Ubuntu Security Notice 6914-1 - Filip Hejsek discovered that the phpCAS library included in OCS Inventory was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account.
73fd131bb18f7771a681c59e661c0d5775f0b0b24508b2c6d987f93a40cd38d7Ubuntu Security Notice 6913-1 - Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. After applying this update, third party applications need to be modified to pass in an additional service base URL argument when constructing the client class.
3d357e0c9b781b559ab37c7e2d6214c573f839b885c985403381dc8900f0c313Ubuntu Security Notice 6915-1 - It was discovered that poppler incorrectly handled certain malformed PDF. An attacker could possibly use this issue to cause a denial of service.
52aa69daba91baaab0b5b848a2b8b852e61fe20dffc1c38d228b8880e4c36728Ubuntu Security Notice 6912-1 - James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges.
e0dbb950650ffee9227bc95e04f82d63498894eebd4019dc3c14308edd63d54fUbuntu Security Notice 6906-1 - It was discovered that python-zipp did not properly handle the zip files with malformed names. An attacker could possibly use this issue to cause a denial of service.
1a62349ae29e7d79554a4ffcd79d5f0ffd879f7828af8cd95227ea5825dabd0bUbuntu Security Notice 6910-1 - Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Peter Stoeckli discovered that Apache ActiveMQ incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS.
2ae146c10db1dd391dc98c4fa06a3252bd241865630bfb4113b9433bc4f68d29Ubuntu Security Notice 6530-2 - Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.
58168a762eb0c9cf33ac4f136c917cd582ae33ea9ebf9c0389eb492248ad3eccUbuntu Security Notice 6907-1 - Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service.
9c136fbdc40fa780322300ff78d451d018ef8f0e38ed960fa3d82de437e9c749Ubuntu Security Notice 6911-1 - Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.
8f717bc82952c168a0370701143e28cfffe9992338fcaf85126f67a805e5c78eUbuntu Security Notice 6908-1 - It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code.
7726e75bbe7b39bbdc84999efb427741b22bbfa118702c92655b75b6eafddeefUbuntu Security Notice 6909-1 - It was discovered that Bind incorrectly handled a flood of DNS messages over TCP. A remote attacker could possibly use this issue to cause Bind to become unstable, resulting in a denial of service. Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
306da0210b1902b737e1fa55bad21112997cf1e927d3439a48d391e725b8de48Ubuntu Security Notice 6905-1 - It was discovered that Rack incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
f1fb99c460c408c54600bfb86185879ad2833e7b4ce66083ea2f2adece4c2d2bUbuntu Security Notice 6904-1 - It was discovered that PyMongo incorrectly handled certain BSON. An attacker could possibly use this issue to read sensitive information or cause a crash.
fcdec1b07b070a6622feb7e4235b0acc1f1a048b493cbdd384578b9850c079a6Ubuntu Security Notice 6898-4 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.
8b053de7161b766a9cba5511fe20d03faf97b54bcfcc24fb43aa58677af61c15Ubuntu Security Notice 6893-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
7f62f78668bc36911b1f96b40c020e8124cd85ad4a7b7ca69e27900327bdb441Ubuntu Security Notice 6896-5 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
df9560dc3783d3d4a0c9d99e6352e1f6ea6dd5c66518086f9ad8789fbd721813Ubuntu Security Notice 6903-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Ronald Crane discovered that Thunderbird did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service.
ef4b61c19ba1cf89ba89cd01bfc4d81fcf08875ddab9da8ccaa5a0275782a54cUbuntu Security Notice 6896-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
8dd27500ca03c621e3b332d4f4a48899a12b1e1709641167738660d0e4522fabUbuntu Security Notice 6898-3 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.
9d8578e4d65e6a905377c4eafbc6560f359e3400f28ae0a9eb49ebc1093b3b26Ubuntu Security Notice 6895-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
c2cdeb8147a5ff711973b3c8fee175db573062bd9897685481c20a336ce711ebUbuntu Security Notice 6902-1 - It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code.
9a63aa2943140950806a11aec9119a422cddc8e0dfdc7143ffb68c82b5967f3aUbuntu Security Notice 6901-1 - It was discovered that stunnel did not properly validate client certificates when configured to use both the redirect and verifyChain options. A remote attacker could potentially use this issue to obtain sensitive information by accessing the tunneled service.
933f9a0affdeefea6ab6aa2495ffa6ba1333eebfac57eaf7677ea9c67f425cb8Ubuntu Security Notice 6896-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
a1423a94bbd0e244b50a9dcc42a0d161e6c9763ef9a664b4bc82761901f3c48bUbuntu Security Notice 6900-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
e97da32f17a29fe4696411be940643a9db1b1d29119fc6286db6efced74e2225Ubuntu Security Notice 6898-2 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.
0ab8434a912c1a37f7ce3d27489ffab441a7e52cdc71e41d0a0713946e958fbe
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed