The OVAL Repository5.102015-09-03T08:36:14.705-04:00USN-2639-1 -- openssl vulnerabilitiesUbuntu 14.04Ubuntu 12.04Ubuntu 15.04Ubuntu 14.10opensslopenssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUSN-2608-1 -- qemu vulnerabilitiesUbuntu 14.04Ubuntu 12.04Ubuntu 15.04Ubuntu 14.10qemu-kvmqemu-systemqemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUSN-2435-1 -- Graphviz vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04graphvizIt was discovered that graphviz incorrectly handled parsing errors. An
attacker could use this issue to cause graphviz to crash or possibly
execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUSN-2436-1 -- X.Org X server vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04xorg-serverxorg-server-lts-trustyIlja van Sprundel discovered a multitude of security issues in the X.Org X
server. An attacker able to connect to an X server, either locally or
remotely, could use these issues to cause the X server to crash or execute
arbitrary code resulting in possible privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUSN-2448-1 -- Linux kernel vulnerabilitiesUbuntu 14.10linuxCVE-2014-8134)
Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace
subsystem of the Linux kernel does not properly handle private syscall
numbers. A local user could exploit this flaw to cause a denial of service
(OOPS). (CVE-2014-7826)
A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control
Transmission Protocol) implementation in the Linux kernel was discovered. A
remote attacker could exploit this flaw to cause a denial of service
(system crash). (CVE-2014-3673)
A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control
Transmission Protocol) implementation in the Linux kernel was discovered. A
remote attacker could exploit this flaw to cause a denial of service
(panic). (CVE-2014-3687)
It was discovered that excessive queuing by SCTP (Stream Control
Transmission Protocol) implementation in the Linux kernel can cause memory
pressure. A remote attacker could exploit this flaw to cause a denial of
service. (CVE-2014-3688)
Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the
perf subsystem of the Linux kernel handles private systecall numbers. A
local user could exploit this to cause a denial of service (OOPS) or bypass
ASLR protections via a crafted application. (CVE-2014-7825)
Andy Lutomirski discovered a flaw in how the Linux kernel handles
pivot_root when used with a chroot directory. A local user could exploit
this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)
Dmitry Monakhov discovered a race condition in the ext4_file_write_iter
function of the Linux kernel's ext4 filesystem. A local user could exploit
this flaw to cause a denial of service (file unavailability).
(CVE-2014-8086)
The KVM (kernel virtual machine) subsystem of the Linux kernel
miscalculates the number of memory pages during the handling of a mapping
failure. A guest OS user could exploit this to cause a denial of service
(host OS page unpinning) or possibly have unspecified other impact by
leveraging guest OS privileges. (CVE-2014-8369)
Andy Lutomirski discovered that the Linux kernel does not properly handle
faults associated with the Stack Segment (SS) register on the x86
architecture. A local attacker could exploit this flaw to cause a denial of
service (panic). (CVE-2014-9090)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUSN-2448-2 -- Linux kernel regressionUbuntu 14.10linuxCVE-2014-8134)
Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace
subsystem of the Linux kernel does not properly handle private syscall
numbers. A local user could exploit this flaw to cause a denial of service
(OOPS). (CVE-2014-7826)
A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control
Transmission Protocol) implementation in the Linux kernel was discovered. A
remote attacker could exploit this flaw to cause a denial of service
(system crash). (CVE-2014-3673)
A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control
Transmission Protocol) implementation in the Linux kernel was discovered. A
remote attacker could exploit this flaw to cause a denial of service
(panic). (CVE-2014-3687)
It was discovered that excessive queuing by SCTP (Stream Control
Transmission Protocol) implementation in the Linux kernel can cause memory
pressure. A remote attacker could exploit this flaw to cause a denial of
service. (CVE-2014-3688)
Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the
perf subsystem of the Linux kernel handles private systecall numbers. A
local user could exploit this to cause a denial of service (OOPS) or bypass
ASLR protections via a crafted application. (CVE-2014-7825)
Andy Lutomirski discovered a flaw in how the Linux kernel handles
pivot_root when used with a chroot directory. A local user could exploit
this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)
Dmitry Monakhov discovered a race condition in the ext4_file_write_iter
function of the Linux kernel's ext4 filesystem. A local user could exploit
this flaw to cause a denial of service (file unavailability).
(CVE-2014-8086)
The KVM (kernel virtual machine) subsystem of the Linux kernel
miscalculates the number of memory pages during the handling of a mapping
failure. A guest OS user could exploit this to cause a denial of service
(host OS page unpinning) or possibly have unspecified other impact by
leveraging guest OS privileges. (CVE-2014-8369)
Andy Lutomirski discovered that the Linux kernel does not properly handle
faults associated with the Stack Segment (SS) register on the x86
architecture. A local attacker could exploit this flaw to cause a denial of
service (panic). (CVE-2014-9090)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUSN-2438-1 -- NVIDIA graphics drivers vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04nvidia-graphics-drivers-304nvidia-graphics-drivers-304-updatesnvidia-graphics-drivers-331nvidia-graphics-drivers-331-updatesIt was discovered that the NVIDIA graphics drivers incorrectly handled GLX
indirect rendering support. An attacker able to connect to an X server,
either locally or remotely, could use these issues to cause the X server to
crash or execute arbitrary code resulting in possible privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUSN-2411-1 -- mountall vulnerabilityUbuntu 14.10mountallSaurav Sengupta discovered that mountall incorrectly handled umask when
calling the mount utility, resulting in certain filesystems possibly being
mounted with incorrect permissions.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2639-1 -- openssl vulnerabilitiesUbuntu 14.04Ubuntu 12.04Ubuntu 15.04Ubuntu 14.10opensslopenssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUbuntu 15.04 is installedUbuntu 15.04Ubuntu 15.04 is installedMaria MikhnoDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDUSN-2434-1 -- JasPer vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04jasperJose Duart discovered that JasPer incorrectly handled certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUSN-2439-1 -- QEMU vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04qemuqemu-kvmMichael S. Tsirkin discovered that QEMU incorrectly handled certain
parameters during ram load while performing a migration. An attacker able
to manipulate savevm data could use this issue to possibly execute
arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS,
Ubuntu 14.04 LTS, and Ubuntu 14.10. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7840">CVE-2014-7840</a>)
Paolo Bonzini discovered that QEMU incorrectly handled memory in the Cirrus
VGA device. A malicious guest could possibly use this issue to write into
memory of the host, leading to privilege escalation. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8106">CVE-2014-8106</a>)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUSN-2423-1 -- ClamAV vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04clamavKurt Seifried discovered that ClamAV incorrectly handled certain JavaScript
files. An attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-6497">CVE-2013-6497</a>)
Damien Millescamp discovered that ClamAV incorrectly handled certain PE
files. An attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9050">CVE-2014-9050</a>)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2422-1 -- Squid vulnerabilitiesUbuntu 14.10Ubuntu 14.04squid3Sebastian Krahmer discovered that the Squid pinger incorrectly handled
certain malformed ICMP packets. A remote attacker could possibly use this
issue to cause Squid to crash, resulting in a denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2431-1 -- mod_wsgi vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04mod-wsgiIt was discovered that mod_wsgi incorrectly handled errors when setting up
the working directory and group access rights. A malicious application
could possibly use this issue to cause a local privilege escalation when
using daemon mode.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2427-1 -- Libksba vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04libksbaHanno Böck discovered that Libksba incorrectly handled certain S/MIME
messages or ECC based OpenPGP data. An attacker could use this issue to
cause Libksba to crash, resulting in a denial of service, or possibly
execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2429-1 -- ppp vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04pppIt was discovered that ppp incorrectly handled certain options files. A
local attacker could possibly use this issue to escalate privileges.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2425-1 -- DBus vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04dbusIt was discovered that DBus incorrectly handled a large number of file
descriptor messages. A local attacker could use this issue to cause DBus to
stop responding, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7824">CVE-2014-7824</a>)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2430-1 -- OpenVPN vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04openvpnDragana Damjanovic discovered that OpenVPN incorrectly handled certain
control channel packets. An authenticated attacker could use this issue to
cause an OpenVPN server to crash, resulting in a denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2440-1 -- Mutt vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04muttJakub Wilk discovered that the write_one_header function in mutt
did not properly handle newline characters at the beginning of a
header. An attacker could specially craft an email to cause mutt to
crash, resulting in a denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUSN-2426-1 -- FLAC vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04flacMichele Spagnuolo discovered that FLAC incorrectly handled certain
malformed audio files. An attacker could use this issue to cause FLAC to
crash, resulting in a denial of service, or possibly execute arbitrary
code.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2424-1 -- Firefox vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04firefoxCVE-2014-1587, CVE-2014-1588)
Cody Crews discovered a way to trigger chrome-level XBL bindings from web
content in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
bypass security restrictions. (CVE-2014-1589)
Joe Vennix discovered a crash when using XMLHttpRequest in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2014-1590)
Muneaki Nishimura discovered that CSP violation reports did not remove
path information in some circumstances. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to obtain sensitive information. (CVE-2014-1591)
Berend-Jan Wever discovered a use-after-free during HTML parsing. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2014-1592)
Abhishek Arya discovered a buffer overflow when parsing media content. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2014-1593)
Byoungyoung Lee, Chengyu Song, and Taesoo Kim discovered a bad cast in the
compositor. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause undefined
behaviour, a denial of service via application crash or execute abitrary
code with the privileges of the user invoking Firefox. (CVE-2014-1594)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2428-1 -- Thunderbird vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04thunderbirdCVE-2014-1587)
Joe Vennix discovered a crash when using XMLHttpRequest in some
circumstances. If a user were tricked in to opening a specially crafted
message with scripting enabled, an attacker could potentially exploit this
to cause a denial of service. (CVE-2014-1590)
Berend-Jan Wever discovered a use-after-free during HTML parsing. If a
user were tricked in to opening a specially crafted message with scripting
enabled, an attacker could potentially exploit this to cause a denial of
service via application crash or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2014-1592)
Abhishek Arya discovered a buffer overflow when parsing media content. If
a user were tricked in to opening a specially crafted message with
scripting enabled, an attacker could potentially exploit this to cause a
denial of service via application crash or execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2014-1593)
Byoungyoung Lee, Chengyu Song, and Taesoo Kim discovered a bad cast in the
compositor. If a user were tricked in to opening a specially crafted
message, an attacker could potentially exploit this to cause undefined
behaviour, a denial of service via application crash or execute abitrary
code with the privileges of the user invoking Thunderbird. (CVE-2014-1594)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2433-1 -- tcpdump vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04tcpdumpCVE-2014-8767)
Steffen Bauch discovered that tcpdump incorrectly handled printing GeoNet
packets. A remote attacker could use this issue to cause tcpdump to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-8768)
Steffen Bauch discovered that tcpdump incorrectly handled printing AODV
packets. A remote attacker could use this issue to cause tcpdump to crash,
resulting in a denial of service, reveal sensitive information, or possibly
execute arbitrary code. (CVE-2014-8769)
It was discovered that tcpdump incorrectly handled printing PPP packets. A
remote attacker could use this issue to cause tcpdump to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2014-9140)
In the default installation, attackers would be isolated by the tcpdump
AppArmor profile.]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2421-1 -- Linux kernel vulnerabilitiesUbuntu 14.10linuxCVE-2014-3690)
Don Bailey discovered a flaw in the LZO decompress algorithm used by the
Linux kernel. An attacker could exploit this flaw to cause a denial of
service (memory corruption or OOPS). (CVE-2014-4608)
Andy Lutomirski discovered that the Linux kernel was not checking the
CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could
exploit this flaw to cause a denial of service (loss of writability).
(CVE-2014-7975)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2403-1 -- GnuTLS vulnerabilityUbuntu 14.10gnutls28Sean Burford discovered that GnuTLS incorrectly handled printing certain
elliptic curve parameters. A malicious remote server or client could use
this issue to cause GnuTLS to crash, resulting in a denial of service, or
possibly execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2409-1 -- QEMU vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04qemuqemu-kvmCVE-2014-3615)
Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly
handled certain udp packets when using guest networking. A malicious guest
could possibly use this issue to cause a denial of service. (CVE-2014-3640)
It was discovered that QEMU incorrectly handled parameter validation in
the vmware_vga device. A malicious guest could possibly use this issue to
write into memory of the host, leading to privilege escalation.
(CVE-2014-3689)
It was discovered that QEMU incorrectly handled USB xHCI controller live
migration. An attacker could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS. (CVE-2014-5263)
Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the
ACPI PCI hotplug interface. A malicious guest could possibly use this issue
to access memory of the host, leading to information disclosure or
privilege escalation. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-5388)
James Spadaro discovered that QEMU incorrectly handled certain VNC
bytes_per_pixel values. An attacker having access to a VNC console could
possibly use this issue to cause a guest to crash, resulting in a denial of
service. (CVE-2014-7815)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2449-1 -- NTP vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04ntpCVE-2014-9293)
Stephen Roettger discovered that NTP generated weak MD5 keys. A remote
attacker could possibly use this issue to brute force the MD5 key and spoof
a client or server. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the
crypto_recv(), ctl_putdata() and configure() functions. In non-default
configurations, a remote attacker could use these issues to cause NTP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. The default compiler options for affected releases should reduce the
vulnerability to a denial of service. In addition, attackers would be
isolated by the NTP AppArmor profile. (CVE-2014-9295)
Stephen Roettger discovered that NTP incorrectly continued processing when
handling certain errors. (CVE-2014-9296)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUSN-2390-1 -- Pidgin vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04pidginCVE-2014-3694)
Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled
certain malformed MXit emoticons. A malicious remote server or a man in the
middle could use this issue to cause Pidgin to crash, resulting in a denial
of service. (CVE-2014-3695)
Yves Younan and Richard Johnson discovered that Pidgin incorrectly handled
certain malformed Groupwise messages. A malicious remote server or a man in
the middle could use this issue to cause Pidgin to crash, resulting in a
denial of service. (CVE-2014-3696)
Thijs Alkemade and Paul Aurich discovered that Pidgin incorrectly handled
memory when processing XMPP messages. A malicious remote server or user
could use this issue to cause Pidgin to disclosure arbitrary memory,
resulting in an information leak. (CVE-2014-3698)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2436-2 -- X.Org X server vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04xorg-serverxorg-server-lts-trustyUSN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication,
additional fixes have been made available for these issues. This update
adds the additional fixes.
Original advisory details:
Ilja van Sprundel discovered a multitude of security issues in the X.Org X
server. An attacker able to connect to an X server, either locally or
remotely, could use these issues to cause the X server to crash or execute
arbitrary code resulting in possible privilege escalation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUSN-2397-1 -- Ruby vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04ruby1.8ruby1.9.1ruby2.0ruby2.1Will Wood discovered that Ruby incorrectly handled the encodes() function.
An attacker could possibly use this issue to cause Ruby to crash, resulting
in a denial of service, or possibly execute arbitrary code. The default
compiler options for affected releases should reduce the vulnerability to a
denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-4975">CVE-2014-4975</a>)
Willis Vandevanter discovered that Ruby incorrectly handled XML entity
expansion. An attacker could use this flaw to cause Ruby to consume large
amounts of resources, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8080">CVE-2014-8080</a>)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2412-1 -- Ruby vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04ruby1.8ruby1.9.1ruby2.0ruby2.1Tomas Hoger discovered that Ruby incorrectly handled XML entity expansion.
An attacker could use this flaw to cause Ruby to consume large amounts of
resources, resulting in a denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2393-1 -- Wget vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04wgetHD Moore discovered that Wget contained a path traversal vulnerability
when downloading symlinks using FTP. A malicious remote FTP server or a man
in the middle could use this issue to cause Wget to overwrite arbitrary
files, possibly leading to arbitrary code execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2399-1 -- curl vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04curlSymeon Paraschoudis discovered that curl incorrectly handled memory when
being used with CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle(). This may
result in sensitive data being incorrectly sent to the remote server.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2396-1 -- Linux kernel vulnerabilitiesUbuntu 14.10linuxCVE-2014-3647)
A flaw was discovered with the handling of the invept instruction in the
KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged
guest user could exploit this flaw to cause a denial of service (system
crash) on the guest. (CVE-2014-3646)
Lars Bull reported a race condition in the PIT (programmable interrupt
timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux
kernel. A local guest user with access to PIT i/o ports could exploit this
flaw to cause a denial of service (crash) on the host. (CVE-2014-3611)
Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual
Machine) handles noncanonical writes to certain MSR registers. A privileged
guest user can exploit this flaw to cause a denial of service (kernel
panic) on the host. (CVE-2014-3610)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2404-1 -- libvirt vulnerabilitiesUbuntu 14.10Ubuntu 14.04libvirtPavel Hrdina discovered that libvirt incorrectly handled locking when
processing the virConnectListAllDomains command. An attacker could use this
issue to cause libvirtd to hang, resulting in a denial of service.
(<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3657">CVE-2014-3657</a>)
Eric Blake discovered that libvirt incorrectly handled permissions when
processing the qemuDomainFormatXML command. An attacker with read-only
privileges could possibly use this to gain access to certain information
from the domain xml file. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7823">CVE-2014-7823</a>)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2391-1 -- php5 vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04php5CVE-2014-3668)
Symeon Paraschoudis discovered that PHP incorrectly handled unserializing
objects. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3669)
Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail
function. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-3670)
Francisco Alonso that PHP incorrectly handled ELF files in the fileinfo
extension. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2014-3710)
It was discovered that PHP incorrectly handled NULL bytes when processing
certain URLs with the curl functions. A remote attacker could possibly use
this issue to bypass filename restrictions and obtain access to sensitive
files. (No CVE number)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2432-1 -- GNU C Library vulnerabilitiesUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04eglibcglibcCVE-2012-6656)
Adhemerval Zanella Netto discovered that the GNU C Library incorrectly
handled certain multibyte characters when using the iconv function. An
attacker could possibly use this issue to cause applications to crash,
resulting in a denial of service. (CVE-2014-6040)
Tim Waugh discovered that the GNU C Library incorrectly enforced the
WRDE_NOCMD flag when handling the wordexp function. An attacker could
possibly use this issue to execute arbitrary commands. (CVE-2014-7817)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2431-2 -- MAAS regressionUbuntu 14.10Ubuntu 14.04Ubuntu 12.04maasUSN-2431-1 fixed vulnerabilities in mod_wsgi. The security update exposed
an issue in the MAAS package, causing a regression. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that mod_wsgi incorrectly handled errors when setting up
the working directory and group access rights. A malicious application
could possibly use this issue to cause a local privilege escalation when
using daemon mode.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2392-1 -- systemd-shim vulnerabilityUbuntu 14.10systemd-shimIt was discovered that systemd-shim incorrectly shipped with a debugging
clause enabled. A local attacker could possibly use this issue to cause a
denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2437-1 -- Bind vulnerabilityUbuntu 14.10Ubuntu 14.04Ubuntu 12.04Ubuntu 10.04bind9Florian Maury discovered that Bind incorrectly handled delegation. A remote
attacker could possibly use this issue to cause Bind to consume resources
and crash, resulting in a denial of service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUbuntu 12.04 is installedUbuntu 12.04Ubuntu 12.04 is installedGaurav KumarDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDUbuntu 10.04 is installedUbuntu 10.04Ubuntu 10.04 is installedSecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDUSN-2410-1 -- Oxide vulnerabilitiesUbuntu 14.10Ubuntu 14.04oxide-qtCVE-2014-7904)
Multiple use-after-frees were discovered in Blink. If a user were tricked
in to opening a specially crafted website, an attacked could potentially
exploit these to cause a denial of service via renderer crash or execute
arbitrary code with the privileges of the sandboxed render process.
(CVE-2014-7907)
An integer overflow was discovered in media. If a user were tricked in to
opening a specially crafted website, an attacked could potentially exploit
this to cause a denial of service via renderer crash or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2014-7908)
An uninitialized memory read was discovered in Skia. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer crash.
(CVE-2014-7909)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial of
service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2014-7910)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2398-1 -- LibreOffice vulnerabilityUbuntu 14.10Ubuntu 14.04libreofficeIt was discovered that LibreOffice incorrectly handled the Impress remote
control port. An attacker could possibly use this issue to cause Impress to
crash, resulting in a denial of service, or possibly execute arbitrary
code.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUbuntu 14.04 is installedUbuntu 14.04Ubuntu 14.04 is installedMaria KedovskayaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUSN-2388-2 -- OpenJDK 7 vulnerabilitiesUbuntu 14.10openjdk-7CVE-2014-6457)
Several vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2014-6502, CVE-2014-6512, CVE-2014-6519, CVE-2014-6527,
CVE-2014-6558)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose sensitive
data over the network. (CVE-2014-6504, CVE-2014-6511, CVE-2014-6517,
CVE-2014-6531)
Two vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could
exploit these to cause a denial of service or expose sensitive data over
the network. (CVE-2014-6506, CVE-2014-6513)]]>Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUbuntu 14.10 is installedUbuntu 14.10Ubuntu 14.10 is installedMaria MikhnoDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDgraphvizlinux-image-3.16.0-28-generic-lpaelinux-image-3.16.0-28-powerpc64-emblinux-image-3.16.0-28-powerpc-e500mclinux-image-3.16.0-28-powerpc-smplinux-image-3.16.0-28-powerpc64-smplinux-image-3.16.0-28-lowlatencylinux-image-3.16.0-28-genericnvidia-331nvidia-304nvidia-304-updatesnvidia-331-updatesmountalllibssl1.0.0libjasper1clamavsquid3libapache2-mod-wsgilibapache2-mod-wsgi-py3libksba8ppplibdbus-1-3dbusopenvpnmuttmutt-patchedlibflac8libflac++6firefoxthunderbirdtcpdumplinux-image-3.16.0-25-powerpc64-emblinux-image-3.16.0-25-powerpc-smplinux-image-3.16.0-25-genericlinux-image-3.16.0-25-powerpc64-smplinux-image-3.16.0-25-lowlatencylinux-image-3.16.0-25-powerpc-e500mclinux-image-3.16.0-25-generic-lpaelibgnutls-openssl27libgnutls-deb0-28libgnutlsxx28gnutls-binqemu-system-aarch64qemu-system-mipsqemu-system-x86qemu-system-miscqemu-systemqemu-system-ppcqemu-kvmqemu-system-sparcqemu-system-armntppidginlibpurple0xserver-xorg-core-lts-trustyxserver-xorg-corelibruby1.8ruby1.8libruby2.0ruby2.0ruby1.9.1libruby2.1libruby1.9.1ruby2.1wgetlibcurl3-gnutlslibcurl3-nsslibcurl3linux-image-3.16.0-24-powerpc-smplinux-image-3.16.0-24-genericlinux-image-3.16.0-24-powerpc64-emblinux-image-3.16.0-24-generic-lpaelinux-image-3.16.0-24-powerpc-e500mclinux-image-3.16.0-24-powerpc64-smplinux-image-3.16.0-24-lowlatencylibvirt-binlibvirt0php5-xmlrpcphp5-fpmphp5-curlphp5-cgiphp5-clilibapache2-mod-php5libc6maas-region-controllermaas-region-controller-minsystemd-shimbind9oxideqt-codecs-extraoxideqt-codecsliboxideqtcore0libreoffice-core/etclsb-release^.*Ubuntu.*\nDISTRIB_RELEASE=(\d{1,2}\.\d{1,2})$1openjdk-7-jre-headlessicedtea-7-jre-jamvmopenjdk-7-jre-zeroopenjdk-7-jre-libopenjdk-7-jre0:1.0.1-4ubuntu5.310:1.0.1f-1ubuntu2.150:1.0.1f-1ubuntu9.80:1.0.1f-1ubuntu11.41:2.2+dfsg-5expubuntu9.10:1.0+noroms-0ubuntu14.220:2.1+dfsg-4ubuntu6.60:2.0.0+dfsg-2ubuntu1.110:2.26.3-10ubuntu1.20:2.36.0-0ubuntu3.10:2.38.0-5ubuntu0.10:2.20.2-8ubuntu3.22:1.15.1-0ubuntu2~precise32:1.16.0-1ubuntu1.12:1.15.1-0ubuntu2.42:1.11.4-0ubuntu10.150:3.16.0-28.370:3.16.0-28.380:331.113-0ubuntu0.0.0.30:304.125-0ubuntu0.0.0.10:331.113-0ubuntu0.10:304.125-0ubuntu0.0.10:304.125-0ubuntu0.10:331.113-0ubuntu0.0.40:2.54ubuntu0.14.10.1-015.040:1.0.1-4ubuntu5.310:1.0.1f-1ubuntu11.40:1.0.1f-1ubuntu2.150:1.0.1f-1ubuntu9.80:1.900.1-13ubuntu0.10:1.900.1-14ubuntu3.10:1.900.1-debian1-2ubuntu0.10:1.0+noroms-0ubuntu14.210:0.12.3+noroms-0ubuntu9.260:2.0.0+dfsg-2ubuntu1.90:2.1+dfsg-4ubuntu6.30:0.98.5+dfsg-0ubuntu0.14.10.10:0.98.5+addedllvm-0ubuntu0.14.04.10:0.98.5+addedllvm-0ubuntu0.12.04.10:3.3.8-1ubuntu8.10:3.3.8-1ubuntu6.20:3.5-1ubuntu0.10:3.4-4ubuntu2.1.14.04.20:3.3-4ubuntu0.20:1.2.0-2ubuntu0.10:1.3.0-3ubuntu0.14.04.10:1.3.0-3ubuntu0.14.10.10:2.4.5-5.1ubuntu3.10:2.4.5-5ubuntu1.10:2.4.5-5.1ubuntu2.10:2.4.5~git20081126t100229-0ubuntu3.10:1.6.18-0ubuntu4.30:1.4.18-1ubuntu1.70:1.8.8-1ubuntu2.10:2.3.2-9ubuntu1.10:2.3.2-7ubuntu3.10:2.2.1-8ubuntu1.40:1.5.23-1.1ubuntu0.20:1.5.21-5ubuntu2.20:1.5.20-7ubuntu1.30:1.5.21-6.4ubuntu2.10:1.3.0-2ubuntu0.14.04.10:1.2.1-6ubuntu0.10:1.2.1-2ubuntu0.10:1.3.0-2ubuntu0.14.10.10:34.0+build2-0ubuntu0.14.10.20:34.0+build2-0ubuntu0.14.04.10:34.0+build2-0ubuntu0.12.04.11:31.3.0+build1-0ubuntu0.14.10.11:31.3.0+build1-0ubuntu0.12.04.11:31.3.0+build1-0ubuntu0.14.04.10:4.2.1-1ubuntu2.10:4.5.1-2ubuntu1.10:4.0.0-6ubuntu3.10:4.6.2-1ubuntu1.10:3.16.0-25.330:3.2.16-1ubuntu2.10:0.12.3+noroms-0ubuntu9.250:2.1+dfsg-4ubuntu6.10:1.0+noroms-0ubuntu14.190:2.0.0+dfsg-2ubuntu1.71:4.2.4p8+dfsg-1ubuntu2.21:4.2.6.p3+dfsg-1ubuntu3.21:4.2.6.p5+dfsg-3ubuntu2.14.04.11:4.2.6.p5+dfsg-3ubuntu2.14.10.11:2.10.3-0ubuntu1.61:2.10.9-0ubuntu7.11:2.10.9-0ubuntu3.22:1.15.1-0ubuntu2~precise42:1.11.4-0ubuntu10.162:1.16.0-1ubuntu1.22:1.15.1-0ubuntu2.50:1.9.3.0-1ubuntu2.90:1.8.7.352-2ubuntu1.50:1.9.3.484-2ubuntu1.10:2.1.2-2ubuntu1.10:2.0.0.484-1ubuntu2.10:2.0.0.484+really457-3ubuntu1.10:1.8.7.352-2ubuntu1.60:2.0.0.484+really457-3ubuntu1.20:2.0.0.484-1ubuntu2.20:1.9.3.484-2ubuntu1.20:1.9.3.0-1ubuntu2.100:2.1.2-2ubuntu1.20:1.12-1.1ubuntu2.20:1.15-1ubuntu1.14.04.10:1.15-1ubuntu1.14.10.10:1.13.4-2ubuntu1.20:7.19.7-1ubuntu1.100:7.22.0-3ubuntu4.110:7.37.1-1ubuntu3.10:7.35.0-1ubuntu2.20:3.16.0-24.320:1.2.8-0ubuntu11.10:1.2.2-0ubuntu13.1.70:5.3.2-1ubuntu4.280:5.5.9+dfsg-1ubuntu4.50:5.3.10-1ubuntu3.150:5.5.12+dfsg-2ubuntu4.10:2.19-0ubuntu6.40:2.19-10ubuntu2.10:2.15-0ubuntu10.90:2.11.1-0ubuntu7.190:1.5.4+bzr2294-0ubuntu1.20:1.2+bzr1373+dfsg-0ubuntu1~12.04.60:1.7.0~beta8+bzr3272-0ubuntu1.20:8-1ubuntu0.112.0410.041:9.7.0.dfsg.P1-1ubuntu0.121:9.8.1.dfsg.P1-4ubuntu0.91:9.9.5.dfsg-3ubuntu0.11:9.9.5.dfsg-4.3ubuntu0.10:1.3.4-0ubuntu0.14.04.10:1.3.4-0ubuntu0.14.10.114.041:4.3.3-0ubuntu11:4.2.7-0ubuntu114.100:7u71-2.5.3-0ubuntu1