Ubuntu Security Notice 7088-4 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
d8177c3b5ff3c3d3fda97932c7f3da74d07c7efb90a9240a35307b994d06b627
Ubuntu Security Notice 7095-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
a4c004e708b8e009bd474230b3de263f849417dad8771ca66e1ac6f371604336
Ubuntu Security Notice 7089-3 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
10729d56a83995eb3098226ea10515d8f81f274ad50de359cbac115b9ca988c3
Ubuntu Security Notice 7088-3 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
07a058d393aeb3ca0e8521b79d58db34aa38d2a713a564c2cb964636e33b13cc
Ubuntu Security Notice 7093-1 - It was discovered that Werkzeug incorrectly handled multiple form submission requests. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service.
483f7153b8e6742a0abe85bce778ad7a05b894f8541d84dcf7d81af87423094f
Ubuntu Security Notice 7092-1 - It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.
65d1be200e4d1922fc1cd30e8b53862145340a56143ef50e6560995be2228d0b
Ubuntu Security Notice 7091-1 - It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has many entity expansions with SAX2 or pull parser API. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service.
71f9fbd7bec60d2b7b4a569108c35e7c10d0ba77a14114bdae61eea8d0e2a457
Ubuntu Security Notice 7083-1 - It was discovered that OpenJPEG incorrectly handled certain memory operations when using the command line "-ImgDir" in a directory with a large number of files, leading to an integer overflow vulnerability. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that OpenJPEG incorrectly handled decompressing certain .j2k files in sycc420_to_rgb, leading to a heap-based buffer overflow vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code.
ff9f9486933fc7bd7d89dc29eb83d72d64684aeba87a4f207fd9ed45b92e8df5
Ubuntu Security Notice 7089-2 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
817e5bf8246382082ac9d9cd3facb86957ad9411468075631d38d06ead217a6d
Ubuntu Security Notice 7088-2 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
313e20a45455cc6eb16fd12695e979b334e4b0d1bcb777bf49b1e6a869f75909
Ubuntu Security Notice 7090-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
6a9d3a1e4a4fbe85e4992cff08c3e238393e2444832e21faf50c67f89ed19bf6
Ubuntu Security Notice 7089-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
ddf1e0bbd10d1ef692ad8303eb3ecdabeb9f0701fc3cf00afbec1c110f39b6a2
Ubuntu Security Notice 7088-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
45049820bd4e0d7ebd34214af28ac0de01bc1555af2b52dcd9fceee216485cbb
Ubuntu Security Notice 7076-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
bda7c0835b76e6cb22841f216cfe22534c15850ff6552b4194bf6bddaf76eac3
Ubuntu Security Notice 7021-5 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
eb08a7be99e6bc608aae772cb6e8597e4a4a6f2780086193c7dfb7689ea4a43f
Ubuntu Security Notice 7086-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.
aa6ed1f85bd38a08bd3e875585159586c98e9a9532a72c63afc09f15bf1ced9e
Ubuntu Security Notice 7087-1 - It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code.
1eed32f91872854f1e02f0b48a759383da1c9d02846a7e4fb7f0f2a490768aac
Ubuntu Security Notice 7085-2 - USN-7085-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.
5a04aa298bf2801943178ba9998c092ae2bcd6c0e34fcbc1cc3fb661e09fb376
Ubuntu Security Notice 7084-2 - USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3 module bundled into pip. It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
312ed9f8bb4ab24eb7a502a24a8630b8be43aedef291065858629e605d73ca8d
Ubuntu Security Notice 7085-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.
bbf083f3d2d1406b17c352954c3eb9443be7fb0019d52c848f3b9d5be201e1e4
Ubuntu Security Notice 7084-1 - It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
29ff94c3d9e8abedc1bc6ca7386296e337966fbed2dbee657de8625b278ef2ef
Ubuntu Security Notice 7064-2 - USN-7064-1 fixed a vulnerability in nano. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that nano allowed a possible privilege escalation through an insecure temporary file. If nano was killed while editing, the permissions granted to the emergency save file could be used by an attacker to escalate privileges using a malicious symlink.
28b8f0f18fdb9afdd1730084e64b5329e335c056df75faa76abe7769b3d37d04
Ubuntu Security Notice 7082-1 - Gerrard Tai discovered that libheif did not properly validate certain images, leading to out-of-bounds read and write vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or to obtain sensitive information.
c7e015f0d817a62979f775a5671414e9468c22afa72f7e209819ddedc20b3a98
Ubuntu Security Notice 7081-1 - It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. It was discovered that the Go parser module did not properly handle deeply nested literal values. An attacker could possibly use this issue to cause a panic resulting in a denial of service.
7172da16c5ed0479a3c4aeec01a4da63b11371385e92211bd74a665c44254ecd
Ubuntu Security Notice 7079-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
6a7758c0aafb7862f063dd5f40ab40a50c428f0d89914869aa92bd6418d440ef