pstimport + evolution-plugin-spamassassin + evolution-plugins + evolution-plugins-experimental + libevolution + + + evolution-data-server + evolution-data-server-common + evolution-data-server-tests + gir1.2-camel-1.2 + gir1.2-ebackend-1.2 + gir1.2-ebook-1.2 + gir1.2-ebookcontacts-1.2 + gir1.2-ecal-2.0 + gir1.2-edatabook-1.2 + gir1.2-edatacal-2.0 + gir1.2-edataserver-1.2 + gir1.2-edataserverui-1.2 + libcamel-1.2-62 + libebackend-1.2-10 + libebook-1.2-20 + libebook-contacts-1.2-3 + libecal-2.0-1 + libedata-book-1.2-26 + libedata-cal-2.0-1 + libedataserver-1.2-24 + libedataserverui-1.2-2 + + + elfutils + libasm1 + libdw1 + libelf1 + + + opensc + opensc-pkcs11 + + + libjs-merge + node-merge + + + libjs-lodash + node-lodash + node-lodash-packages + + + libzzip-0-13 + zziplib-bin + + + mgetty + mgetty-fax + mgetty-pvftools + mgetty-viewfax + mgetty-voice + + + amphora-agent + octavia-api + octavia-common + octavia-driver-agent + octavia-health-manager + octavia-housekeeping + octavia-worker + python3-octavia + + + libhogweed5 + libnettle7 + nettle-bin + + + libsfml-audio2.5 + libsfml-graphics2.5 + libsfml-network2.5 + libsfml-system2.5 + libsfml-window2.5 + + + mame + mame-data + mame-tools + + + zynaddsubfx + zynaddsubfx-data + zynaddsubfx-dssi + zynaddsubfx-lv2 + zynaddsubfx-vst + + + libopencc2 + libopencc2-data + opencc + + + libqpid-proton-cpp12 + libqpid-proton11 + python3-qpid-proton + + + golang-go.net-dev + golang-golang-x-net-dev + + + gpsd + gpsd-clients + libgps26 + libqgpsmm26 + python3-gps + + + libqpdf26 + qpdf + + + nagios4 + nagios4-cgi + nagios4-common + nagios4-core + + + icingacli + icingaweb2 + icingaweb2-common + icingaweb2-module-monitoring + php-icinga + + + asciidoctor + ruby-asciidoctor + + + libthunarx-3-0 + thunar + thunar-data + + + prayer + prayer-accountd + prayer-templates-src + + + gthumb + gthumb-data + + + smplayer + smplayer-l10n + + + netdata + netdata-apache2 + netdata-core + netdata-plugins-bash + netdata-plugins-nodejs + netdata-plugins-python + netdata-web + + + librecad + librecad-data + + + kio-extras + kio-extras-data + + + sludge-compiler + sludge-engine + + + jupyter-notebook + python3-notebook + + + gnome-keyring + gnome-keyring-pkcs11 + libpam-gnome-keyring + + + gnuplot + gnuplot-data + gnuplot-nox + gnuplot-qt + gnuplot-x11 + + + faad + libfaad2 + + + kf5-messagelib-data + libkf5messagecomposer5abi2 + libkf5messagecore5abi2 + libkf5messagelist5abi1 + libkf5messageviewer-plugins + libkf5messageviewer5abi5 + libkf5mimetreeparser5abi3 + libkf5templateparser5abi2 + libkf5webengineviewer5abi3 + + + libc-client2007e + mlock + uw-mailutils + + + libqt5hunspellinputmethod5 + libqt5virtualkeyboard5 + qml-module-qtquick-virtualkeyboard + qtvirtualkeyboard-plugin + qtvirtualkeyboard5-examples + + + libqt5svg5 + qtsvg5-examples + + + civicrm-common + civicrm-l10n + wordpress-civicrm + + + wesnoth + wesnoth-1.14 + wesnoth-1.14-aoi + wesnoth-1.14-core + wesnoth-1.14-data + wesnoth-1.14-did + wesnoth-1.14-dm + wesnoth-1.14-dw + wesnoth-1.14-ei + wesnoth-1.14-httt + wesnoth-1.14-l + wesnoth-1.14-low + wesnoth-1.14-music + wesnoth-1.14-nr + wesnoth-1.14-server + wesnoth-1.14-sof + wesnoth-1.14-sota + wesnoth-1.14-sotbe + wesnoth-1.14-thot + wesnoth-1.14-tools + wesnoth-1.14-trow + wesnoth-1.14-tsg + wesnoth-1.14-ttb + wesnoth-1.14-utbs + wesnoth-core + wesnoth-music + + + fonts-mathjax + fonts-mathjax-extras + libjs-mathjax + + + terminology + terminology-data + + + botan + libbotan-2-12 + python3-botan + + + libu2f-host0 + libu2f-udev + u2f-host + + + libsolv-perl + libsolv-tools + libsolv0 + libsolvext0 + python3-solv + + + openssh-client + openssh-server + openssh-sftp-server + openssh-tests + ssh + ssh-askpass-gnome + + + mumble + mumble-server + + + libvterm-bin + libvterm0 + + + insighttoolkit4-examples + insighttoolkit4-python3 + libinsighttoolkit4.13 + + + texmaker + texmaker-data + + + gridengine-client + gridengine-common + gridengine-drmaa1.0 + gridengine-exec + gridengine-master + gridengine-qmon + libdrmaa1.0-java + libdrmaa1.0-ruby + + + libqt5websockets5 + qml-module-qt-websockets + qml-module-qtwebsockets + qtwebsockets5-examples + + + openjdk-11-demo + openjdk-11-jdk + openjdk-11-jdk-headless + openjdk-11-jre + openjdk-11-jre-headless + openjdk-11-jre-zero + openjdk-11-source + + + libcfitsio-bin + libcfitsio8 + + + libbasicusageenvironment1 + libgroupsock8 + liblivemedia77 + libusageenvironment3 + livemedia-utils + + + mkvtoolnix + mkvtoolnix-gui + + + charon-cmd + charon-systemd + libcharon-extauth-plugins + libcharon-extra-plugins + libcharon-standard-plugins + libstrongswan + libstrongswan-extra-plugins + libstrongswan-standard-plugins + strongswan + strongswan-charon + strongswan-libcharon + strongswan-nm + strongswan-pki + strongswan-scepclient + strongswan-starter + strongswan-swanctl + strongswan-tnc-base + strongswan-tnc-client + strongswan-tnc-ifmap + strongswan-tnc-pdp + strongswan-tnc-server + + + kea-admin + kea-common + kea-ctrl-agent + kea-dhcp-ddns-server + kea-dhcp4-server + kea-dhcp6-server + python3-kea-connector + + + libmpv1 + mpv + + + sfcb + sfcb-test + + + libodbc1 + odbcinst + odbcinst1debian2 + unixodbc + + + gir1.2-vips-8.0 + libvips-tools + libvips42 + + + libgraphite2-3 + libgraphite2-utils + python3-graphite2 + + + afflib-tools + libafflib0v5 + + + libevt-utils + libevt1 + python3-libevt + + + ncmpc + ncmpc-lyrics + + + f2fs-tools + libf2fs-format4 + libf2fs5 + + + inetutils-ftp + inetutils-ftpd + inetutils-inetd + inetutils-ping + inetutils-syslogd + inetutils-talk + inetutils-talkd + inetutils-telnet + inetutils-telnetd + inetutils-tools + inetutils-traceroute + + + axhttpd + libaxtls1 + libaxtlsp-perl + lua-axtlsl + + + hostapd + wpagui + wpasupplicant + + + apache2 + apache2-bin + apache2-data + apache2-suexec-custom + apache2-suexec-pristine + apache2-utils + libapache2-mod-md + libapache2-mod-proxy-uwsgi + + + atril + atril-common + gir1.2-atril + gir1.2-atrildocument-1.5.0 + gir1.2-atrilview-1.5.0 + libatrildocument3 + libatrilview3 + + + nfdump + nfdump-sflow + + + gimp-gmic + gmic + gmic-zart + krita-gmic + libgmic1 + + + elpa-helm + elpa-helm-core + + + ironic-inspector + python3-ironic-inspector + + + freeradius + freeradius-common + freeradius-config + freeradius-dhcp + freeradius-iodbc + freeradius-krb5 + freeradius-ldap + freeradius-memcached + freeradius-mysql + freeradius-postgresql + freeradius-python3 + freeradius-redis + freeradius-rest + freeradius-utils + freeradius-yubikey + libfreeradius3 + + + dogtag-pki + dogtag-pki-console-theme + dogtag-pki-server-theme + libsymkey-java + libsymkey-jni + pki-base + pki-base-java + pki-ca + pki-console + pki-javadoc + pki-kra + pki-ocsp + pki-server + pki-tks + pki-tools + pki-tps + pki-tps-client + python3-pki-base + + + virt-manager + virtinst + + + trojita + trojita-data + trojita-l10n + + + libwireshark-data + libwireshark13 + libwiretap10 + libwsutil11 + tshark + wireshark + wireshark-common + wireshark-gtk + wireshark-qt + + + fusiondirectory + fusiondirectory-plugin-alias + fusiondirectory-plugin-alias-schema + fusiondirectory-plugin-applications + fusiondirectory-plugin-applications-schema + fusiondirectory-plugin-argonaut + fusiondirectory-plugin-argonaut-schema + fusiondirectory-plugin-audit + fusiondirectory-plugin-audit-schema + fusiondirectory-plugin-autofs + fusiondirectory-plugin-autofs-schema + fusiondirectory-plugin-certificates + fusiondirectory-plugin-community + fusiondirectory-plugin-community-schema + fusiondirectory-plugin-cyrus + fusiondirectory-plugin-cyrus-schema + fusiondirectory-plugin-debconf + fusiondirectory-plugin-debconf-schema + fusiondirectory-plugin-dhcp + fusiondirectory-plugin-dhcp-schema + fusiondirectory-plugin-dns + fusiondirectory-plugin-dns-schema + fusiondirectory-plugin-dovecot + fusiondirectory-plugin-dovecot-schema + fusiondirectory-plugin-dsa + fusiondirectory-plugin-dsa-schema + fusiondirectory-plugin-ejbca + fusiondirectory-plugin-ejbca-schema + fusiondirectory-plugin-fai + fusiondirectory-plugin-fai-schema + fusiondirectory-plugin-freeradius + fusiondirectory-plugin-freeradius-schema + fusiondirectory-plugin-fusioninventory + fusiondirectory-plugin-fusioninventory-schema + fusiondirectory-plugin-gpg + fusiondirectory-plugin-gpg-schema + fusiondirectory-plugin-ipmi + fusiondirectory-plugin-ipmi-schema + fusiondirectory-plugin-ldapdump + fusiondirectory-plugin-ldapmanager + fusiondirectory-plugin-mail + fusiondirectory-plugin-mail-schema + fusiondirectory-plugin-mixedgroups + fusiondirectory-plugin-nagios + fusiondirectory-plugin-nagios-schema + fusiondirectory-plugin-netgroups + fusiondirectory-plugin-netgroups-schema + fusiondirectory-plugin-newsletter + fusiondirectory-plugin-newsletter-schema + fusiondirectory-plugin-opsi + fusiondirectory-plugin-opsi-schema + fusiondirectory-plugin-personal + fusiondirectory-plugin-personal-schema + fusiondirectory-plugin-posix + fusiondirectory-plugin-postfix + fusiondirectory-plugin-postfix-schema + fusiondirectory-plugin-ppolicy + fusiondirectory-plugin-ppolicy-schema + fusiondirectory-plugin-puppet + fusiondirectory-plugin-puppet-schema + fusiondirectory-plugin-pureftpd + fusiondirectory-plugin-pureftpd-schema + fusiondirectory-plugin-quota + fusiondirectory-plugin-quota-schema + fusiondirectory-plugin-renater-partage + fusiondirectory-plugin-renater-partage-schema + fusiondirectory-plugin-repository + fusiondirectory-plugin-repository-schema + fusiondirectory-plugin-samba + fusiondirectory-plugin-samba-schema + fusiondirectory-plugin-sogo + fusiondirectory-plugin-sogo-schema + fusiondirectory-plugin-spamassassin + fusiondirectory-plugin-spamassassin-schema + fusiondirectory-plugin-squid + fusiondirectory-plugin-squid-schema + fusiondirectory-plugin-ssh + fusiondirectory-plugin-ssh-schema + fusiondirectory-plugin-subcontracting + fusiondirectory-plugin-subcontracting-schema + fusiondirectory-plugin-sudo + fusiondirectory-plugin-sudo-schema + fusiondirectory-plugin-supann + fusiondirectory-plugin-supann-schema + fusiondirectory-plugin-sympa + fusiondirectory-plugin-sympa-schema + fusiondirectory-plugin-systems + fusiondirectory-plugin-systems-schema + fusiondirectory-plugin-user-reminder + fusiondirectory-plugin-user-reminder-schema + fusiondirectory-plugin-weblink + fusiondirectory-plugin-weblink-schema + fusiondirectory-plugin-webservice + fusiondirectory-plugin-webservice-schema + fusiondirectory-schema + fusiondirectory-smarty3-acl-render + fusiondirectory-theme-oxygen + fusiondirectory-webservice-shell + + + libmediainfo0v5 + python3-mediainfodll + + + evince + evince-common + gir1.2-evince-3.0 + libevdocument3-4 + libevview3-3 + + + heif-gdk-pixbuf + heif-thumbnailer + libheif-examples + libheif1 + + + libduo3 + libpam-duo + login-duo + + + libwhoopsie0 + whoopsie + + + librec1 + recutils + + + groonga + groonga-bin + groonga-examples + groonga-httpd + groonga-munin-plugins + groonga-plugin-suggest + groonga-server-common + groonga-server-gqtp + groonga-token-filter-stem + groonga-tokenizer-mecab + libgroonga0 + + + libzstd1 + zstd + + + lemonldap-ng + lemonldap-ng-fastcgi-server + lemonldap-ng-handler + lemonldap-ng-uwsgi-app + liblemonldap-ng-common-perl + liblemonldap-ng-handler-perl + liblemonldap-ng-manager-perl + liblemonldap-ng-portal-perl + + + libpam-u2f + pamu2fcfg + + + buildbot + buildbot-slave + buildbot-worker + python3-buildbot + python3-buildbot-worker + + + libapache2-mod-apreq2 + libapache2-request-perl + libapreq2-3 + + + squid + squid-cgi + squid-common + squid-purge + squidclient + + + dosbox + dosbox-debug + + + neovim + neovim-runtime + + + xymon + xymon-client + + + gir1.2-libosinfo-1.0 + libosinfo-1.0-0 + libosinfo-bin + libosinfo-l10n + + + jackd2 + jackd2-firewire + libjack-jackd2-0 + + + cl-roscpp-msg + cl-topic-tools + libmessage-filters1d + librosbag-storage3d + librosbag3d + libroscpp2d + libroslz4-1d + libtopic-tools1d + libxmlrpcpp2d + python3-message-filters + python3-rosbag + python3-roscpp-msg + python3-rosgraph + python3-roslaunch + python3-roslz4 + python3-rosmaster + python3-rosmsg + python3-rosnode + python3-rosparam + python3-rospy + python3-rosservice + python3-rostest + python3-rostopic + python3-roswtf + python3-topic-tools + ros-roscpp-msg + ros-topic-tools-srvs + rosout + topic-tools + + + libsox-fmt-all + libsox-fmt-alsa + libsox-fmt-ao + libsox-fmt-base + libsox-fmt-mp3 + libsox-fmt-oss + libsox-fmt-pulse + libsox3 + sox + + + libmcpp0 + mcpp + + + bochs + bochs-sdl + bochs-term + bochs-wx + bochs-x + bochsbios + bximage + sb16ctrl-bochs + + + fs-uae + fs-uae-arcade + fs-uae-launcher + + + libvde0 + libvdeplug2 + vde2 + vde2-cryptcab + + + gnucobol + libcob4 + open-cobol + + + adplug-utils + libadplug-2.3.1-0 + + + libkf5config-bin + libkf5config-data + libkf5configcore5 + libkf5configgui5 + + + dnsmasq + dnsmasq-base + dnsmasq-base-lua + dnsmasq-utils + + + nbdkit + nbdkit-plugin-guestfs + nbdkit-plugin-libvirt + nbdkit-plugin-lua + nbdkit-plugin-perl + nbdkit-plugin-python + nbdkit-plugin-ruby + nbdkit-plugin-tcl + + + ctdb + libnss-winbind + libpam-winbind + libsmbclient + libwbclient0 + python3-samba + registry-tools + samba + samba-common + samba-common-bin + samba-dsdb-modules + samba-libs + samba-testsuite + samba-vfs-modules + smbclient + winbind + + + libssl1.1 + openssl + + + tigervnc-common + tigervnc-scraping-server + tigervnc-standalone-server + tigervnc-viewer + tigervnc-xorg-extension + + + cpp-8-aarch64-linux-gnu + cpp-8-arm-linux-gnueabi + cpp-8-arm-linux-gnueabihf + cpp-8-i686-linux-gnu + cpp-8-powerpc-linux-gnu + cpp-8-powerpc64le-linux-gnu + cpp-8-s390x-linux-gnu + cpp-8-x86-64-linux-gnu + g++-8-aarch64-linux-gnu + g++-8-arm-linux-gnueabi + g++-8-arm-linux-gnueabihf + g++-8-i686-linux-gnu + g++-8-multilib-arm-linux-gnueabi + g++-8-multilib-arm-linux-gnueabihf + g++-8-multilib-i686-linux-gnu + g++-8-multilib-powerpc-linux-gnu + g++-8-multilib-s390x-linux-gnu + g++-8-multilib-x86-64-linux-gnu + g++-8-powerpc-linux-gnu + g++-8-powerpc64le-linux-gnu + g++-8-s390x-linux-gnu + g++-8-x86-64-linux-gnu + gcc-8-aarch64-linux-gnu + gcc-8-aarch64-linux-gnu-base + gcc-8-arm-linux-gnueabi + gcc-8-arm-linux-gnueabi-base + gcc-8-arm-linux-gnueabihf + gcc-8-arm-linux-gnueabihf-base + gcc-8-cross-base + gcc-8-i686-linux-gnu + gcc-8-i686-linux-gnu-base + gcc-8-multilib-arm-linux-gnueabi + gcc-8-multilib-arm-linux-gnueabihf + gcc-8-multilib-i686-linux-gnu + gcc-8-multilib-powerpc-linux-gnu + gcc-8-multilib-s390x-linux-gnu + gcc-8-multilib-x86-64-linux-gnu + gcc-8-powerpc-linux-gnu + gcc-8-powerpc-linux-gnu-base + gcc-8-powerpc64le-linux-gnu + gcc-8-powerpc64le-linux-gnu-base + gcc-8-s390x-linux-gnu + gcc-8-s390x-linux-gnu-base + gcc-8-x86-64-linux-gnu + gcc-8-x86-64-linux-gnu-base + gccbrig-8-i686-linux-gnu + gccbrig-8-x86-64-linux-gnu + gccgo-8-aarch64-linux-gnu + gccgo-8-arm-linux-gnueabi + gccgo-8-arm-linux-gnueabihf + gccgo-8-i686-linux-gnu + gccgo-8-multilib-i686-linux-gnu + gccgo-8-multilib-powerpc-linux-gnu + gccgo-8-multilib-s390x-linux-gnu + gccgo-8-multilib-x86-64-linux-gnu + gccgo-8-powerpc-linux-gnu + gccgo-8-powerpc64le-linux-gnu + gccgo-8-s390x-linux-gnu + gccgo-8-x86-64-linux-gnu + gdc-8-aarch64-linux-gnu + gdc-8-arm-linux-gnueabi + gdc-8-arm-linux-gnueabihf + gdc-8-i686-linux-gnu + gdc-8-multilib-arm-linux-gnueabihf + gdc-8-multilib-i686-linux-gnu + gdc-8-multilib-powerpc-linux-gnu + gdc-8-multilib-s390x-linux-gnu + gdc-8-multilib-x86-64-linux-gnu + gdc-8-powerpc-linux-gnu + gdc-8-powerpc64le-linux-gnu + gdc-8-s390x-linux-gnu + gdc-8-x86-64-linux-gnu + gfortran-8-aarch64-linux-gnu + gfortran-8-arm-linux-gnueabi + gfortran-8-arm-linux-gnueabihf + gfortran-8-i686-linux-gnu + gfortran-8-multilib-arm-linux-gnueabi + gfortran-8-multilib-arm-linux-gnueabihf + gfortran-8-multilib-i686-linux-gnu + gfortran-8-multilib-powerpc-linux-gnu + gfortran-8-multilib-s390x-linux-gnu + gfortran-8-multilib-x86-64-linux-gnu + gfortran-8-powerpc-linux-gnu + gfortran-8-powerpc64le-linux-gnu + gfortran-8-s390x-linux-gnu + gfortran-8-x86-64-linux-gnu + gnat-8-aarch64-linux-gnu + gnat-8-arm-linux-gnueabi + gnat-8-arm-linux-gnueabihf + gnat-8-i686-linux-gnu + gnat-8-powerpc-linux-gnu + gnat-8-powerpc64le-linux-gnu + gnat-8-s390x-linux-gnu + gnat-8-sjlj-aarch64-linux-gnu + gnat-8-sjlj-arm-linux-gnueabi + gnat-8-sjlj-arm-linux-gnueabihf + gnat-8-sjlj-i686-linux-gnu + gnat-8-sjlj-powerpc-linux-gnu + gnat-8-sjlj-powerpc64le-linux-gnu + gnat-8-sjlj-s390x-linux-gnu + gnat-8-sjlj-x86-64-linux-gnu + gnat-8-x86-64-linux-gnu + gobjc++-8-aarch64-linux-gnu + gobjc++-8-arm-linux-gnueabi + gobjc++-8-arm-linux-gnueabihf + gobjc++-8-i686-linux-gnu + gobjc++-8-multilib-arm-linux-gnueabi + gobjc++-8-multilib-arm-linux-gnueabihf + gobjc++-8-multilib-i686-linux-gnu + gobjc++-8-multilib-powerpc-linux-gnu + gobjc++-8-multilib-s390x-linux-gnu + gobjc++-8-multilib-x86-64-linux-gnu + gobjc++-8-powerpc-linux-gnu + gobjc++-8-powerpc64le-linux-gnu + gobjc++-8-s390x-linux-gnu + gobjc++-8-x86-64-linux-gnu + gobjc-8-aarch64-linux-gnu + gobjc-8-arm-linux-gnueabi + gobjc-8-arm-linux-gnueabihf + gobjc-8-i686-linux-gnu + gobjc-8-multilib-arm-linux-gnueabi + gobjc-8-multilib-arm-linux-gnueabihf + gobjc-8-multilib-i686-linux-gnu + gobjc-8-multilib-powerpc-linux-gnu + gobjc-8-multilib-s390x-linux-gnu + gobjc-8-multilib-x86-64-linux-gnu + gobjc-8-powerpc-linux-gnu + gobjc-8-powerpc64le-linux-gnu + gobjc-8-s390x-linux-gnu + gobjc-8-x86-64-linux-gnu + lib32go13-amd64-cross + lib32go13-s390x-cross + lib32mpx2-amd64-cross + lib64go13-i386-cross + lib64go13-powerpc-cross + lib64mpx2-i386-cross + libgnat-8-amd64-cross + libgnat-8-arm64-cross + libgnat-8-armel-cross + libgnat-8-armhf-cross + libgnat-8-i386-cross + libgnat-8-powerpc-cross + libgnat-8-ppc64el-cross + libgnat-8-s390x-cross + libgo13-amd64-cross + libgo13-arm64-cross + libgo13-armel-cross + libgo13-armhf-cross + libgo13-i386-cross + libgo13-powerpc-cross + libgo13-ppc64el-cross + libgo13-s390x-cross + libmpx2-amd64-cross + libmpx2-i386-cross + libstdc++-8-pic-amd64-cross + libstdc++-8-pic-arm64-cross + libstdc++-8-pic-armel-cross + libstdc++-8-pic-armhf-cross + libstdc++-8-pic-i386-cross + libstdc++-8-pic-powerpc-cross + libstdc++-8-pic-ppc64el-cross + libstdc++-8-pic-s390x-cross + libx32go13-amd64-cross + libx32go13-i386-cross + + + cpp-8-alpha-linux-gnu + cpp-8-hppa-linux-gnu + cpp-8-m68k-linux-gnu + cpp-8-powerpc64-linux-gnu + cpp-8-riscv64-linux-gnu + cpp-8-sh4-linux-gnu + cpp-8-sparc64-linux-gnu + cpp-8-x86-64-linux-gnux32 + g++-8-alpha-linux-gnu + g++-8-hppa-linux-gnu + g++-8-m68k-linux-gnu + g++-8-multilib-powerpc64-linux-gnu + g++-8-multilib-sparc64-linux-gnu + g++-8-multilib-x86-64-linux-gnux32 + g++-8-powerpc64-linux-gnu + g++-8-riscv64-linux-gnu + g++-8-sh4-linux-gnu + g++-8-sparc64-linux-gnu + g++-8-x86-64-linux-gnux32 + gcc-8-alpha-linux-gnu + gcc-8-alpha-linux-gnu-base + gcc-8-cross-base-ports + gcc-8-hppa-linux-gnu + gcc-8-hppa-linux-gnu-base + gcc-8-m68k-linux-gnu + gcc-8-m68k-linux-gnu-base + gcc-8-multilib-powerpc64-linux-gnu + gcc-8-multilib-sparc64-linux-gnu + gcc-8-multilib-x86-64-linux-gnux32 + gcc-8-powerpc64-linux-gnu + gcc-8-powerpc64-linux-gnu-base + gcc-8-riscv64-linux-gnu + gcc-8-riscv64-linux-gnu-base + gcc-8-sh4-linux-gnu + gcc-8-sh4-linux-gnu-base + gcc-8-sparc64-linux-gnu + gcc-8-sparc64-linux-gnu-base + gcc-8-x86-64-linux-gnux32 + gcc-8-x86-64-linux-gnux32-base + gccbrig-8-x86-64-linux-gnux32 + gccgo-8-alpha-linux-gnu + gccgo-8-multilib-powerpc64-linux-gnu + gccgo-8-multilib-sparc64-linux-gnu + gccgo-8-multilib-x86-64-linux-gnux32 + gccgo-8-powerpc64-linux-gnu + gccgo-8-riscv64-linux-gnu + gccgo-8-sparc64-linux-gnu + gccgo-8-x86-64-linux-gnux32 + gdc-8-alpha-linux-gnu + gdc-8-hppa-linux-gnu + gdc-8-m68k-linux-gnu + gdc-8-multilib-powerpc64-linux-gnu + gdc-8-multilib-sparc64-linux-gnu + gdc-8-multilib-x86-64-linux-gnux32 + gdc-8-powerpc64-linux-gnu + gdc-8-riscv64-linux-gnu + gdc-8-sh4-linux-gnu + gdc-8-sparc64-linux-gnu + gdc-8-x86-64-linux-gnux32 + gfortran-8-alpha-linux-gnu + gfortran-8-hppa-linux-gnu + gfortran-8-m68k-linux-gnu + gfortran-8-multilib-powerpc64-linux-gnu + gfortran-8-multilib-sparc64-linux-gnu + gfortran-8-multilib-x86-64-linux-gnux32 + gfortran-8-powerpc64-linux-gnu + gfortran-8-riscv64-linux-gnu + gfortran-8-sh4-linux-gnu + gfortran-8-sparc64-linux-gnu + gfortran-8-x86-64-linux-gnux32 + gnat-8-alpha-linux-gnu + gnat-8-hppa-linux-gnu + gnat-8-m68k-linux-gnu + gnat-8-powerpc64-linux-gnu + gnat-8-sh4-linux-gnu + gnat-8-sjlj-alpha-linux-gnu + gnat-8-sjlj-hppa-linux-gnu + gnat-8-sjlj-m68k-linux-gnu + gnat-8-sjlj-powerpc64-linux-gnu + gnat-8-sjlj-sh4-linux-gnu + gnat-8-sjlj-sparc64-linux-gnu + gnat-8-sjlj-x86-64-linux-gnux32 + gnat-8-sparc64-linux-gnu + gnat-8-x86-64-linux-gnux32 + gobjc++-8-alpha-linux-gnu + gobjc++-8-hppa-linux-gnu + gobjc++-8-m68k-linux-gnu + gobjc++-8-multilib-powerpc64-linux-gnu + gobjc++-8-multilib-sparc64-linux-gnu + gobjc++-8-multilib-x86-64-linux-gnux32 + gobjc++-8-powerpc64-linux-gnu + gobjc++-8-riscv64-linux-gnu + gobjc++-8-sh4-linux-gnu + gobjc++-8-sparc64-linux-gnu + gobjc++-8-x86-64-linux-gnux32 + gobjc-8-alpha-linux-gnu + gobjc-8-hppa-linux-gnu + gobjc-8-m68k-linux-gnu + gobjc-8-multilib-powerpc64-linux-gnu + gobjc-8-multilib-sparc64-linux-gnu + gobjc-8-multilib-x86-64-linux-gnux32 + gobjc-8-powerpc64-linux-gnu + gobjc-8-riscv64-linux-gnu + gobjc-8-sh4-linux-gnu + gobjc-8-sparc64-linux-gnu + gobjc-8-x86-64-linux-gnux32 + lib32go13-ppc64-cross + lib32go13-sparc64-cross + lib32go13-x32-cross + lib64go13-x32-cross + libgnat-8-alpha-cross + libgnat-8-hppa-cross + libgnat-8-m68k-cross + libgnat-8-ppc64-cross + libgnat-8-sh4-cross + libgnat-8-sparc64-cross + libgnat-8-x32-cross + libgo13-alpha-cross + libgo13-ppc64-cross + libgo13-riscv64-cross + libgo13-sparc64-cross + libgo13-x32-cross + libstdc++-8-pic-alpha-cross + libstdc++-8-pic-hppa-cross + libstdc++-8-pic-m68k-cross + libstdc++-8-pic-ppc64-cross + libstdc++-8-pic-riscv64-cross + libstdc++-8-pic-sh4-cross + libstdc++-8-pic-sparc64-cross + libstdc++-8-pic-x32-cross + + + cpp-9 + g++-9 + g++-9-multilib + gcc-9 + gcc-9-base + gcc-9-hppa64-linux-gnu + gcc-9-locales + gcc-9-multilib + gcc-9-offload-nvptx + gcc-9-source + gcc-9-test-results + gccbrig-9 + gccgo-9 + gccgo-9-multilib + gdc-9 + gdc-9-multilib + gfortran-9 + gfortran-9-multilib + gm2-9 + gnat-9 + gobjc++-9 + gobjc++-9-multilib + gobjc-9 + gobjc-9-multilib + lib32asan5 + lib32go14 + lib32gphobos76 + lib64asan5 + lib64go14 + lib64gphobos76 + libasan5 + libgm2-0 + libgnat-9 + libgnatvsn9 + libgo14 + libgphobos76 + libsfasan5 + libsfgphobos76 + libstdc++-9-pic + libx32asan5 + libx32go14 + libx32gphobos76 + + + cpp-9-aarch64-linux-gnu + cpp-9-arm-linux-gnueabi + cpp-9-arm-linux-gnueabihf + cpp-9-i686-linux-gnu + cpp-9-powerpc-linux-gnu + cpp-9-powerpc64le-linux-gnu + cpp-9-s390x-linux-gnu + cpp-9-x86-64-linux-gnu + g++-9-aarch64-linux-gnu + g++-9-arm-linux-gnueabi + g++-9-arm-linux-gnueabihf + g++-9-i686-linux-gnu + g++-9-multilib-arm-linux-gnueabi + g++-9-multilib-arm-linux-gnueabihf + g++-9-multilib-i686-linux-gnu + g++-9-multilib-powerpc-linux-gnu + g++-9-multilib-s390x-linux-gnu + g++-9-multilib-x86-64-linux-gnu + g++-9-powerpc-linux-gnu + g++-9-powerpc64le-linux-gnu + g++-9-s390x-linux-gnu + g++-9-x86-64-linux-gnu + gcc-9-aarch64-linux-gnu + gcc-9-aarch64-linux-gnu-base + gcc-9-arm-linux-gnueabi + gcc-9-arm-linux-gnueabi-base + gcc-9-arm-linux-gnueabihf + gcc-9-arm-linux-gnueabihf-base + gcc-9-cross-base + gcc-9-i686-linux-gnu + gcc-9-i686-linux-gnu-base + gcc-9-multilib-arm-linux-gnueabi + gcc-9-multilib-arm-linux-gnueabihf + gcc-9-multilib-i686-linux-gnu + gcc-9-multilib-powerpc-linux-gnu + gcc-9-multilib-s390x-linux-gnu + gcc-9-multilib-x86-64-linux-gnu + gcc-9-powerpc-linux-gnu + gcc-9-powerpc-linux-gnu-base + gcc-9-powerpc64le-linux-gnu + gcc-9-powerpc64le-linux-gnu-base + gcc-9-s390x-linux-gnu + gcc-9-s390x-linux-gnu-base + gcc-9-x86-64-linux-gnu + gcc-9-x86-64-linux-gnu-base + gccbrig-9-i686-linux-gnu + gccbrig-9-x86-64-linux-gnu + gccgo-9-aarch64-linux-gnu + gccgo-9-arm-linux-gnueabi + gccgo-9-arm-linux-gnueabihf + gccgo-9-i686-linux-gnu + gccgo-9-multilib-i686-linux-gnu + gccgo-9-multilib-powerpc-linux-gnu + gccgo-9-multilib-s390x-linux-gnu + gccgo-9-multilib-x86-64-linux-gnu + gccgo-9-powerpc-linux-gnu + gccgo-9-powerpc64le-linux-gnu + gccgo-9-s390x-linux-gnu + gccgo-9-x86-64-linux-gnu + gdc-9-aarch64-linux-gnu + gdc-9-arm-linux-gnueabi + gdc-9-arm-linux-gnueabihf + gdc-9-i686-linux-gnu + gdc-9-multilib-arm-linux-gnueabihf + gdc-9-multilib-i686-linux-gnu + gdc-9-multilib-powerpc-linux-gnu + gdc-9-multilib-s390x-linux-gnu + gdc-9-multilib-x86-64-linux-gnu + gdc-9-powerpc-linux-gnu + gdc-9-powerpc64le-linux-gnu + gdc-9-s390x-linux-gnu + gdc-9-x86-64-linux-gnu + gfortran-9-aarch64-linux-gnu + gfortran-9-arm-linux-gnueabi + gfortran-9-arm-linux-gnueabihf + gfortran-9-i686-linux-gnu + gfortran-9-multilib-arm-linux-gnueabi + gfortran-9-multilib-arm-linux-gnueabihf + gfortran-9-multilib-i686-linux-gnu + gfortran-9-multilib-powerpc-linux-gnu + gfortran-9-multilib-s390x-linux-gnu + gfortran-9-multilib-x86-64-linux-gnu + gfortran-9-powerpc-linux-gnu + gfortran-9-powerpc64le-linux-gnu + gfortran-9-s390x-linux-gnu + gfortran-9-x86-64-linux-gnu + gm2-9-aarch64-linux-gnu + gm2-9-arm-linux-gnueabi + gm2-9-arm-linux-gnueabihf + gm2-9-i686-linux-gnu + gm2-9-powerpc64le-linux-gnu + gm2-9-s390x-linux-gnu + gm2-9-x86-64-linux-gnu + gnat-9-aarch64-linux-gnu + gnat-9-arm-linux-gnueabi + gnat-9-arm-linux-gnueabihf + gnat-9-i686-linux-gnu + gnat-9-powerpc-linux-gnu + gnat-9-powerpc64le-linux-gnu + gnat-9-s390x-linux-gnu + gnat-9-x86-64-linux-gnu + gobjc++-9-aarch64-linux-gnu + gobjc++-9-arm-linux-gnueabi + gobjc++-9-arm-linux-gnueabihf + gobjc++-9-i686-linux-gnu + gobjc++-9-multilib-arm-linux-gnueabi + gobjc++-9-multilib-arm-linux-gnueabihf + gobjc++-9-multilib-i686-linux-gnu + gobjc++-9-multilib-powerpc-linux-gnu + gobjc++-9-multilib-s390x-linux-gnu + gobjc++-9-multilib-x86-64-linux-gnu + gobjc++-9-powerpc-linux-gnu + gobjc++-9-powerpc64le-linux-gnu + gobjc++-9-s390x-linux-gnu + gobjc++-9-x86-64-linux-gnu + gobjc-9-aarch64-linux-gnu + gobjc-9-arm-linux-gnueabi + gobjc-9-arm-linux-gnueabihf + gobjc-9-i686-linux-gnu + gobjc-9-multilib-arm-linux-gnueabi + gobjc-9-multilib-arm-linux-gnueabihf + gobjc-9-multilib-i686-linux-gnu + gobjc-9-multilib-powerpc-linux-gnu + gobjc-9-multilib-s390x-linux-gnu + gobjc-9-multilib-x86-64-linux-gnu + gobjc-9-powerpc-linux-gnu + gobjc-9-powerpc64le-linux-gnu + gobjc-9-s390x-linux-gnu + gobjc-9-x86-64-linux-gnu + lib32asan5-amd64-cross + lib32asan5-s390x-cross + lib32go14-amd64-cross + lib32go14-s390x-cross + lib32gphobos76-amd64-cross + lib32gphobos76-s390x-cross + lib64asan5-i386-cross + lib64asan5-powerpc-cross + lib64go14-i386-cross + lib64go14-powerpc-cross + lib64gphobos76-i386-cross + libasan5-amd64-cross + libasan5-arm64-cross + libasan5-armel-cross + libasan5-armhf-cross + libasan5-i386-cross + libasan5-powerpc-cross + libasan5-ppc64el-cross + libasan5-s390x-cross + libgm2-0-amd64-cross + libgm2-0-arm64-cross + libgm2-0-armel-cross + libgm2-0-armhf-cross + libgm2-0-i386-cross + libgm2-0-ppc64el-cross + libgm2-0-s390x-cross + libgnat-9-amd64-cross + libgnat-9-arm64-cross + libgnat-9-armel-cross + libgnat-9-armhf-cross + libgnat-9-i386-cross + libgnat-9-powerpc-cross + libgnat-9-ppc64el-cross + libgnat-9-s390x-cross + libgo14-amd64-cross + libgo14-arm64-cross + libgo14-armel-cross + libgo14-armhf-cross + libgo14-i386-cross + libgo14-powerpc-cross + libgo14-ppc64el-cross + libgo14-s390x-cross + libgphobos76-amd64-cross + libgphobos76-arm64-cross + libgphobos76-armel-cross + libgphobos76-armhf-cross + libgphobos76-i386-cross + libgphobos76-s390x-cross + libhfasan5-armel-cross + libsfasan5-armhf-cross + libsfgphobos76-armhf-cross + libstdc++-9-pic-amd64-cross + libstdc++-9-pic-arm64-cross + libstdc++-9-pic-armel-cross + libstdc++-9-pic-armhf-cross + libstdc++-9-pic-i386-cross + libstdc++-9-pic-powerpc-cross + libstdc++-9-pic-ppc64el-cross + libstdc++-9-pic-s390x-cross + libx32asan5-amd64-cross + libx32asan5-i386-cross + libx32go14-amd64-cross + libx32go14-i386-cross + libx32gphobos76-amd64-cross + libx32gphobos76-i386-cross + + + cpp-9-alpha-linux-gnu + cpp-9-hppa-linux-gnu + cpp-9-m68k-linux-gnu + cpp-9-powerpc64-linux-gnu + cpp-9-riscv64-linux-gnu + cpp-9-sh4-linux-gnu + cpp-9-sparc64-linux-gnu + cpp-9-x86-64-linux-gnux32 + g++-9-alpha-linux-gnu + g++-9-hppa-linux-gnu + g++-9-m68k-linux-gnu + g++-9-multilib-powerpc64-linux-gnu + g++-9-multilib-sparc64-linux-gnu + g++-9-multilib-x86-64-linux-gnux32 + g++-9-powerpc64-linux-gnu + g++-9-riscv64-linux-gnu + g++-9-sh4-linux-gnu + g++-9-sparc64-linux-gnu + g++-9-x86-64-linux-gnux32 + gcc-9-alpha-linux-gnu + gcc-9-alpha-linux-gnu-base + gcc-9-cross-base-ports + gcc-9-hppa-linux-gnu + gcc-9-hppa-linux-gnu-base + gcc-9-m68k-linux-gnu + gcc-9-m68k-linux-gnu-base + gcc-9-multilib-powerpc64-linux-gnu + gcc-9-multilib-sparc64-linux-gnu + gcc-9-multilib-x86-64-linux-gnux32 + gcc-9-powerpc64-linux-gnu + gcc-9-powerpc64-linux-gnu-base + gcc-9-riscv64-linux-gnu + gcc-9-riscv64-linux-gnu-base + gcc-9-sh4-linux-gnu + gcc-9-sh4-linux-gnu-base + gcc-9-sparc64-linux-gnu + gcc-9-sparc64-linux-gnu-base + gcc-9-x86-64-linux-gnux32 + gcc-9-x86-64-linux-gnux32-base + gccbrig-9-x86-64-linux-gnux32 + gccgo-9-alpha-linux-gnu + gccgo-9-multilib-powerpc64-linux-gnu + gccgo-9-multilib-sparc64-linux-gnu + gccgo-9-multilib-x86-64-linux-gnux32 + gccgo-9-powerpc64-linux-gnu + gccgo-9-riscv64-linux-gnu + gccgo-9-sh4-linux-gnu + gccgo-9-sparc64-linux-gnu + gccgo-9-x86-64-linux-gnux32 + gdc-9-alpha-linux-gnu + gdc-9-hppa-linux-gnu + gdc-9-m68k-linux-gnu + gdc-9-multilib-powerpc64-linux-gnu + gdc-9-multilib-sparc64-linux-gnu + gdc-9-multilib-x86-64-linux-gnux32 + gdc-9-powerpc64-linux-gnu + gdc-9-riscv64-linux-gnu + gdc-9-sh4-linux-gnu + gdc-9-sparc64-linux-gnu + gdc-9-x86-64-linux-gnux32 + gfortran-9-alpha-linux-gnu + gfortran-9-hppa-linux-gnu + gfortran-9-m68k-linux-gnu + gfortran-9-multilib-powerpc64-linux-gnu + gfortran-9-multilib-sparc64-linux-gnu + gfortran-9-multilib-x86-64-linux-gnux32 + gfortran-9-powerpc64-linux-gnu + gfortran-9-riscv64-linux-gnu + gfortran-9-sh4-linux-gnu + gfortran-9-sparc64-linux-gnu + gfortran-9-x86-64-linux-gnux32 + gm2-9-alpha-linux-gnu + gm2-9-hppa-linux-gnu + gm2-9-m68k-linux-gnu + gm2-9-riscv64-linux-gnu + gm2-9-sparc64-linux-gnu + gm2-9-x86-64-linux-gnux32 + gnat-9-alpha-linux-gnu + gnat-9-hppa-linux-gnu + gnat-9-m68k-linux-gnu + gnat-9-powerpc64-linux-gnu + gnat-9-riscv64-linux-gnu + gnat-9-sh4-linux-gnu + gnat-9-sparc64-linux-gnu + gnat-9-x86-64-linux-gnux32 + gobjc++-9-alpha-linux-gnu + gobjc++-9-hppa-linux-gnu + gobjc++-9-m68k-linux-gnu + gobjc++-9-multilib-powerpc64-linux-gnu + gobjc++-9-multilib-sparc64-linux-gnu + gobjc++-9-multilib-x86-64-linux-gnux32 + gobjc++-9-powerpc64-linux-gnu + gobjc++-9-riscv64-linux-gnu + gobjc++-9-sh4-linux-gnu + gobjc++-9-sparc64-linux-gnu + gobjc++-9-x86-64-linux-gnux32 + gobjc-9-alpha-linux-gnu + gobjc-9-hppa-linux-gnu + gobjc-9-m68k-linux-gnu + gobjc-9-multilib-powerpc64-linux-gnu + gobjc-9-multilib-sparc64-linux-gnu + gobjc-9-multilib-x86-64-linux-gnux32 + gobjc-9-powerpc64-linux-gnu + gobjc-9-riscv64-linux-gnu + gobjc-9-sh4-linux-gnu + gobjc-9-sparc64-linux-gnu + gobjc-9-x86-64-linux-gnux32 + lib32asan5-ppc64-cross + lib32asan5-sparc64-cross + lib32asan5-x32-cross + lib32go14-ppc64-cross + lib32go14-sparc64-cross + lib32go14-x32-cross + lib32gphobos76-x32-cross + lib64asan5-x32-cross + lib64go14-x32-cross + lib64gphobos76-x32-cross + libasan5-ppc64-cross + libasan5-sparc64-cross + libasan5-x32-cross + libgm2-0-alpha-cross + libgm2-0-hppa-cross + libgm2-0-m68k-cross + libgm2-0-riscv64-cross + libgm2-0-sparc64-cross + libgm2-0-x32-cross + libgnat-9-alpha-cross + libgnat-9-hppa-cross + libgnat-9-m68k-cross + libgnat-9-ppc64-cross + libgnat-9-riscv64-cross + libgnat-9-sh4-cross + libgnat-9-sparc64-cross + libgnat-9-x32-cross + libgo14-alpha-cross + libgo14-ppc64-cross + libgo14-riscv64-cross + libgo14-sh4-cross + libgo14-sparc64-cross + libgo14-x32-cross + libgphobos76-riscv64-cross + libgphobos76-x32-cross + libstdc++-9-pic-alpha-cross + libstdc++-9-pic-hppa-cross + libstdc++-9-pic-m68k-cross + libstdc++-9-pic-ppc64-cross + libstdc++-9-pic-riscv64-cross + libstdc++-9-pic-sh4-cross + libstdc++-9-pic-sparc64-cross + libstdc++-9-pic-x32-cross + + + libns3-3v5 + ns3 + python3-ns3 + + + virtualbox-guest-dkms-hwe + virtualbox-guest-source-hwe + virtualbox-guest-utils-hwe + virtualbox-guest-x11-hwe + + + libwbxml2-0 + libwbxml2-utils + + + cflow + cflow-l10n + + + isag + sysstat + + + dino-im + dino-im-common + + + libopenconnect5 + openconnect + + + enchant + libenchant-voikko + libenchant1c2a + + + hunspell + hunspell-tools + libhunspell-1.7-0 + + + idle-python3.8 + libpython3.8 + libpython3.8-minimal + libpython3.8-stdlib + libpython3.8-testsuite + python3.8 + python3.8-examples + python3.8-minimal + python3.8-venv + + + rsyslog + rsyslog-czmq + rsyslog-elasticsearch + rsyslog-gnutls + rsyslog-gssapi + rsyslog-hiredis + rsyslog-kafka + rsyslog-mongodb + rsyslog-mysql + rsyslog-openssl + rsyslog-pgsql + rsyslog-relp + + + pterm + putty + putty-tools + + + libfwsi1 + python3-libfwsi + + + gdal-bin + gdal-data + libgdal-java + libgdal-perl + libgdal26 + python3-gdal + + + ivtools-bin + libiv-unidraw1 + libiv1 + + + neuron + python3-neuron + + + fonts-povray + povray + povray-examples + povray-includes + + + bash + bash-builtins + bash-static + + + htcondor + libclassad8 + + + libmailutils6 + mailutils + mailutils-common + mailutils-comsatd + mailutils-guile + mailutils-imap4d + mailutils-mh + mailutils-pop3d + python3-mailutils + + + libarchive-tools + libarchive13 + + + libluajit-5.1-2 + libluajit-5.1-common + luajit + + + dia + dia-common + + + nethack-common + nethack-console + nethack-lisp + nethack-x11 + + + kopano-archiver + kopano-backup + kopano-common + kopano-contacts + kopano-core + kopano-dagent + kopano-gateway + kopano-ical + kopano-l10n + kopano-libs + kopano-monitor + kopano-presence + kopano-search + kopano-server + kopano-spamd + kopano-spooler + kopano-utils + php-mapi + python3-kopano + python3-mapi + + + lout + lout-common + + + handlebars + libjs-handlebars + libjs-handlebars.runtime + + + libapache2-mod-mapcache + libmapcache1 + mapcache-cgi + mapcache-tools + + + libnetcdf15 + netcdf-bin + + + libnetcdf-mpi-13 + libnetcdf-pnetcdf-13 + + + scilab + scilab-cli + scilab-data + scilab-full-bin + scilab-include + scilab-minimal-bin + scilab-test + + + libmysofa-utils + libmysofa1 + + + zsh + zsh-common + zsh-static + + + pure-ftpd + pure-ftpd-common + pure-ftpd-ldap + pure-ftpd-mysql + pure-ftpd-postgresql + + + maptool + navit + navit-data + navit-graphics-gtk-drawing-area + navit-gui-gtk + navit-gui-internal + + + ldm + ldm-server + + + libnss-myhostname + libnss-mymachines + libnss-resolve + libnss-systemd + libpam-systemd + libsystemd0 + libudev1 + systemd + systemd-container + systemd-coredump + systemd-journal-remote + systemd-sysv + systemd-tests + systemd-timesyncd + udev + + + libyang-cpp0.16 + libyang0.16 + python3-yang + yang-tools + + + gir1.2-rsvg-2.0 + librsvg2-2 + librsvg2-bin + librsvg2-common + + + libusrsctp-examples + libusrsctp1 + + + libopendmarc2 + opendmarc + + + prboom-plus + prboom-plus-game-server + + + python-pip-whl + python3-pip + + + influxdb + influxdb-client + + + aom-tools + libaom0 + + + libvpx6 + vpx-tools + + + android-libetc1 + android-platform-frameworks-native-headers + + + libunbound8 + python-unbound + python3-unbound + unbound + unbound-anchor + unbound-host + + + aspell + libaspell15 + + + libmariadb3 + libmariadbd19 + mariadb-backup + mariadb-client + mariadb-client-10.3 + mariadb-client-core-10.3 + mariadb-common + mariadb-plugin-connect + mariadb-plugin-cracklib-password-check + mariadb-plugin-gssapi-client + mariadb-plugin-gssapi-server + mariadb-plugin-mroonga + mariadb-plugin-oqgraph + mariadb-plugin-rocksdb + mariadb-plugin-spider + mariadb-plugin-tokudb + mariadb-server + mariadb-server-10.3 + mariadb-server-core-10.3 + mariadb-test + mariadb-test-data + + + openjdk-13-demo + openjdk-13-jdk + openjdk-13-jdk-headless + openjdk-13-jre + openjdk-13-jre-headless + openjdk-13-jre-zero + openjdk-13-source + + + libmysqlclient21 + mysql-client + mysql-client-8.0 + mysql-client-core-8.0 + mysql-router + mysql-server + mysql-server-8.0 + mysql-server-core-8.0 + mysql-source-8.0 + mysql-testsuite + mysql-testsuite-8.0 + + + aria2 + libaria2-0 + + + nfs-common + nfs-kernel-server + + + cockpit + cockpit-bridge + cockpit-dashboard + cockpit-machines + cockpit-networkmanager + cockpit-packagekit + cockpit-pcp + cockpit-storaged + cockpit-system + cockpit-tests + cockpit-ws + + + libopenwsman1 + libwsman-client4 + libwsman-clientpp1 + libwsman-curl-client-transport1 + libwsman-server1 + libwsman1 + openwsman + python-openwsman + + + libshadowsocks-libev2 + shadowsocks-libev + + + filezilla + filezilla-common + + + python-sqlalchemy + python-sqlalchemy-ext + python3-sqlalchemy + python3-sqlalchemy-ext + + + rsh-client + rsh-server + + + libkf5auth-data + libkf5auth5 + libkf5authcore5 + + + python-rdflib-tools + python3-rdflib + + + mpop + mpop-gnome + + + msmtp + msmtp-gnome + msmtp-mta + + + sysdig + sysdig-dkms + + + db5.3-sql-util + db5.3-util + libdb5.3 + libdb5.3++ + libdb5.3-java + libdb5.3-java-jni + libdb5.3-sql + libdb5.3-stl + libdb5.3-tcl + + + libsqlcipher0 + sqlcipher + + + libnghttp2-14 + nghttp2 + nghttp2-client + nghttp2-proxy + nghttp2-server + + + libnginx-mod-http-auth-pam + libnginx-mod-http-cache-purge + libnginx-mod-http-dav-ext + libnginx-mod-http-echo + libnginx-mod-http-fancyindex + libnginx-mod-http-geoip + libnginx-mod-http-geoip2 + libnginx-mod-http-headers-more-filter + libnginx-mod-http-image-filter + libnginx-mod-http-lua + libnginx-mod-http-ndk + libnginx-mod-http-perl + libnginx-mod-http-subs-filter + libnginx-mod-http-uploadprogress + libnginx-mod-http-upstream-fair + libnginx-mod-http-xslt-filter + libnginx-mod-mail + libnginx-mod-nchan + libnginx-mod-rtmp + libnginx-mod-stream + nginx + nginx-common + nginx-core + nginx-extras + nginx-full + nginx-light + + + python3-twisted + python3-twisted-bin + + + libofx7 + ofx + + + tar + tar-scripts + + + php-twig + php-twig-cssinliner-extra + php-twig-extra-bundle + php-twig-html-extra + php-twig-inky-extra + php-twig-intl-extra + php-twig-markdown-extra + + + clang-10 + clang-10-examples + clang-format-10 + clang-tidy-10 + clang-tools-10 + clangd-10 + libc++1-10 + libc++abi1-10 + libclang-cpp10 + libclang1-10 + liblld-10 + liblldb-10 + libllvm10 + libomp5-10 + lld-10 + lldb-10 + llvm-10 + llvm-10-examples + llvm-10-runtime + llvm-10-tools + python3-clang-10 + python3-lldb-10 + + + clang-11 + clang-11-examples + clang-format-11 + clang-tidy-11 + clang-tools-11 + clangd-11 + libc++1-11 + libc++abi1-11 + libclang-cpp11 + libclang1-11 + liblld-11 + liblldb-11 + libllvm11 + libomp5-11 + lld-11 + lldb-11 + llvm-11 + llvm-11-examples + llvm-11-runtime + llvm-11-tools + python3-clang-11 + python3-lldb-11 + + + clang-8 + clang-8-examples + clang-format-8 + clang-tidy-8 + clang-tools-8 + clangd-8 + libc++1-8 + libc++abi1-8 + libclang1-8 + liblld-8 + liblldb-8 + libllvm8 + libomp5-8 + lld-8 + lldb-8 + llvm-8 + llvm-8-examples + llvm-8-runtime + llvm-8-tools + python-clang-8 + python-lldb-8 + python3-clang-8 + python3-lldb-8 + + + clang-9 + clang-9-examples + clang-format-9 + clang-tidy-9 + clang-tools-9 + clangd-9 + libc++1-9 + libc++abi1-9 + libclang-cpp1-9 + libclang-cpp9 + libclang1-9 + liblld-9 + liblldb-9 + libllvm9 + libomp5-9 + lld-9 + lldb-9 + llvm-9 + llvm-9-examples + llvm-9-runtime + llvm-9-tools + python-clang-9 + python3-clang-9 + python3-lldb-9 + + + iptables + libip4tc2 + libip6tc2 + libiptc0 + libxtables12 + + + python3-pil + python3-pil.imagetk + + + python-pil + python-pil.imagetk + + + telnet + telnetd + + + telnet-ssl + telnetd-ssl + + + cl-actionlib + libactionlib0d + python3-actionlib + + + janus + janus-demos + janus-tools + libjs-janus + + + libruby2.7 + ruby2.7 + + + oddjob + oddjob-mkhomedir + + + os-brick-common + python3-os-brick + + + fwupd + fwupd-amd64-signed-template + fwupd-arm64-signed-template + fwupd-armhf-signed-template + fwupd-tests + gir1.2-fwupd-2.0 + gir1.2-fwupdplugin-1.0 + libfwupd2 + libfwupdplugin1 + + + gir1.2-jcat-1.0 + jcat + libjcat-tests + libjcat1 + + + codeblocks + codeblocks-common + codeblocks-contrib + libcodeblocks0 + libwxsmithlib0 + + + freerdp2-shadow-x11 + freerdp2-wayland + freerdp2-x11 + libfreerdp-client2-2 + libfreerdp-server2-2 + libfreerdp-shadow-subsystem2-2 + libfreerdp-shadow2-2 + libfreerdp2-2 + libuwac0-0 + libwinpr-tools2-2 + libwinpr2-2 + winpr-utils + + + bacula + bacula-bscan + bacula-client + bacula-common + bacula-common-mysql + bacula-common-pgsql + bacula-common-sqlite3 + bacula-console + bacula-console-qt + bacula-director + bacula-director-common + bacula-director-mysql + bacula-director-pgsql + bacula-director-sqlite3 + bacula-fd + bacula-sd + bacula-server + bacula-tray-monitor + + + python-httplib2 + python3-httplib2 + + + ruby-kaminari + ruby-kaminari-actionview + ruby-kaminari-activerecord + ruby-kaminari-core + + + crawl + crawl-common + crawl-tiles + crawl-tiles-data + + + libemf1 + printemf + + + audacity + audacity-data + + + ntpsec + ntpsec-ntpdate + ntpsec-ntpviz + python3-ntp + + + console-conf + subiquitycore + + + libndpi-bin + libndpi-wireshark + libndpi2.6 + + + ant + ant-optional + + + libsqlite3-mod-blobtoxy + libsqlite3-mod-csvtable + libsqlite3-mod-impexp + libsqlite3-mod-xpath + libsqlite3-mod-zipfile + libsqliteodbc + + + keystone + keystone-common + python3-keystone + + + gir1.2-gupnp-1.2 + libgupnp-1.2-0 + + + libixml10 + libupnp13 + + + fonts-opensymbol + gir1.2-lokdocview-0.1 + libjuh-java + libjurt-java + liblibreofficekitgtk + libofficebean-java + libreoffice + libreoffice-avmedia-backend-gstreamer + libreoffice-base + libreoffice-base-core + libreoffice-base-drivers + libreoffice-base-nogui + libreoffice-calc + libreoffice-calc-nogui + libreoffice-common + libreoffice-core + libreoffice-core-nogui + libreoffice-draw + libreoffice-draw-nogui + libreoffice-evolution + libreoffice-gnome + libreoffice-gtk + libreoffice-gtk2 + libreoffice-gtk3 + libreoffice-help-ca + libreoffice-help-common + libreoffice-help-cs + libreoffice-help-da + libreoffice-help-de + libreoffice-help-dz + libreoffice-help-el + libreoffice-help-en-gb + libreoffice-help-en-us + libreoffice-help-es + libreoffice-help-et + libreoffice-help-eu + libreoffice-help-fi + libreoffice-help-fr + libreoffice-help-gl + libreoffice-help-hi + libreoffice-help-hu + libreoffice-help-id + libreoffice-help-it + libreoffice-help-ja + libreoffice-help-km + libreoffice-help-ko + libreoffice-help-nl + libreoffice-help-om + libreoffice-help-pl + libreoffice-help-pt + libreoffice-help-pt-br + libreoffice-help-ru + libreoffice-help-sk + libreoffice-help-sl + libreoffice-help-sv + libreoffice-help-tr + libreoffice-help-vi + libreoffice-help-zh-cn + libreoffice-help-zh-tw + libreoffice-impress + libreoffice-impress-nogui + libreoffice-java-common + libreoffice-kde + libreoffice-kde4 + libreoffice-kde5 + libreoffice-kf5 + libreoffice-l10n-af + libreoffice-l10n-am + libreoffice-l10n-ar + libreoffice-l10n-as + libreoffice-l10n-ast + libreoffice-l10n-be + libreoffice-l10n-bg + libreoffice-l10n-bn + libreoffice-l10n-br + libreoffice-l10n-bs + libreoffice-l10n-ca + libreoffice-l10n-cs + libreoffice-l10n-cy + libreoffice-l10n-da + libreoffice-l10n-de + libreoffice-l10n-dz + libreoffice-l10n-el + libreoffice-l10n-en-gb + libreoffice-l10n-en-za + libreoffice-l10n-eo + libreoffice-l10n-es + libreoffice-l10n-et + libreoffice-l10n-eu + libreoffice-l10n-fa + libreoffice-l10n-fi + libreoffice-l10n-fr + libreoffice-l10n-ga + libreoffice-l10n-gd + libreoffice-l10n-gl + libreoffice-l10n-gu + libreoffice-l10n-gug + libreoffice-l10n-he + libreoffice-l10n-hi + libreoffice-l10n-hr + libreoffice-l10n-hu + libreoffice-l10n-id + libreoffice-l10n-in + libreoffice-l10n-is + libreoffice-l10n-it + libreoffice-l10n-ja + libreoffice-l10n-ka + libreoffice-l10n-kk + libreoffice-l10n-km + libreoffice-l10n-kmr + libreoffice-l10n-kn + libreoffice-l10n-ko + libreoffice-l10n-lt + libreoffice-l10n-lv + libreoffice-l10n-mk + libreoffice-l10n-ml + libreoffice-l10n-mn + libreoffice-l10n-mr + libreoffice-l10n-nb + libreoffice-l10n-ne + libreoffice-l10n-nl + libreoffice-l10n-nn + libreoffice-l10n-nr + libreoffice-l10n-nso + libreoffice-l10n-oc + libreoffice-l10n-om + libreoffice-l10n-or + libreoffice-l10n-pa-in + libreoffice-l10n-pl + libreoffice-l10n-pt + libreoffice-l10n-pt-br + libreoffice-l10n-ro + libreoffice-l10n-ru + libreoffice-l10n-rw + libreoffice-l10n-si + libreoffice-l10n-sk + libreoffice-l10n-sl + libreoffice-l10n-sr + libreoffice-l10n-ss + libreoffice-l10n-st + libreoffice-l10n-sv + libreoffice-l10n-szl + libreoffice-l10n-ta + libreoffice-l10n-te + libreoffice-l10n-tg + libreoffice-l10n-th + libreoffice-l10n-tn + libreoffice-l10n-tr + libreoffice-l10n-ts + libreoffice-l10n-ug + libreoffice-l10n-uk + libreoffice-l10n-uz + libreoffice-l10n-ve + libreoffice-l10n-vi + libreoffice-l10n-xh + libreoffice-l10n-za + libreoffice-l10n-zh-cn + libreoffice-l10n-zh-tw + libreoffice-l10n-zu + libreoffice-librelogo + libreoffice-math + libreoffice-math-nogui + libreoffice-mysql-connector + libreoffice-nlpsolver + libreoffice-officebean + libreoffice-ogltrans + libreoffice-pdfimport + libreoffice-plasma + libreoffice-qt5 + libreoffice-report-builder + libreoffice-report-builder-bin + libreoffice-report-builder-bin-nogui + libreoffice-script-provider-bsh + libreoffice-script-provider-js + libreoffice-script-provider-python + libreoffice-sdbc-firebird + libreoffice-sdbc-hsqldb + libreoffice-sdbc-mysql + libreoffice-sdbc-postgresql + libreoffice-smoketest-data + libreoffice-style-breeze + libreoffice-style-colibre + libreoffice-style-elementary + libreoffice-style-galaxy + libreoffice-style-hicontrast + libreoffice-style-human + libreoffice-style-karasa-jaga + libreoffice-style-oxygen + libreoffice-style-sifr + libreoffice-style-tango + libreoffice-subsequentcheckbase + libreoffice-systray + libreoffice-wiki-publisher + libreoffice-writer + libreoffice-writer-nogui + libreofficekit-data + libridl-java + libuno-cppu3 + libuno-cppuhelpergcc3-3 + libuno-purpenvhelpergcc3-3 + libuno-sal3 + libuno-salhelpergcc3-3 + libunoil-java + libunoloader-java + python3-access2base + python3-uno + uno-libs-private + ure + + + frr + frr-pythontools + frr-rpki-rtrlib + frr-snmp + + + python3-pandas + python3-pandas-lib + + + python3-sklearn + python3-sklearn-lib + + + libwpewebkit-1.0-3 + wpewebkit-driver + + + alevtd + fbtv + pia + radio + scantv + streamer + ttv + v4l-conf + webcam + xawtv + xawtv-plugin-qt + xawtv-plugins + xawtv-tools + + + znc + znc-backlog + znc-perl + znc-push + znc-python + znc-tcl + + + cpp-10 + g++-10 + g++-10-multilib + gcc-10 + gcc-10-base + gcc-10-hppa64-linux-gnu + gcc-10-locales + gcc-10-multilib + gcc-10-offload-amdgcn + gcc-10-offload-nvptx + gcc-10-source + gcc-10-test-results + gccbrig-10 + gccgo-10 + gccgo-10-multilib + gdc-10 + gdc-10-multilib + gfortran-10 + gfortran-10-multilib + gm2-10 + gnat-10 + gobjc++-10 + gobjc++-10-multilib + gobjc-10 + gobjc-10-multilib + lib32asan6 + lib32atomic1 + lib32gcc-s1 + lib32gcc1 + lib32gfortran5 + lib32go16 + lib32gomp1 + lib32gphobos1 + lib32itm1 + lib32lsan0 + lib32objc4 + lib32quadmath0 + lib32stdc++6 + lib32ubsan1 + lib64asan6 + lib64atomic1 + lib64gcc-s1 + lib64gcc1 + lib64gfortran5 + lib64go16 + lib64gomp1 + lib64gphobos1 + lib64itm1 + lib64objc4 + lib64quadmath0 + lib64stdc++6 + lib64ubsan1 + libasan6 + libatomic1 + libcc1-0 + libgcc-s1 + libgcc1 + libgccjit0 + libgfortran5 + libgm2-15 + libgnat-10 + libgnat-util10 + libgo16 + libgomp-plugin-amdgcn1 + libgomp-plugin-hsa1 + libgomp-plugin-nvptx1 + libgomp1 + libgphobos1 + libhsail-rt0 + libitm1 + liblsan0 + libobjc4 + libquadmath0 + libsfasan6 + libsfatomic1 + libsfgcc-s1 + libsfgcc1 + libsfgfortran5 + libsfgomp1 + libsfgphobos1 + libsfobjc4 + libsfstdc++6 + libsfubsan1 + libstdc++-10-pic + libstdc++6 + libtsan0 + libubsan1 + libx32asan6 + libx32atomic1 + libx32gcc-s1 + libx32gcc1 + libx32gfortran5 + libx32go16 + libx32gomp1 + libx32gphobos1 + libx32itm1 + libx32lsan0 + libx32objc4 + libx32quadmath0 + libx32stdc++6 + libx32ubsan1 + + + iscsiuio + open-iscsi + + + kramdown + ruby-kramdown + + + redis + redis-sentinel + redis-server + redis-tools + + + libecpg-compat3 + libecpg6 + libpgtypes3 + libpq5 + postgresql-12 + postgresql-client-12 + postgresql-plperl-12 + postgresql-plpython3-12 + postgresql-pltcl-12 + + + grub-efi-amd64 + grub-efi-amd64-bin + grub-efi-arm64 + grub-efi-arm64-bin + + + openjdk-14-demo + openjdk-14-jdk + openjdk-14-jdk-headless + openjdk-14-jre + openjdk-14-jre-headless + openjdk-14-jre-zero + openjdk-14-source + + + alpine + alpine-pico + pilot + + + freedroidrpg + freedroidrpg-data + + + tuxguitar + tuxguitar-alsa + tuxguitar-fluidsynth + tuxguitar-jack + tuxguitar-jsa + tuxguitar-oss + + + mediainfo + mediainfo-gui + + + hylafax-client + hylafax-server + + + cakephp + cakephp-scripts + + + freetype2-demos + libfreetype6 + + + exiv2 + libexiv2-27 + + + giflib-tools + libgif7 + + + libtspi1 + trousers + + + selinux-policy-default + selinux-policy-mls + selinux-policy-src + + + libx11-6 + libx11-data + libx11-xcb1 + + + rauc + rauc-service + + + idle-python3.9 + libpython3.9 + libpython3.9-minimal + libpython3.9-stdlib + libpython3.9-testsuite + python3.9 + python3.9-examples + python3.9-full + python3.9-minimal + python3.9-venv + + + libjs-highlight + libjs-highlight.js + node-highlight + node-highlight.js + + + r-base + r-base-core + r-base-html + r-mathlib + r-recommended + + + citadel-suite + citadel-webcit + + + exim4 + exim4-base + exim4-config + exim4-daemon-heavy + exim4-daemon-light + eximon4 + + + dovecot-auth-lua + dovecot-core + dovecot-gssapi + dovecot-imapd + dovecot-ldap + dovecot-lmtpd + dovecot-lucene + dovecot-managesieved + dovecot-mysql + dovecot-pgsql + dovecot-pop3d + dovecot-sieve + dovecot-solr + dovecot-sqlite + dovecot-submissiond + mail-stack-delivery + + + libmaxminddb0 + mmdb-bin + + + python3-renderpm + python3-reportlab + python3-reportlab-accel + + + python-jinja2 + python3-jinja2 + + + prusa-slicer + slic3r-prusa + + + openscad + openscad-testing + openscad-testing-data + + + libcgal-demo + libcgal-ipelets + + + libsvm-java + libsvm-tools + libsvm3 + libsvm3-java + python3-libsvm + + + libp11-kit0 + p11-kit + p11-kit-modules + + + dlt-daemon + dlt-tools + libdlt-examples + libdlt2 + + + pypy-py + python-py + python3-py + + + dbus + dbus-tests + dbus-user-session + dbus-x11 + libdbus-1-3 + + + kitty + kitty-terminfo + + + libopendkim11 + librbl1 + libvbr2 + opendkim + opendkim-tools + + + ldap-utils + libldap-2.4-2 + libldap-common + slapd + slapd-contrib + slapd-smbk5pwd + + + libstd-rust-1.47 + rust-gdb + rust-lldb + rust-src + rustc + + + libpam-cracklib + libpam-modules + libpam-modules-bin + libpam-runtime + libpam0g + + + cmark-gfm + libcmark-gfm-extensions0 + libcmark-gfm0 + + + libaccinj64-10.1 + libcublas10 + libcublaslt10 + libcudart10.1 + libcufft10 + libcufftw10 + libcuinj64-10.1 + libcupti10.1 + libcurand10 + libcusolver10 + libcusolvermg10 + libcusparse10 + libnppc10 + libnppial10 + libnppicc10 + libnppicom10 + libnppidei10 + libnppif10 + libnppig10 + libnppim10 + libnppist10 + libnppisu10 + libnppitc10 + libnpps10 + libnvblas10 + libnvgraph10 + libnvjpeg10 + libnvrtc10.1 + libnvtoolsext1 + libnvvm3 + nsight-compute + nsight-systems + nvidia-cuda-gdb + nvidia-cuda-toolkit + nvidia-cuda-toolkit-gcc + nvidia-nsight + nvidia-profiler + nvidia-visual-profiler + + + gir1.2-gst-rtsp-server-1.0 + gstreamer1.0-rtsp + libgstrtspserver-1.0-0 + + + atftp + atftpd + + + freediameter + freediameter-extensions + freediameterd + libfdcore6 + libfdproto6 + + + libapache2-mod-php7.4 + libphp7.4-embed + php7.4 + php7.4-bcmath + php7.4-bz2 + php7.4-cgi + php7.4-cli + php7.4-common + php7.4-curl + php7.4-dba + php7.4-enchant + php7.4-fpm + php7.4-gd + php7.4-gmp + php7.4-imap + php7.4-interbase + php7.4-intl + php7.4-json + php7.4-ldap + php7.4-mbstring + php7.4-mysql + php7.4-odbc + php7.4-opcache + php7.4-pgsql + php7.4-phpdbg + php7.4-pspell + php7.4-readline + php7.4-snmp + php7.4-soap + php7.4-sqlite3 + php7.4-sybase + php7.4-tidy + php7.4-xml + php7.4-xmlrpc + php7.4-xsl + php7.4-zip + + + python3-uvicorn + uvicorn + + + libjs-node-forge + node-node-forge + + + libjs-chart.js + node-chart.js + + + libsasl2-2 + libsasl2-modules + libsasl2-modules-db + libsasl2-modules-gssapi-heimdal + libsasl2-modules-gssapi-mit + libsasl2-modules-ldap + libsasl2-modules-otp + libsasl2-modules-sql + sasl2-bin + + + caja-nextcloud + dolphin-nextcloud + libnextcloudsync0 + nautilus-nextcloud + nemo-nextcloud + nextcloud-desktop + nextcloud-desktop-cmd + nextcloud-desktop-common + nextcloud-desktop-l10n + + + gce-compute-image-packages + google-compute-engine-oslogin + python3-google-compute-engine + + + network-manager-ssh + network-manager-ssh-gnome + + + manila-api + manila-common + manila-data + manila-scheduler + manila-share + python3-manila + + + libcuda1-331 + libcuda1-331-updates + libcuda1-340 + libcuda1-340-updates + nvidia-331 + nvidia-331-updates + nvidia-331-updates-uvm + nvidia-331-uvm + nvidia-340 + nvidia-340-updates + nvidia-340-uvm + nvidia-libopencl1-331 + nvidia-libopencl1-331-updates + nvidia-libopencl1-340 + nvidia-libopencl1-340-updates + nvidia-opencl-icd-331 + nvidia-opencl-icd-331-updates + nvidia-opencl-icd-340 + nvidia-opencl-icd-340-updates + + + libcuda1-384 + libnvidia-cfg1-390 + libnvidia-common-390 + libnvidia-compute-390 + libnvidia-decode-390 + libnvidia-encode-390 + libnvidia-fbc1-390 + libnvidia-gl-390 + libnvidia-ifr1-390 + nvidia-384 + nvidia-compute-utils-390 + nvidia-dkms-390 + nvidia-driver-390 + nvidia-headless-390 + nvidia-headless-no-dkms-390 + nvidia-kernel-common-390 + nvidia-kernel-source-390 + nvidia-libopencl1-384 + nvidia-opencl-icd-384 + nvidia-utils-390 + xserver-xorg-video-nvidia-390 + + + libnvidia-cfg1-418-server + libnvidia-common-418-server + libnvidia-compute-418-server + libnvidia-decode-418-server + libnvidia-encode-418-server + libnvidia-fbc1-418-server + libnvidia-gl-418-server + libnvidia-ifr1-418-server + nvidia-compute-utils-418-server + nvidia-dkms-418-server + nvidia-driver-418-server + nvidia-headless-418-server + nvidia-headless-no-dkms-418-server + nvidia-kernel-common-418-server + nvidia-kernel-source-418-server + nvidia-utils-418-server + xserver-xorg-video-nvidia-418-server + + + libnvidia-cfg1-418 + libnvidia-common-418 + libnvidia-common-430 + libnvidia-compute-418 + libnvidia-decode-418 + libnvidia-encode-418 + libnvidia-fbc1-418 + libnvidia-gl-418 + libnvidia-ifr1-418 + nvidia-compute-utils-418 + nvidia-dkms-418 + nvidia-driver-418 + nvidia-headless-418 + nvidia-headless-no-dkms-418 + nvidia-kernel-common-418 + nvidia-kernel-source-418 + nvidia-utils-418 + xserver-xorg-video-nvidia-418 + + + libnvidia-cfg1-435 + libnvidia-common-435 + libnvidia-compute-435 + libnvidia-decode-435 + libnvidia-encode-435 + libnvidia-fbc1-435 + libnvidia-gl-435 + libnvidia-ifr1-435 + nvidia-compute-utils-435 + nvidia-dkms-435 + nvidia-driver-435 + nvidia-headless-435 + nvidia-headless-no-dkms-435 + nvidia-kernel-common-435 + nvidia-kernel-source-435 + nvidia-utils-435 + xserver-xorg-video-nvidia-435 + + + libnvidia-cfg1-430 + libnvidia-cfg1-440 + libnvidia-common-430 + libnvidia-common-440 + libnvidia-compute-430 + libnvidia-compute-440 + libnvidia-decode-430 + libnvidia-decode-440 + libnvidia-encode-430 + libnvidia-encode-440 + libnvidia-extra-440 + libnvidia-fbc1-430 + libnvidia-fbc1-440 + libnvidia-gl-430 + libnvidia-gl-440 + libnvidia-ifr1-430 + libnvidia-ifr1-440 + nvidia-compute-utils-430 + nvidia-compute-utils-440 + nvidia-dkms-430 + nvidia-dkms-440 + nvidia-driver-430 + nvidia-driver-440 + nvidia-headless-430 + nvidia-headless-440 + nvidia-headless-no-dkms-430 + nvidia-headless-no-dkms-440 + nvidia-kernel-common-430 + nvidia-kernel-common-440 + nvidia-kernel-source-430 + nvidia-kernel-source-440 + nvidia-utils-430 + nvidia-utils-440 + xserver-xorg-video-nvidia-430 + xserver-xorg-video-nvidia-440 + + + libnvidia-cfg1-440-server + libnvidia-common-440-server + libnvidia-compute-440-server + libnvidia-decode-440-server + libnvidia-encode-440-server + libnvidia-extra-440-server + libnvidia-fbc1-440-server + libnvidia-gl-440-server + libnvidia-ifr1-440-server + nvidia-compute-utils-440-server + nvidia-dkms-440-server + nvidia-driver-440-server + nvidia-headless-440-server + nvidia-headless-no-dkms-440-server + nvidia-kernel-common-440-server + nvidia-kernel-source-440-server + nvidia-utils-440-server + xserver-xorg-video-nvidia-440-server + + + libnvidia-cfg1-440 + libnvidia-cfg1-450 + libnvidia-common-440 + libnvidia-common-450 + libnvidia-compute-440 + libnvidia-compute-450 + libnvidia-decode-440 + libnvidia-decode-450 + libnvidia-encode-440 + libnvidia-encode-450 + libnvidia-extra-440 + libnvidia-extra-450 + libnvidia-fbc1-440 + libnvidia-fbc1-450 + libnvidia-gl-440 + libnvidia-gl-450 + libnvidia-ifr1-440 + libnvidia-ifr1-450 + nvidia-compute-utils-440 + nvidia-compute-utils-450 + nvidia-dkms-440 + nvidia-dkms-450 + nvidia-driver-440 + nvidia-driver-450 + nvidia-headless-440 + nvidia-headless-450 + nvidia-headless-no-dkms-440 + nvidia-headless-no-dkms-450 + nvidia-kernel-common-440 + nvidia-kernel-common-450 + nvidia-kernel-source-440 + nvidia-kernel-source-450 + nvidia-utils-440 + nvidia-utils-450 + xserver-xorg-video-nvidia-440 + xserver-xorg-video-nvidia-450 + + + libnvidia-cfg1-440-server + libnvidia-cfg1-450-server + libnvidia-common-440-server + libnvidia-common-450-server + libnvidia-compute-440-server + libnvidia-compute-450-server + libnvidia-decode-440-server + libnvidia-decode-450-server + libnvidia-encode-440-server + libnvidia-encode-450-server + libnvidia-extra-440-server + libnvidia-extra-450-server + libnvidia-fbc1-440-server + libnvidia-fbc1-450-server + libnvidia-gl-440-server + libnvidia-gl-450-server + libnvidia-ifr1-440-server + libnvidia-ifr1-450-server + nvidia-compute-utils-440-server + nvidia-compute-utils-450-server + nvidia-dkms-440-server + nvidia-dkms-450-server + nvidia-driver-440-server + nvidia-driver-450-server + nvidia-headless-440-server + nvidia-headless-450-server + nvidia-headless-no-dkms-440-server + nvidia-headless-no-dkms-450-server + nvidia-kernel-common-440-server + nvidia-kernel-common-450-server + nvidia-kernel-source-440-server + nvidia-kernel-source-450-server + nvidia-utils-440-server + nvidia-utils-450-server + xserver-xorg-video-nvidia-440-server + xserver-xorg-video-nvidia-450-server + + + libnvidia-cfg1-435 + libnvidia-cfg1-455 + libnvidia-common-435 + libnvidia-common-455 + libnvidia-compute-435 + libnvidia-compute-455 + libnvidia-decode-435 + libnvidia-decode-455 + libnvidia-encode-435 + libnvidia-encode-455 + libnvidia-extra-455 + libnvidia-fbc1-435 + libnvidia-fbc1-455 + libnvidia-gl-435 + libnvidia-gl-455 + libnvidia-ifr1-435 + libnvidia-ifr1-455 + nvidia-compute-utils-435 + nvidia-compute-utils-455 + nvidia-dkms-435 + nvidia-dkms-455 + nvidia-driver-435 + nvidia-driver-455 + nvidia-headless-435 + nvidia-headless-455 + nvidia-headless-no-dkms-435 + nvidia-headless-no-dkms-455 + nvidia-kernel-common-435 + nvidia-kernel-common-455 + nvidia-kernel-source-435 + nvidia-kernel-source-455 + nvidia-utils-435 + nvidia-utils-455 + xserver-xorg-video-nvidia-435 + xserver-xorg-video-nvidia-455 + + + libnvidia-cfg1-450 + libnvidia-cfg1-455 + libnvidia-cfg1-460 + libnvidia-common-450 + libnvidia-common-455 + libnvidia-common-460 + libnvidia-compute-450 + libnvidia-compute-455 + libnvidia-compute-460 + libnvidia-decode-450 + libnvidia-decode-455 + libnvidia-decode-460 + libnvidia-encode-450 + libnvidia-encode-455 + libnvidia-encode-460 + libnvidia-extra-450 + libnvidia-extra-455 + libnvidia-extra-460 + libnvidia-fbc1-450 + libnvidia-fbc1-455 + libnvidia-fbc1-460 + libnvidia-gl-450 + libnvidia-gl-455 + libnvidia-gl-460 + libnvidia-ifr1-450 + libnvidia-ifr1-455 + libnvidia-ifr1-460 + nvidia-compute-utils-450 + nvidia-compute-utils-455 + nvidia-compute-utils-460 + nvidia-dkms-450 + nvidia-dkms-455 + nvidia-dkms-460 + nvidia-driver-450 + nvidia-driver-455 + nvidia-driver-460 + nvidia-headless-450 + nvidia-headless-455 + nvidia-headless-460 + nvidia-headless-no-dkms-450 + nvidia-headless-no-dkms-455 + nvidia-headless-no-dkms-460 + nvidia-kernel-common-450 + nvidia-kernel-common-455 + nvidia-kernel-common-460 + nvidia-kernel-source-450 + nvidia-kernel-source-455 + nvidia-kernel-source-460 + nvidia-utils-450 + nvidia-utils-455 + nvidia-utils-460 + xserver-xorg-video-nvidia-450 + xserver-xorg-video-nvidia-455 + xserver-xorg-video-nvidia-460 + + + libnvidia-cfg1-460-server + libnvidia-common-460-server + libnvidia-compute-460-server + libnvidia-decode-460-server + libnvidia-encode-460-server + libnvidia-extra-460-server + libnvidia-fbc1-460-server + libnvidia-gl-460-server + libnvidia-ifr1-460-server + nvidia-compute-utils-460-server + nvidia-dkms-460-server + nvidia-driver-460-server + nvidia-headless-460-server + nvidia-headless-no-dkms-460-server + nvidia-kernel-common-460-server + nvidia-kernel-source-460-server + nvidia-utils-460-server + xserver-xorg-video-nvidia-460-server + + + libf95getdata7 + libfgetdata6 + libgetdata++7 + libgetdata-perl + libgetdata-tools + libgetdata8 + python3-pygetdata + + + python-pygments + python3-pygments + + + libnbd-ocaml + libnbd0 + nbdfuse + python3-libnbd + + + libopenexr24 + openexr + + + libpano13-3 + libpano13-bin + + + htmldoc + htmldoc-common + + + cairosvg + python3-cairosvg + + + syncthing + syncthing-discosrv + syncthing-relaysrv + + + fluidsynth + libfluidsynth2 + + + curl + libcurl3-gnutls + libcurl3-nss + libcurl4 + + + libxmlbeans-java + xmlbeans + + + isc-dhcp-client + isc-dhcp-client-ddns + isc-dhcp-common + isc-dhcp-relay + isc-dhcp-server + isc-dhcp-server-ldap + + + libmaven3-core-java + maven + + + connman + connman-vpn + + + avahi-autoipd + avahi-daemon + avahi-discover + avahi-dnsconfd + avahi-ui-utils + avahi-utils + gir1.2-avahi-0.6 + libavahi-client3 + libavahi-common-data + libavahi-common3 + libavahi-compat-libdnssd1 + libavahi-core7 + libavahi-glib1 + libavahi-gobject0 + libavahi-ui-gtk3-0 + python-avahi + + + libglib2.0-0 + libglib2.0-bin + libglib2.0-data + libglib2.0-tests + + + eric + eric-api-files + + + liblasso-perl + liblasso3 + python3-lasso + + + plasma-discover + plasma-discover-backend-flatpak + plasma-discover-backend-fwupd + plasma-discover-backend-snap + plasma-discover-common + plasma-discover-flatpak-backend + plasma-discover-snap-backend + + + libequinox-app-java + libequinox-bidi-java + libequinox-cm-java + libequinox-common-java + libequinox-concurrent-java + libequinox-console-java + libequinox-coordinator-java + libequinox-ds-java + libequinox-event-java + libequinox-http-jetty-java + libequinox-http-jetty-starter-java + libequinox-http-registry-java + libequinox-http-servlet-java + libequinox-http-servletbridge-java + libequinox-io-java + libequinox-ip-java + libequinox-jsp-jasper-java + libequinox-jsp-jasper-registry-java + libequinox-metatype-java + libequinox-preferences-java + libequinox-region-java + libequinox-registry-java + libequinox-security-java + libequinox-servletbridge-java + libequinox-transforms-hook-java + libequinox-transforms-xslt-java + libequinox-useradmin-java + libequinox-util-java + libequinox-weaving-caching-java + libequinox-weaving-hook-java + libequinox-wireadmin-java + + + courier-authdaemon + courier-authlib + courier-authlib-ldap + courier-authlib-mysql + courier-authlib-pipe + courier-authlib-postgresql + courier-authlib-sqlite + courier-authlib-userdb + + + busybox + busybox-initramfs + busybox-static + busybox-syslogd + udhcpc + udhcpd + + + libapache2-mod-shib + libapache2-mod-shib2 + libshibsp-plugins + libshibsp8 + shibboleth-sp-common + shibboleth-sp-utils + shibboleth-sp2-common + shibboleth-sp2-utils + + + dacs + dacs-examples + libapache2-mod-dacs + libdacs1 + + + caca-utils + libcaca0 + + + gogoprotobuf + golang-gogoprotobuf-dev + + + libtcmu2 + tcmu-runner + + + xscreensaver + xscreensaver-data + xscreensaver-data-extra + xscreensaver-gl + xscreensaver-gl-extra + xscreensaver-screensaver-bsod + xscreensaver-screensaver-webcollage + + + klibc-utils + libklibc + + + inn2 + inn2-inews + + + cgi-mapserver + libmapscript-java + libmapscript-perl + libmapserver2 + mapserver-bin + php-mapscript + php-mapscript-ng + python3-mapscript + + + djview + djview3 + djvulibre-bin + djvulibre-desktop + djvuserve + libdjvulibre-text + libdjvulibre21 + + + apport + apport-gtk + apport-kde + apport-noui + apport-retrace + apport-valgrind + dh-apport + python3-apport + python3-problem-report + + + aterm + aterm-ml + rxvt + rxvt-ml + rxvt-unicode + rxvt-unicode-256color + rxvt-unicode-lite + + + gocr + gocr-tk + + + libjs-ansi-up + node-ansi-up + + + libolm3 + python3-olm + + + libhivex-bin + libhivex-ocaml + libhivex0 + libwin-hivex-perl + python3-hivex + ruby-hivex + + + gir1.2-gst-plugins-base-1.0 + gstreamer1.0-alsa + gstreamer1.0-gl + gstreamer1.0-plugins-base + gstreamer1.0-plugins-base-apps + gstreamer1.0-x + libgstreamer-gl1.0-0 + libgstreamer-plugins-base1.0-0 + + + libtcl8.6 + tcl8.6 + + + caribou + caribou-antler + gir1.2-caribou-1.0 + libcaribou-common + libcaribou-gtk-module + libcaribou-gtk3-module + libcaribou0 + + + libtesseract4 + tesseract-ocr + tesseract-ocr-all + + + libsepol1 + sepol-utils + + + openvswitch-common + openvswitch-pki + openvswitch-source + openvswitch-switch + openvswitch-switch-dpdk + openvswitch-test + openvswitch-testcontroller + openvswitch-vtep + python3-openvswitch + + + qmail + qmail-uids-gids + + + file + libmagic-mgc + libmagic1 + + + libsndfile1 + sndfile-programs + + + python-yaml + python3-yaml + + + libsane + libsane-common + libsane1 + sane-utils + + + pagure + pagure-ci + pagure-ev-server + pagure-loadjson + pagure-logcom + pagure-milters + pagure-mirror + pagure-webhook + + + python-xdg + python3-xdg + + + libsrt1 + srt-tools + + + libvirglrenderer1 + virgl-server + + + libsnmp-base + libsnmp-perl + libsnmp35 + snmp + snmpd + snmptrapd + tkmib + + + libperl5.30 + perl + perl-base + perl-debug + perl-modules-5.30 + + + libpulse-mainloop-glib0 + libpulse0 + libpulsedsp + pulseaudio + pulseaudio-equalizer + pulseaudio-module-bluetooth + pulseaudio-module-gsettings + pulseaudio-module-jack + pulseaudio-module-lirc + pulseaudio-module-raop + pulseaudio-module-zeroconf + pulseaudio-utils + + + glib-networking + glib-networking-common + glib-networking-services + glib-networking-tests + + + aptdaemon + aptdaemon-data + python3-aptdaemon + python3-aptdaemon.gtk3widgets + python3-aptdaemon.test + + + python3-software-properties + software-properties-common + software-properties-gtk + software-properties-qt + + + ghostscript + ghostscript-x + libgs9 + libgs9-common + + + gir1.2-packagekitglib-1.0 + gstreamer1.0-packagekit + libpackagekit-glib2-18 + packagekit + packagekit-command-not-found + packagekit-gtk3-module + packagekit-tools + + + libssh-4 + libssh-gcrypt-4 + + + sa-compile + spamassassin + spamc + + + libproxy-tools + libproxy0.4-cil + libproxy1-plugin-gsettings + libproxy1-plugin-kconfig + libproxy1-plugin-mozjs + libproxy1-plugin-networkmanager + libproxy1-plugin-webkit + libproxy1v5 + python3-libproxy + + + erlang + erlang-asn1 + erlang-base + erlang-base-hipe + erlang-common-test + erlang-crypto + erlang-debugger + erlang-dialyzer + erlang-diameter + erlang-edoc + erlang-eldap + erlang-et + erlang-eunit + erlang-examples + erlang-ftp + erlang-inets + erlang-jinterface + erlang-manpages + erlang-megaco + erlang-mnesia + erlang-mode + erlang-nox + erlang-observer + erlang-odbc + erlang-os-mon + erlang-parsetools + erlang-public-key + erlang-reltool + erlang-runtime-tools + erlang-snmp + erlang-src + erlang-ssh + erlang-ssl + erlang-syntax-tools + erlang-tftp + erlang-tools + erlang-wx + erlang-x11 + erlang-xmerl + + + libcib27 + libcrmcluster29 + libcrmcommon34 + libcrmservice28 + liblrmd28 + libpacemaker1 + libpe-rules26 + libpe-status28 + libstonithd26 + pacemaker + pacemaker-cli-utils + pacemaker-common + pacemaker-remote + pacemaker-resource-agents + + + python-cryptography + python3-cryptography + + + apt + apt-transport-https + apt-utils + libapt-pkg6.0 + + + python-apt + python-apt-common + python3-apt + + + python-lxml + python3-lxml + + + ldb-tools + libldb2 + python3-ldb + + + gir1.2-gdkpixbuf-2.0 + libgdk-pixbuf2.0-0 + libgdk-pixbuf2.0-bin + libgdk-pixbuf2.0-common + + + openstack-dashboard + openstack-dashboard-common + openstack-dashboard-ubuntu-theme + python3-django-horizon + python3-django-openstack-auth + + + libwavpack1 + wavpack + + + gir1.2-gnomeautoar-0.1 + gir1.2-gnomeautoargtk-0.1 + libgnome-autoar-0-0 + libgnome-autoar-gtk-0-0 + + + brotli + libbrotli1 + python3-brotli + + + flatpak + flatpak-tests + gir1.2-flatpak-1.0 + libflatpak0 + + + libjs-underscore + node-underscore + + + gstreamer1.0-gtk3 + gstreamer1.0-plugins-good + gstreamer1.0-pulseaudio + gstreamer1.0-qt5 + libgstreamer-plugins-good1.0-0 + + + \ No newline at end of file