Canonical Ubuntu Linux vulnerabilities

CVE-2020-29385 [MEDIUM] CWE-835 CVE-2020-29385: GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c i GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop

CVE-2020-27349 [MEDIUM] CWE-862 CVE-2020-27349: Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevate Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.

CVE-2020-16128 [LOW] CWE-209 CVE-2020-16128: The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket p The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.

CVE-2020-16123 [MEDIUM] CWE-362 CVE-2020-16123: An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would f An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed

CVE-2020-27348 [MEDIUM] CWE-427 CVE-2020-27348: In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_P In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1.

CVE-2020-29372 [MEDIUM] CWE-362 CVE-2020-29372: An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a r An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.

CVE-2020-0569 [MEDIUM] CWE-787 CVE-2020-0569: Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticat Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

CVE-2020-16122 [HIGH] CWE-269 CVE-2020-16122: PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is bas PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.

CVE-2020-16121 [LOW] CWE-209 CVE-2020-16121: PackageKit provided detailed error messages to unprivileged callers that exposed information about f PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.

CVE-2020-15708 [HIGH] CWE-732 CVE-2020-15708: Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permis Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.

CVE-2020-28039 [CRITICAL] CVE-2020-28039: is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion b is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.

CVE-2020-28040 [MEDIUM] CWE-352 CVE-2020-28040: WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.

CVE-2020-14837 [MEDIUM] CVE-2020-14837: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability

CVE-2020-15157 [MEDIUM] CWE-522 CVE-2020-15157: In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential l In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follo

CVE-2020-25645 [HIGH] CWE-319 CVE-2020-25645: A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoint A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidenti

CVE-2020-14355 [MEDIUM] CWE-120 CVE-2020-14355: Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression

CVE-2020-25641 [MEDIUM] CWE-835 CVE-2020-25641: A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero- A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of se

CVE-2020-7069 [MEDIUM] CWE-20 CVE-2020-7069: In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

CVE-2020-7070 [MEDIUM] CWE-20 CVE-2020-7070: In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processin In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. S

CVE-2020-14376 [HIGH] CWE-120 CVE-2020-14376: A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking w A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.