Ubuntu

It was discovered that poppler incorrectly handled memory when opening certain PDF files. An attacker could possibly use this issue to cause denial of service or obtain sensitive information.

It was discovered that Python incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2019-9674) It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-45061) It was discovered that Python incorrectly handled certain crafted ZIP files. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2024-0450)

Mike Salvatore discovered that Audacity incorrectly handled default permissions of temporary files created by the application. An attacker could possibly use this issue to obtain sensitive information.

Jacob Boerema discovered that the GIMP DDS Plugin incorrectly processed DDS files due to a memory issue. An attacker could exploit this through a specifically crafted DDS file to cause GIMP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker supplying malicious input could exploit this to generate and execute arbitrary bytecode.

It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21171) It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21172) Daniel Plaisted and Noah Gilson discovered that .NET insecurely handled temporary file usage which could result in malicious package dependency injection. An attacker could possibly use this issue to elevate privileges. (CVE-2025-21173) It was discovered that .NET did not properly perform input data validation when processing certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-21176)

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - SCSI subsystem; - Ext4 file system; - Bluetooth subsystem; - Memory management; - Amateur Radio drivers; - Network traffic control; - Sun RPC protocol; - VMware vSockets driver; (CVE-2023-52821, CVE-2024-40910, CVE-2024-43892, CVE-2024-49967, CVE-2024-50264, CVE-2024-36952, CVE-2024-38553, CVE-2021-47101, CVE-2021-47001, CVE-2024-35965, CVE-2024-35963, CVE-2024-35966, CVE-2024-35967, CVE-2024-53057, CVE-2024-38597)

Jeriko One discovered that NeoMutt incorrectly handled certain IMAP and POP3 responses. An attacker could possibly use this issue to cause NeoMutt to crash, resulting in a denial of service, or the execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362) Jeriko One discovered that NeoMutt incorrectly handled certain NNTP-related operations. An attacker could possibly use this issue to cause NeoMutt to crash, resulting in denial of service, or the execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-14360, CVE-2018-14361, CVE-2018-14363) It was discovered that NeoMutt incorrectly processed additional data when communicating with mail servers. An attacker could possibly use this issue to access senstive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14954, CVE-2020-28896) It was discovered that Neomutt incorrectly handled the IMAP QRSync setting. An attacker could possibly use this issue to cause NeoMutt to crash, resulting in denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-32055) Tavis Ormandy discovered that NeoMutt incorrectly parsed uuencoded text past the length of the string. An attacker could possibly use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1328) It was discovered that NeoMutt did not properly encrypt email headers. An attacker could possibly use this issue to receive emails that were not intended for them and access sensitive information. This vulnerability was only fixed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-49393, CVE-2024-49394)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. An attacker could use this issue to execute arbitrary code. (CVE-2024-12084) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync compared checksums with uninitialized memory. An attacker could exploit this issue to leak sensitive information. (CVE-2024-12085) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync incorrectly handled file checksums. A malicious server could use this to expose arbitrary client files. (CVE-2024-12086) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync mishandled symlinks for some settings. An attacker could exploit this to write files outside the intended directory. (CVE-2024-12087) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync failed to verify symbolic link destinations for some settings. An attacker could exploit this for path traversal attacks. (CVE-2024-12088) Aleksei Gorban discovered a race condition in rsync's handling of symbolic links. An attacker could use this to access sensitive information or escalate privileges. (CVE-2024-12747)

It was discovered that Git incorrectly handled certain URLs when asking for credentials. An attacker could possibly use this issue to mislead the user into typing passwords for trusted sites that would then be sent to untrusted sites instead. (CVE-2024-50349) It was discovered that git incorrectly handled line endings when using credential helpers. (CVE-2024-52006)

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - S390 architecture; - x86 architecture; - Power management core; - GPU drivers; - InfiniBand drivers; - Network drivers; - S/390 drivers; - SCSI subsystem; - TTY drivers; - BTRFS file system; - Ext4 file system; - EROFS file system; - F2FS file system; - File systems infrastructure; - BPF subsystem; - Socket messages infrastructure; - Bluetooth subsystem; - Memory management; - Amateur Radio drivers; - Ethernet bridge; - Networking core; - IPv4 networking; - Network traffic control; - Sun RPC protocol; - VMware vSockets driver; - SELinux security module; (CVE-2024-42240, CVE-2024-36938, CVE-2024-35967, CVE-2024-36953, CVE-2022-48938, CVE-2024-38553, CVE-2024-35904, CVE-2024-35965, CVE-2024-26947, CVE-2024-36968, CVE-2024-43892, CVE-2024-38597, CVE-2023-52498, CVE-2021-47501, CVE-2024-44942, CVE-2024-42077, CVE-2024-53057, CVE-2024-46724, CVE-2024-35963, CVE-2022-48943, CVE-2024-42068, CVE-2024-42156, CVE-2022-48733, CVE-2023-52639, CVE-2021-47101, CVE-2023-52821, CVE-2024-44940, CVE-2024-36952, CVE-2021-47001, CVE-2024-38538, CVE-2024-40910, CVE-2021-47076, CVE-2024-35966, CVE-2024-50264, CVE-2024-35951, CVE-2023-52488, CVE-2023-52497, CVE-2024-49967)

It was discovered that Django incorrectly handled certain IPv6 strings. An attacker could possibly use this issue to cause a denial of service.

Wei Hao discovered that PowerDNS Authoritative Server incorrectly handled memory when accessing certain files. An attacker could possibly use this issue to achieve arbitrary code execution. (CVE-2018-1046) It was discovered that PowerDNS Authoritative Server and PowerDNS Recursor incorrectly handled memory when receiving certain remote input. An attacker could possibly use this issue to cause denial of service. (CVE-2018-10851) Kees Monshouwer discovered that PowerDNS Authoritative Server and PowerDNS Recursor incorrectly handled request validation after having cached malformed input. An attacker could possibly use this issue to cause denial of service. (CVE-2018-14626) Toshifumi Sakaguchi discovered that PowerDNS Recursor incorrectly handled requests after having cached malformed input. An attacker could possibly use this issue to cause denial of service. (CVE-2018-14644) Nathaniel Ferguson discovered that PowerDNS Authoritative Server incorrectly handled memory when receiving certain remote input. An attacker could possibly use this issue to obtain sensitive information. (CVE-2020-17482) Nicolas Dehaine and Dmitry Shabanov discovered that PowerDNS Authoritative Server and PowerDNS Recursor incorrectly handled IXFR requests in certain circumstances. An attacker could possibly use this issue to cause denial of service. (CVE-2022-27227)

Kevin Backhouse discovered that HPLIP incorrectly handled certain MDNS responses. A remote attacker could use this issue to cause HPLIP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

It was discovered that Roundcube incorrectly handled certain file-based attachment plugins. An attacker could exploit this to gain unauthorized access to arbitrary files on the host’s file system.

USN-6940-1 fixed vulnerabilities in snapd. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Original advisory details: Neil McPhail discovered that snapd did not properly restrict writes to the /home/jslarraz/bin path in the AppArmor profile for snaps using the home plug. An attacker who could convince a user to install a malicious snap could use this vulnerability to escape the snap sandbox. (CVE-2024-1724) Zeyad Gouda discovered that snapd failed to properly check the file type when extracting a snap. An attacker who could convince a user to install a malicious snap containing non-regular files could then cause snapd to block indefinitely while trying to read from such files and cause a denial of service. (CVE-2024-29068) Zeyad Gouda discovered that snapd failed to properly check the destination of symbolic links when extracting a snap. An attacker who could convince a user to install a malicious snap containing crafted symbolic links could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow a local unprivileged user to gain access to privileged information. (CVE-2024-29069)

It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2019-15903) It was discovered that Expat, contained within the xmltok library, incorrectly handled XML data containing a large number of colons, which could lead to excessive resource consumption. If a user or application were tricked into opening a crafted XML file, an attacker could possibly use this issue to cause a denial of service. (CVE-2018-20843) It was discovered that Expat, contained within the xmltok library, incorrectly handled certain input, which could lead to an integer overflow. If a user or application were tricked into opening a crafted XML file, an attacker could possibly use this issue to cause a denial of service. (CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ext4 file system; - Network traffic control; - VMware vSockets driver; (CVE-2024-49967, CVE-2024-53057, CVE-2024-50264)

Paolo Giai discovered a series of stack-based overflow vulnerabilities in the blit and gray_render_cubic functions of a custom fork of the rlottie library. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-31315, CVE-2021-31321) Paolo Giai discovered a series of type confusion vulnerabilities in the VDasher constructor and the LOTCompLayerItem::LOTCompLayerItem function of a custom fork of the rlottie library. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-31317, CVE-2021-31318) Paolo Giai discovered an integer overflow vulnerability in the LOTGradient::populate function of a custom fork of the rlottie library. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-31319) Paolo Giai discovered a series of heap buffer overflow vulnerabilities in the VGradientCache::generateGradientColorTable and LOTGradient::populate functions of a custom fork of the rlottie library. An attacker could possibly use this issue to achieve remote code execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-31320, CVE-2021-31322)