Ubuntu Security Notice 6450-1 - Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher modes. Juerg Wullschleger discovered that OpenSSL incorrectly handled the AES-SIV cipher. This could lead to empty data entries being ignored, resulting in certain applications being misled. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.
2d9459c9594f7dcc383dafcaff6092d57b63e811ab043a65d9d9516541186813WordPress LiteSpeed Cache plugin versions 5.6 and below suffer from a persistent cross site scripting vulnerability.
930b5dea6544195034aa8f1e0157b1a5e03ff90d8a95610492e143d141d5a230VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.
64ffcacaea1bc62f727b2dd191fed3e691ed87d11e14a28285a0d1db38476562Ubuntu Security Notice 6445-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
7161886f27ce432ad514954dd1b3c798e3d98a8a29d07d4592bcf71aae1d37dfUbuntu Security Notice 6446-2 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.
f0dc5ad0a790213ff19892b967ead2603483e643e8cae2857c45b952dc3896feUbuntu Security Notice 6444-2 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.
e1d72b79310f991fbf9447b368e82c18985bd69f9a6a49de7ca3fae3cd49f9c6Ubuntu Security Notice 6449-1 - It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that FFmpeg incorrectly handled certain input files, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS.
30ff576e31ffb4f55aa40850734014c7fc975b5ab7b1fea8aaf260af4e227ccdUbuntu Security Notice 6422-2 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
259a2cf38720d88c7724b592d8b82e467ba99d2e75f4685b7441266a46273ac4Ubuntu Security Notice 6448-1 - Xu Biang discovered that Sofia-SIP did not properly manage memory when handling STUN packets. An attacker could use this issue to cause Sofia-SIP to crash, resulting in a denial of service, or possibly execute arbitrary code.
065e1d3f9e158da1ad62e274b382f034235454b8c2136ba104d239bd9d274b69Ubuntu Security Notice 6408-2 - USN-6408-1 fixed several vulnerabilities in libXpm. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service.
d7b93cec854e2c9c37f64a166a4086eaa6d0662c0712d44d8cd7551d31acfc93Ubuntu Security Notice 6441-2 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service or possibly execute arbitrary code.
44a8d74486573b90a3938d4de86fd5260a49f42a9d0fa43f3e35fdf5e38e0ffeUbuntu Security Notice 6439-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
2fd25e40051d1ba2bbf46094a9e3c568101d4401e9c1c5f7d1348688c66cd0a2Ubuntu Security Notice 6403-2 - USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.
46dc6da4bc81d5d69b72224b573df890e0a70a1242f2d5d47376145dcb81a460Ubuntu Security Notice 6199-2 - USN-6199-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.
e46b12e2ae2685b34c9735991a469a71e79fcd955c1df600d8da3956401fe3d8Ubuntu Security Notice 6447-1 - It was discovered that AOM incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
1fa4d7ee1a1af87589a2865595d4d4b173d622e688b3e0e7a3702f62ab867ad7Red Hat Security Advisory 2023-6080-01 - Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available. Issues addressed include a denial of service vulnerability.
0d05162113f83d1300d228e7f33b6abd010de1941e5cef8139e95155242a584fRed Hat Security Advisory 2023-6079-01 - Red Hat Integration Camel for Spring Boot 3.20.3 release and security update is now available. Issues addressed include a denial of service vulnerability.
124e74f5da4e99b212126facb4ea030302776d36306008e6e4d4fa40eb4f2d44Red Hat Security Advisory 2023-6077-01 - An updated rhel9/toolbox container image is now available in the Red Hat container registry.
b39ff68d6d417c602836d68e8c64e888eee007061c204c6506f4867c407bc84cRed Hat Security Advisory 2023-6071-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.
caa5ec90c2bc051f045330623cf79a7676c593e9e3dd25369f87e40a73fdde67Red Hat Security Advisory 2023-6069-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
50fe2cf11a5fb078d9939e16c0bba55492fcdf525de7c3c74a2f674bf9905216Red Hat Security Advisory 2023-6068-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.
80129dc8535c5b4e6f99b13f73804c82370a3a9ad3061e72d6eb933889c5ab2cRed Hat Security Advisory 2023-6061-01 - Red Hat OpenShift Pipelines 1.12.1 has been released. Issues addressed include a denial of service vulnerability.
ce6189ccc22b1274dbbcc97c9bf8591a273659fe1e7bd85b8295ad7ed53170dbRed Hat Security Advisory 2023-6059-01 - Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released. Issues addressed include a denial of service vulnerability.
a4339d983d3b5ea17615c04f30761a62116d82b9120540887c5f03333631b09cRed Hat Security Advisory 2023-6057-01 - An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.
d431231aa9d4c23c7d91cbd690fb04d3018a1dc83761bd7af5747faefec9458bRed Hat Security Advisory 2023-6048-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.
3233a828f6316335966d8d5d4b806f5f0b77b185b305520987275ef4b408be04
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed