Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2020-11652 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some meth | salt salt salt salt |
| CVE | CVE-2020-11651 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate | salt salt salt salt |
| CVE | CVE-2019-17361 | In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticat | salt salt salt salt |
| CVE | CVE-2018-15751 | SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-a | salt salt |
| CVE | CVE-2018-15750 | Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine whi | salt salt |
| CVE | CVE-2020-11993 | Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging stateme | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2020-11984 | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | apache2 apache2 apache2 apache2 |
| CVE | CVE-2020-9490 | Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash whe | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2020-1934 | In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2020-1927 | In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded new | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| Launchpad | 1890286 | ansi escape sequence injection in add-apt-repository | software-properties software-properties software-properties software-properties software-properties software-properties software-properties software-properties software-properties software-properties software-properties software-properties |
| Launchpad | 1886491 | Applying package profile on Xenial doesn't work | landscape-client |
| Launchpad | 1879777 | gnome-boxes assert failure: gnome-boxes: ../../../../src/cairo-surface.c:955: cairo_surface_destroy: Assertion `CAIRO_REFERENCE_COUNT_HAS_REFERENCE ( | gnome-boxes |
| Launchpad | 1831467 | test-umockdev tests flaky on armhf (and sometimes other archs) | umockdev umockdev |
| CVE | CVE-2020-12401 | ECDSA timing attack mitigation bypass | nss nss nss nss nss nss nss nss nss nss nss nss |
| CVE | CVE-2020-6829 | Side channel attack on ECDSA signature generation | nss nss nss nss nss nss nss nss nss nss nss nss |
| CVE | CVE-2020-12400 | P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function | nss nss nss nss nss nss nss nss nss nss nss nss |
| CVE | CVE-2020-14303 | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP | samba samba samba samba samba samba samba samba samba samba samba samba |
| Launchpad | 1888690 | Xenial update: v4.4.231 upstream stable release | linux |
| Launchpad | 1889928 | Xenial update: v4.4.232 upstream stable release | linux |
About
-
Send Feedback to @ubuntu_updates
