Ubuntu Security Notice 5811-1 - Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files. It was discovered that the Protobuf-c library, used by Sudo, incorrectly handled certain arithmetic shifts. An attacker could possibly use this issue to cause Sudo to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS.
125a5a2bfed966c929abe10855d93636c2099a6516997eefaa81b2d2f0f7af69
Ubuntu Security Notice 5531-1 - Pietro Borrello discovered that protobuf-c contained an invalid arithmetic shift. This vulnerability allowed attackers to cause a denial of service via unspecified vectors. It was discovered that protobuf-c contained an unsigned integer overflow. This vulnerability allowed attackers to cause a denial of service via unspecified vectors.
9c1853bf4125f3d2065d985d456461411609a6cce87fd52a52fb2f90beb1a732