Ubuntu Security Notice 5936-1 - Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges.
5e8eabbc49599e8552ae631bd9c0e93e1ff9a293b7d443dd0d70363a66b8f346Ubuntu Security Notice 5937-1 - It was discovered that Opusfile was not properly validating pointer arguments in some of its functions, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts.
7680444a54c66d9d7e8f1739367a5b53e4a0588e1de76a91f85ca3bd7997b7e9Red Hat Security Advisory 2023-1109-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
04339ee2be39682ee12726dd3bd3a32d4bec87cc639c550d2f072e6cd83619fbRed Hat Security Advisory 2023-1151-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
200978e939eaf3ea88fcbe082e33bb3ecccc01c599e547d723a63773e5ecca44Red Hat Security Advisory 2023-1110-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
1af5183738cbddf2667793374f4230963f4677abbb552bc9f01893e3873182afRed Hat Security Advisory 2023-1140-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.
9cf4e1574d079d963b16ba75972bb6d65a9e591f7a372924404b98fe439cb5b1Ubuntu Security Notice 5932-1 - It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Sofia-SIP incorrectly handled specially crafted UDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service.
7fcdbca75479d00e4f58e8474b85f25f0d70fe1f118dd58c12c7fa68df320f0fUbuntu Security Notice 5933-1 - Francisco Falcon discovered that Libtpms did not properly manage memory when performing certain cryptographic operations. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that Libtpms did not properly manage memory when handling certain commands. An attacker could possibly use this issue to cause a denial of service.
6fc24e5484e696cf3ba998861e7fbb3b38c4c21b77a94ea189a3dc50f39c039aUbuntu Security Notice 5935-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
59c50f9f90d3ceae6e4fabcdc27d5c6f044cb0adece3527e315abeb06959e019Debian Linux Security Advisory 5370-1 - Ronald Crane discovered that missing input saniting in the apr_encode functions of apr, the Apache Portable Runtime library, may result in denial of service or potentially the execution of arbitrary code.
06258aeb56f6c7338c9fdd57a615e5a5d0b7d38557dfd44abd33e40b95560519Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
6b28bba2254cc748657eeaf93b80b78ba2924b150021da014dcefa9c80762053Red Hat Security Advisory 2023-1130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
3a67d885294de0c35285d44ac06dcb33fb69eada316578839b0f211fc7760fc1Purchase Order Management version 1.0 suffers a remote shell upload vulnerability. Flow details to achieve this are shown in the video link provided.
ebd87a2284147cd2df2e918dac7d56fd2fe8ef6e6817d1b763329b3720bb9d2aUbuntu Security Notice 5934-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
fe2f930ada1d055377b15ff6de18e7407f123b019102450882de3d0251e52ec6Red Hat Security Advisory 2023-1107-01 - The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Issues addressed include a privilege escalation vulnerability.
4740124be6017b0521d83bb787fe19cc3529a3470bf7ebd5be1b6ed4c9d256bbRed Hat Security Advisory 2023-1141-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
1ced57497a6ea17e418fc7a1a6bf0322ee0feeb5220e722bcee7623682d86137
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed