UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2020-11652 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some meth salt salt salt salt
CVE CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate salt salt salt salt
CVE CVE-2019-17361 In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticat salt salt salt salt
CVE CVE-2018-15751 SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-a salt salt
CVE CVE-2018-15750 Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine whi salt salt
CVE CVE-2020-11993 Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging stateme apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2020-11984 Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE apache2 apache2 apache2 apache2
CVE CVE-2020-9490 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash whe apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2020-1934 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2020-1927 In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded new apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
Launchpad 1890286 ansi escape sequence injection in add-apt-repository software-properties software-properties software-properties software-properties software-properties software-properties software-properties software-properties software-properties software-properties software-properties software-properties
Launchpad 1886491 Applying package profile on Xenial doesn't work landscape-client
Launchpad 1879777 gnome-boxes assert failure: gnome-boxes: ../../../../src/cairo-surface.c:955: cairo_surface_destroy: Assertion `CAIRO_REFERENCE_COUNT_HAS_REFERENCE ( gnome-boxes
Launchpad 1831467 test-umockdev tests flaky on armhf (and sometimes other archs) umockdev umockdev
CVE CVE-2020-12401 ECDSA timing attack mitigation bypass nss nss nss nss nss nss nss nss nss nss nss nss
CVE CVE-2020-6829 Side channel attack on ECDSA signature generation nss nss nss nss nss nss nss nss nss nss nss nss
CVE CVE-2020-12400 P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function nss nss nss nss nss nss nss nss nss nss nss nss
CVE CVE-2020-14303 A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP samba samba samba samba samba samba samba samba samba samba samba samba
Launchpad 1888690 Xenial update: v4.4.231 upstream stable release linux
Launchpad 1889928 Xenial update: v4.4.232 upstream stable release linux



About   -   Send Feedback to @ubuntu_updates