Ubuntu Essential and Critical Security Patch Updates - Page 345
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
rsync could be made to crash or run programs as your login if it connected to a malicious server.
The TIFF library could be made to run programs as your login if it opened a specially crafted file.
Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel.
An attacker could send crafted input to OpenSLP and cause it to hang.
Local users could gain root access by using the pkexec tool in PolicyKit.
An unauthenticated remote user could crash the Kerberos service.
An attacker's DHCP server could send crafted responses to your computer and cause it to run programs as root.
Local users could gain root access via the language-selector.
An attacker could overwrite files owned by the user if KGet opened a crafted metalink file.
An attacker could send crafted input to Postfix and cause it to reveal confidential information.
An attacker could send crafted input to Konqueror to view sensitive information.
It was discovered that GIMP incorrectly handled malformed data in certain plugin configuration files. If a user were tricked into opening a specially crafted plugin configuration file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. The default compiler options for affected releases should reduce the vulnerability to a [More...]
Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses. An attacker could use this flaw with a malicious DHCP server to execute arbitrary code, resulting in root privilege escalation. [More...]
Sebastian Krahmer discovered that the xrdb utility incorrectly filtered crafted hostnames. An attacker could use this flaw with a malicious DHCP server or with a remote xdmcp login and execute arbitrary code, resulting in root privilege escalation. [More...]
It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These certificates were marked as explicitly not trusted to prevent their misuse. [More...]
Dan Rosenberg discovered that multiple terminal ioctls did not correctlyinitialize structure memory. A local attacker could exploit this to readportions of kernel stack memory, leading to a loss of privacy.(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077) [More...]
Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg incorrectly handled certain malformed flic files. If a user were tricked into opening a crafted flic file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected [More...]
Mathias Svensson discovered that the tex-common package contains an insecure shell_escape_commands configuration item. If a user or automated system were tricked into opening a specially crafted TeX file, a remote attacker could execute arbitrary code with user privileges. [More...]
Martin Barbella discovered that the thunder (aka ThunderScan) decoder in the TIFF library incorrectly handled an unexpected BitsPerSample value. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. [More...]
It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These were placed on the certificate blacklist to prevent their misuse. [More...]