Ubuntu Security Notice 5164-1 - It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the AMD Cryptographic Coprocessor driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
6ccccfa63f87b8046f886da63dc7344fUbuntu Security Notice 5165-1 - It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface implementation. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
9b62ebc65593eec8e7ee5817b3b82e23Ubuntu Security Notice 5163-1 - Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information. It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b435df38ae55595db8f1bcd795db1127Ubuntu Security Notice 5162-1 - Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information. It was discovered that the AMD Cryptographic Coprocessor driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
168949d5bd28d8a0c87dc3d7bb453348Ubuntu Security Notice 5161-1 - Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information. It was discovered that the AMD Cryptographic Coprocessor driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
adcd67f9c4539f1d01ba2e73bf9972aaUbuntu Security Notice 5158-1 - It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. Various other issues were also addressed.
2d8eb9010bc1bef7e8eafdda3ebf835aUbuntu Security Notice 5156-1 - It was discovered that ICU contains a double free issue. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
7f9e1cc09db55cc8c6b6d6aa187a6ffeUbuntu Security Notice 5155-1 - It was discovered that BlueZ incorrectly handled the Discoverable status when a device is powered down. This could result in devices being powered up discoverable, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. It was discovered that BlueZ incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause BlueZ to consume resources, leading to a denial of service. Various other issues were also addressed.
720bbe1eb49a598986078fe04f230c13Ubuntu Security Notice 5154-1 - It was discovered that FreeRDP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. It was discovered that FreeRDP incorrectly handled certain connections. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
27b0c1db65a78cb4a352148e9752605dUbuntu Security Notice 5153-1 - It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations.
b9585b0c0d7bd47a8833f1fbc3d9ded2Ubuntu Security Notice 5152-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the UI, confuse the user, conduct phishing attacks, or execute arbitrary code.
24e382a4ac0afa4668158c5c48685920Ubuntu Security Notice 5151-1 - It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
f662149a9aa7b231b55a0e4f91231e92Ubuntu Security Notice 5150-1 - It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash.
e57ef302fb93bb3de94446102cfe5d40Ubuntu Security Notice 5148-1 - It was discovered that hivex incorrectly handled certain input. An attacker could use this vulnerability to cause a crash or obtain sensitive information.
8d4892e9321f20c7c03c3cdcceefcf11Ubuntu Security Notice 5149-1 - Kevin Backhouse discovered that AccountsService incorrectly handled memory when performing certain language setting operations. A local attacker could use this issue to escalate privileges.
8fee9fd558fd792f3a99f3e911cb09b2Ubuntu Security Notice 5147-1 - It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. This issue only affected Ubuntu 14.04 ESM. Various other issues were also addressed.
d7794bd2d9ad6ef2605e1615e1edac8dUbuntu Security Notice 5145-1 - Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established.
fd8c899c8bff47059207ac6f3b29aa29Ubuntu Security Notice 5144-1 - It was discovered that OpenEXR incorrectly handled certain EXR image files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
c253b5e5678635d022b393c639f6162dUbuntu Security Notice 5142-1 - Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. Andrew Bartlett discovered that Samba did not correctly sandbox Kerberos tickets issues by an RODC. An RODC could print administrator tickets, contrary to expectations. Various other issues were also addressed.
c11881a63d66cd2017af5970aefdad4aUbuntu Security Notice 5141-1 - Roman Fiedler discovered that a race condition existed in Firejail when using OverlayFS to prevent writes to the underlying file system. A local attacker could use this to gain administrative privileges. Note: this update disables support for OverlayFS in Firejail.
5bb8871942bc9dba056ce24ae7ea7d05Ubuntu Security Notice 5137-2 - It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service or possibly execute arbitrary code. It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possible execute arbitrary code. Various other issues were also addressed.
6462e03f35541bd5a91729fe01ed4ecdUbuntu Security Notice 5140-1 - It was discovered that the AMD Cryptographic Coprocessor driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b90767cbc1e703cb5da81e873bdd27ebUbuntu Security Notice 5139-1 - Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information. It was discovered that the AMD Cryptographic Coprocessor driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
1892b563cb6e73408d2dde078efe9952Ubuntu Security Notice 5138-1 - The py.path.svnwc component of py through v1.9.0 contains a regular expression with an ambiguous subpattern that is susceptible to catastrophic backtracing. This could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
b9051c66fbb67f60f87371e084e3ba05Ubuntu Security Notice 5134-1 - An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied credentials being leaked to the public registry, when using the docker login command with a private registry.
6fefdf00f548781e13c2e78365347a9d
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed