Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker could exploit this to cause a denial of service via resource exhaustion. Authenticated users could also use this to view arbitrary files on the Keystone server.
Updated packages are available from security.debian.org.
Security researchers discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. Atte Kettunen discovered that Firefox could perform an out-of-bounds read while rendering GIF format images. An attacker could exploit this to crash Firefox. Boris Zbarsky discovered that Firefox did not properly handle some wrapped WebIDL objects. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.
Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Firefox. Frederik Braun that Firefox made the location of the active browser profile available to JavaScript workers. A use-after-free vulnerability was discovered in Firefox. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox.
Michal Zalewski discovered that Firefox would not always show the correct address when cancelling a proxy authentication prompt. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. Abhishek Arya discovered several problems related to memory handling. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.
Updated packages are available from security.ubuntu.com.
It was discovered that the Boost.Locale library incorrectly validated some invalid UTF-8 sequences. An attacker could possibly use this issue to bypass input validation in certain applications.
Updated packages are available from security.ubuntu.com.
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.
Updated packages are available from security.ubuntu.com.
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. Several data integrity vulnerabilities were discovered in the OpenJDK JRE.
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service.
A data integrity vulnerability was discovered in the OpenJDK JRE. An information disclosure vulnerability was discovered in the OpenJDK JRE. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service.
Updated packages are available from security.ubuntu.com.
Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Stephen Cheng discovered that Qt may report incorrect errors when ssl certificate verification fails. Tim Brown and Mark Lowe discovered that Qt incorrectly used weak permissions on shared memory segments. A local attacker could use this issue to view sensitive information, or modify program data belonging to other users.
Updated packages are available from security.ubuntu.com.
It was discovered that jQuery incorrectly handled selecting elements using location.hash, resulting in a possible cross-site scripting (XSS) issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
Updated packages are available from security.ubuntu.com.
It was discovered that curl incorrectly handled SASL authentication when communicating over POP3, SMTP or IMAP. If a user or automated system were tricked into processing a specially crafted URL, an attacker could cause a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
Updated packages are available from security.ubuntu.com.
It was discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating the origin on Netlink messages. An untrusted local user can cause a denial of service of Linux guests in Hyper-V virtualization environments. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit.
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.
Updated packages are available from security.ubuntu.com.
Sumit Soni discovered that PostgreSQL incorrectly handled calling a certain internal function with invalid arguments. An authenticated attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service.
Updated packages are available from security.ubuntu.com.
It was discovered that gnome-screensaver did not start automatically after logging in. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session.
Updated packages are available from security.ubuntu.com.
Dan Prince discovered that Keystone did not properly perform input validation when handling certain error conditions. An unauthenticated user could exploit this to cause a denial of service in Keystone API servers via disk space exhaustion.
Updated packages are available from security.ubuntu.com.
It was discovered that the QXL graphics driver incorrectly handled terminated connections. An attacker that could connect to a guest using SPICE and the QXL graphics driver could cause the guest to hang or crash, resulting in a denial of service.
Updated packages are available from security.ubuntu.com.
It was discoverd that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially-crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. It was discovered that Inkscape attempted to open certain files from the /tmp directory instead of the current directory. A local attacker could trick a user into opening a different file than the one that was intended.
Updated packages are available from security.ubuntu.com.
Dan Prince discovered an issue in Glance error reporting. An authenticated attacker could exploit this to expose the Glance operator’s Swift credentials for a misconfigured or otherwise unusable Swift endpoint.
Updated packages are available from security.ubuntu.com.
Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes.
Updated packages are available from security.ubuntu.com.
Wenlong Huang discovered that libvirt incorrectly handled certain RPC calls. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Tingting Zheng discovered that libvirt incorrectly handled cleanup under certain error conditions. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service, or possibly execute arbitrary code.
Updated packages are available from security.ubuntu.com.
Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service.
Updated packages are available from security.ubuntu.com.
It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
Updated packages are available from security.ubuntu.com.
It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
Updated packages are available from security.ubuntu.com.
It was discovered that PHP incorrectly handled the openssl_encrypt function when used with an empty string. An attacker could use this flaw to cause PHP to disclose arbitrary memory contents and possibly expose sensitive information.
Updated packages are available from security.ubuntu.com.
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Updated packages are available from security.ubuntu.com.
It was discovered that Vino incorrectly transmitted clipboard activity before authenticating the remote connection. A remote attacker could connect to Vino and monitor clipboard activity.
Updated packages are available from security.ubuntu.com.
Jon Howell reported a flaw in KVM (Kernel-based virtual machine) subsystem’s handling of the XSAVE CPU feature. On hosts without the XSAVE CPU feature, using qemu userspace, an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit.
Updated packages are available from security.ubuntu.com.
Jon Howell reported a flaw in the Linux kernel’s KVM (Kernel-based virtual machine) subsystem’s handling of the XSAVE CPU feature. On hosts without the XSAVE CPU feature, using qemu userspace, an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel’s handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit.
Updated packages are available from security.ubuntu.com.
It was discovered that RPM incorrectly handled certain package headers. If a user or automated system were tricked into installing a specially crafted RPM package, an attacker could cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code.
Updated packages are available from security.ubuntu.com.
It was discovered that RPM incorrectly handled signature checking. An attacker could create a specially-crafted rpm with an invalid signature which could pass the signature validation check.
Updated packages are available from security.ubuntu.com.
It was discovered that OpenJDK 7’s security mechanism could be bypassed via Java applets. If a user were tricked into opening a malicious website, a remote attacker could exploit this to perform arbitrary code execution as the user invoking the program.
Updated packages are available from security.ubuntu.com.
It was discovered that QEMU incorrectly handled certain e1000 packet sizes. In certain environments, an attacker may use this flaw in combination with large packets to cause a denial of service or execute arbitrary code in the guest.
Updated packages are available from security.ubuntu.com.
Jon Howell reported a flaw in the Linux kernel’s KVM (Kernel-based virtual machine) subsystem’s handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel’s handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents.
Updated packages are available from security.ubuntu.com.
