Explore top 10 tips to secure your open-source projects now. Read More
×ADOdb could be made to crash or run programs if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7530-1 May 29, 2025 libphp-adodb vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 Summary: ADOdb could be made to crash or run programs if it received specially crafted input. Software Description: - libphp-adodb: PHP database abstraction layer library Details: It was discovered that ADOdb incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libphp-adodb 5.22.8-0.1ubuntu0.1 Ubuntu 24.10 libphp-adodb 5.22.7-0.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7530-1 CVE-2025-46337 Package Information: https://launchpad.net/ubuntu/+source/libphp-adodb/5.22.8-0.1ubuntu0.1 https://launchpad.net/ubuntu/+source/libphp-adodb/5.22.7-0.1ubuntu0.1 . Attention Ubuntu users: A security update for the libphp-adodb vulnerability is now available, crucial for preventing system crashes and exploits. Update now!. libphp-adodb, Ubuntu security notice, software patch, security update. . LinuxSecurity.com Team
KiCad could be made to crash or run programs if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-7466-1 April 28, 2025 kicad vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: KiCad could be made to crash or run programs if it opened a specially crafted file. Software Description: - kicad: Electronic schematic and PCB design software Details: It was discovered that KiCad incorrectly handled memory when opening malicious files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS kicad 5.1.5+dfsg1-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS kicad 4.0.7+dfsg1-1ubuntu2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7466-1 CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947 . The latest patch for KiCad on Ubuntu rectifies vulnerabilities that might result in unexpected crashes or unauthorized command execution.. KiCad Security Update, Ubuntu Pro, Denial of Service, Memory Issues, Software Security. . LinuxSecurity.com Team
BlueZ could be made to run programs as an administrator if it connected to a malicious Bluetooth device.. ========================================================================== Ubuntu Security Notice USN-7222-1 January 22, 2025 bluez vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: BlueZ could be made to run programs as an administrator if it connected to a malicious Bluetooth device. Software Description: - bluez: Bluetooth tools and daemons Details: Lucas Leong discovered that BlueZ incorrectly handled the Phone Book Access profile. If a user were tricked into connecting to a malicious Bluetooth device, a remote attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS bluez 5.64-0ubuntu1.4 libbluetooth3 5.64-0ubuntu1.4 Ubuntu 20.04 LTS bluez 5.53-0ubuntu3.9 libbluetooth3 5.53-0ubuntu3.9 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7222-1 CVE-2023-50229, CVE-2023-50230 Package Information: https://launchpad.net/ubuntu/+source/bluez/5.64-0ubuntu1.4 https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu3.9 . Uncover vital enhancements for BlueZ in Ubuntu versions 22.04 and 20.04 that counteract vulnerabilities posed by harmful Bluetooth gadgets.. BlueZ Security Advisory, Ubuntu 22.04, Arbitrary Code Execution, Bluetooth Vulnerability. . Severity: Critical. LinuxSecurity.com Team
recutils could be made to crash or run programs as a login user if a specially crafted file was opened.. ========================================================================== Ubuntu Security Notice USN-7137-1 December 04, 2024 recutils vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: recutils could be made to crash or run programs as a login user if a specially crafted file was opened. Software Description: - recutils: text-based databases called recfiles Details: It was discovered that recutils incorrectly handled memory when parsing comments with the recparser utility. An attacker could possibly use this issue to cause a denial of service or run arbitrary commands. (CVE-2021-46019, CVE-2021-46021, CVE-2021-46022) It was discovered that recutils incorrectly handled memory when parsing CSV files. An attacker could possibly use this issue to cause a denial of service or run arbitrary commands. (CVE-2019-11637, CVE-2019-11638, CVE-2019-11639, CVE-2019-11640) It was discovered that recutils incorrectly handled memory when parsing maliciously crafted recfiles. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-6455, CVE-2019-6456, CVE-2019-6457, CVE-2019-6458, CVE-2019-6459, CVE-2019-6460) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS librec1 1.8-1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro recutils 1.8-1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS librec1 1.8-1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro recutils 1.8-1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS librec1 1.7-2ubuntu0.1~esm1 Available with Ubuntu Pro recutils 1.7-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS librec1 1.7-1ubuntu0.1~esm1 Available with Ubuntu Pro recutils 1.7-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7137-1 CVE-2019-11637, CVE-2019-11638, CVE-2019-11639, CVE-2019-11640, CVE-2019-6455, CVE-2019-6456, CVE-2019-6457, CVE-2019-6458, CVE-2019-6459, CVE-2019-6460, CVE-2021-46019, CVE-2021-46021, CVE-2021-46022 . A critical security advisory highlights vulnerabilities in Ubuntu's Recutils package that may lead to crashes or unauthorized program execution. Users should update promptly to mitigate risks.. recutils security advisory, Ubuntu 22.04 LTS, denial of service issue, program execution vulnerability. . Severity: Critical. LinuxSecurity.com Team
CUPS could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7041-3 October 07, 2024 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: CUPS could be made to crash or run programs if it received specially crafted network traffic. Software Description: - cups: Common UNIX Printing System(tm) Details: USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS cups 2.1.3-4ubuntu0.11+esm8 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7041-3 https://ubuntu.com/security/notices/USN-7041-2 https://ubuntu.com/security/notices/USN-7041-1 CVE-2024-47175 . Ubuntu Security Alert USN-7041-3 regarding CUPS flaw impacting system integrity and allowing remote exploits.. Ubuntu Security, CUPS Advisory, Network Exploit, System Update, Remote Threat. . Severity: Critical. LinuxSecurity.com Team
cups-filters could be made to run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7043-2 October 01, 2024 cups-filters vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: cups-filters could be made to run programs if it received specially crafted network traffic. Software Description: - cups-filters: OpenPrinting CUPS Filters Details: USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS cups-browsed 1.20.2-0ubuntu3.3+esm1 Available with Ubuntu Pro cups-filters 1.20.2-0ubuntu3.3+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7043-2 https://ubuntu.com/security/notices/USN-7043-1 CVE-2024-47176 . Uncover the security alert regarding cups-filters for Ubuntu 18.04 LTS that reveals potential vulnerabilities linked to network data flow.. cups-filters, Ubuntu 18.04, security update, network threat. . Severity: Important. LinuxSecurity.com Team
GStreamer Base Plugins could be made to crash or run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-6798-1 May 29, 2024 gst-plugins-base1.0 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: GStreamer Base Plugins could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - gst-plugins-base1.0: GStreamer plugins Details: It was discovered that GStreamer Base Plugins incorrectly handled certain EXIF metadata. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS gstreamer1.0-plugins-base 1.24.2-1ubuntu0.1 Ubuntu 23.10 gstreamer1.0-plugins-base 1.22.6-1ubuntu0.1 Ubuntu 22.04 LTS gstreamer1.0-plugins-base 1.20.1-1ubuntu0.2 Ubuntu 20.04 LTS gstreamer1.0-plugins-base 1.16.3-0ubuntu1.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6798-1 CVE-2024-4453 Package Information: https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.24.2-1ubuntu0.1 https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.22.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.20.1-1ubuntu0.2 https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.16.3-0ubuntu1.3 . GStreamer Base Plugins on Ubuntu may let attackers execute code or crash systems via crafted files. Update is advised.. GStreamer, Ubuntu, Plugin Crash Risk, Security Update, Program Execution. . LinuxSecurity.com Team
AIDE could be made to crash or run programs as an administrator if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-5243-2 January 20, 2022 aide vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: AIDE could be made to crash or run programs as an administrator if it opened a specially crafted file. Software Description: - aide: Advanced Intrusion Detection Environment - static binary Details: USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: aide 0.16~a2.git20130520-3ubuntu0.1~esm1 Ubuntu 14.04 ESM: aide 0.16~a2.git20130520-2ubuntu0.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5243-1 CVE-2021-45417 . Ubuntu Security Notice USN-5243-3 pertains to a vulnerability in the AIDE tool; users are advised to update to avert system crashes or potential denial of service scenarios.. AIDE Vulnerability, Ubuntu Security Advisory, Denial of Service, Program Execution, System Update. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.