Ubuntu Security Notices

Recent content on Ubuntu security notices

USN-4644-1: igraph vulnerability

27 November 2020, 1:16 pm

It was discovered that igraph mishandled certain malformed XML. An attacker
could use this vulnerability to cause a denial of service (crash).

USN-4382-2: FreeRDP vulnerabilities

26 November 2020, 6:47 pm

It was discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

USN-4646-2: poppler regression

26 November 2020, 6:10 pm

USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871
introduced a regression causing certain applications linked against poppler
to fail. This update backs out the fix pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service.

USN-4649-1: xdg-utils vulnerability

26 November 2020, 1:57 pm

Jens Mueller discovered that xdg-utils incorrectly handled certain URI.
An attacker could possibly use this issue to expose sensitive information.
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information across origins, bypass security restrictions,
conduct phishing attacks, conduct cross-site scripting (XSS) attacks,
bypass Content Security Policy (CSP) restrictions, conduct DNS rebinding
attacks, or execute arbitrary code.

USN-4646-1: poppler vulnerabilities

25 November 2020, 6:03 pm

It was discovered that Poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service.

USN-4645-1: Mutt vulnerability

25 November 2020, 3:18 pm

It was discovered that Mutt incorrectly handled certain connections.
An attacker could possibly use this issue to expose sensitive information.

USN-4643-1: atftp vulnerabilities

24 November 2020, 2:14 pm

It was discovered that atftp’s FTP server did not properly handler certain
input. An attacker could use this to to cause a denial of service (crash)
or possibly execute arbitrary code. (CVE-2019-11365)

It was discovered that atftp’s FTP server did not make proper use of
mutexes when locking certain data structures. An attacker could use this to
cause a denial of service via a NULL pointer dereference. (CVE-2019-11366)

It was discovered that PDFResurrect incorrectly handled certain memory
operations during PDF summary generation. An attacker could use this to
cause out-of-bounds writes, resulting in a denial of service (system crash)
or arbitrary code execution.