Canonical Ubuntu Linux vulnerabilities

CVE-2020-11758 [MEDIUM] CWE-125 CVE-2020-11758: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixel An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

CVE-2020-11760 [MEDIUM] CWE-125 CVE-2020-11760: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompres An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

CVE-2020-11764 [MEDIUM] CWE-787 CVE-2020-11764: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuf An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

CVE-2020-11761 [MEDIUM] CWE-125 CVE-2020-11761: An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncom An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.

CVE-2020-11763 [MEDIUM] CWE-125 CVE-2020-11763: An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and writ An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.

CVE-2020-11759 [MEDIUM] CWE-190 CVE-2020-11759: An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLi An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.

CVE-2020-11765 [MEDIUM] CWE-125 CVE-2020-11765: An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

CVE-2020-1730 [MEDIUM] CWE-476 CVE-2020-1730: A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability

CVE-2020-11736 [LOW] CWE-22 CVE-2020-11736: fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extrac fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

CVE-2020-8832 [MEDIUM] CVE-2020-8832: The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not prope The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.

CVE-2020-11655 [HIGH] CWE-665 CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malfo SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

CVE-2020-8834 [MEDIUM] CWE-368 CVE-2020-8834: KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 sta KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the

CVE-2020-11608 [MEDIUM] CWE-476 CVE-2020-11608: An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NUL An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.

CVE-2020-11609 [MEDIUM] CWE-476 CVE-2020-11609: An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.

CVE-2020-11565 [MEDIUM] CWE-787 CVE-2020-11565: An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a st An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount option

CVE-2020-11501 [HIGH] CWE-330 CVE-2020-11501: GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3. GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

CVE-2020-8835 [HIGH] CWE-125 CVE-2020-8835: In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restr In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vuln

CVE-2020-11100 [HIGH] CWE-787 CVE-2020-11100: In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a r In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

CVE-2020-11494 [MEDIUM] CWE-908 CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6. An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.

CVE-2020-1927 [MEDIUM] CWE-601 CVE-2020-1927: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to b In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.