Ubuntu Security Notice 6675-1 - It was discovered that ImageProcessing incorrectly handled series of operations that are coming from unsanitised inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
d491a79e75514bf25f975567ff41507638e98c09cab54bfb9d5dcf4332bfbb3a
Ubuntu Security Notice 6653-4 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
aa48f67fd66f658d9892f7335cc6fb90de9e9c25c6ff2c4f219a83a90245088d
Ubuntu Security Notice 6674-2 - USN-6674-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
997b193005614a4286e157f3adb9ede1701e065c5ba4f071d3dffb9741612a72
Ubuntu Security Notice 6674-1 - Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
8724577a7a85c8ee06c83d3ec00d4db888a3a2260fa6a62b92f39b2d23d729c9
Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.
01de93cd85b2bb26752f49682241d7f6847ee989213ef66fd7a7389e73b6b48a
Ubuntu Security Notice 6672-1 - Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.
fa597d50e9f8b5bd302a8783ff6dbb02dfd40c5672ca6442aff828f6a586c095
Ubuntu Security Notice 6669-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.
63ee0e6f83b4e9f77d873f79cf50c1f02a046461e6ad8e93392c9da32d118bfc
Ubuntu Security Notice 6671-1 - It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack.
27772bf11ba58e6506ed22ecdca799a5cc5144ec12da1e50691c8a33285fc90d
Ubuntu Security Notice 6670-1 - It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.
f678a48ca90812aa9d2b76350886677e9b4c1db467f139d16a69adc2ef646f7c
Ubuntu Security Notice 6653-3 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
60fb5270aaf03325ad43e2f4dacecf3881635fbb18b2fa28485adf10dae290b5
Ubuntu Security Notice 6651-3 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
744d885dd931ced61a93f137d603c1ca54fdfb04c50ba2fc69d8df0cf9dbac5c
Ubuntu Security Notice 6647-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
f482b4121fdbb18a1aa10eff28af9de753dabde4e2a5df33e96dc30e687a2222
Ubuntu Security Notice 6653-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
2f07851c21569ae0eee530af9d5bdebed76880cb59d7cda6e3ed6b201bf2df0b
Ubuntu Security Notice 6651-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
d2d23ae1b65988ff0ad2b84582cd36ddc80022fa069d82e81e5127115f12a8e9
Ubuntu Security Notice 6648-2 - It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service.
b20b61a904133f077965c2d159bb4588f6d1a76c9d9e29a8c1d6e8e4f12b7705
Ubuntu Security Notice 6668-1 - It was discovered that when python-openstackclient attempted to delete a non-existing access rule, it would delete another existing access rule instead, contrary to expectations.
8b976b5faa5d4b10b0fc031169e7fc9d450e6f7d3e44c15b0b2209066d59a417
Ubuntu Security Notice 6667-1 - It was discovered that Cpanel-JSON-XS incorrectly decoded certain data. A remote attacker could use this issue to cause Cpanel-JSON-XS to crash, resulting in a denial of service, or possibly obtain sensitive information.
9a17a30381d9291845aef07c2e2c4b22b5c2cecc38cebc67005e48cab63a0355
Ubuntu Security Notice 6666-1 - It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks.
3708b57f00e48056a0ff770faacabf49aa5ec9ceb551c9f97111aee2cda1ee21
Ubuntu Security Notice 6665-1 - Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Unbound incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service. It was discovered that Unbound incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service.
247e0c613315c524f7a23eca5cd0d2daffd570c3ffc7c235478e29feb918a658
Ubuntu Security Notice 6644-2 - USN-6644-1 fixed vulnerabilities in LibTIFF. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to consume resources, resulting in a denial of service.
3b39aabfecba0f4995c29794c7e0e8350f5b346f154fcd5c9a66829eec33e954
Ubuntu Security Notice 6664-1 - It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a crash or execute arbitrary commands.
3a426e4094dd9ad9549006ec37e42525a4d7a61f7dd4bf291cc27ed8a13a7d55
Ubuntu Security Notice 6663-1 - As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS#1 v1.5 RSA, to prevent its use in possible Bleichenbacher timing attacks.
70e2a3a25cb4e59a313bc99a88541c5d7f7f7e5852ffa537238da422d39d2f0d
Ubuntu Security Notice 6305-2 - USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
caacfeb4e539a353abe770f6325dbffce7919a619b169957ffad81b1917bb00b
Ubuntu Security Notice 6662-1 - Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 21 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.
aaa047aaea8cde67a241170dbe81023fa98342d4dfece4d36d5b5774c741bb8a
Ubuntu Security Notice 6661-1 - Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 17 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.
074c45f3f5391055a9a621cd01f94fecea05dd020da0763a507bf083917efb09