Debian Linux Security Advisory 5816-1 - The Qualys Threat Research Unit discovered that libmodule-scandeps-perl, a Perl module to recursively scan Perl code for dependencies, allows an attacker to execute arbitrary shell commands via specially crafted file names.
be57e41b4a34c57cf7b234b08605df86cb03fd9a15befc05712e6544727af3bbDebian Linux Security Advisory 5815-1 - The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable (CVE-2024-48992). Additionally a local attacker can trick needrestart into running a fake Python interpreter (CVE-2024-48991) or cause needrestart to call the Perl module Module::ScanDeps with attacker-controlled files (CVE-2024-11003).
5e41b21d2bd83511831c10a278bb8fee7846b092ba4f682ead33f207de7216f3Ubuntu Security Notice 7123-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code.
0f33e2b0d9d4e9003aac62a268df3eec34205925efe7c3aefc683aecc1fe44d6Ubuntu Security Notice 7121-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
223942b47ef30b7d3a955f60c12af00a5f9088ad5192855d21ec724efb01c839Ubuntu Security Notice 7120-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
dfa1c53cc3f85bc7b8b63755719a2989cfd8c4613948f4a075fd07cc392d781aUbuntu Security Notice 7122-1 - A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system.
13b9fd24f479be999c536c9cca08ce96dba07ef0680d6e04bda8d87f5220442fUbuntu Security Notice 7121-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
a5d279642a2825e810ea4cd3f8cf90409d9d98c7800a435ae7b18ad49a98dac3Ubuntu Security Notice 7120-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
9a219c86f338ba1aa47688bce8d8ccd34d42158fb4334560d154470d24bf725bUbuntu Security Notice 7119-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
0ac8232eca124498c64e1f39ff4a55d32797211ade5b92cbb09450e9c8fd78daUbuntu Security Notice 7089-7 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
3bb4b0009eaad71618f34ff6c752f1f9e4ea79487c66b03cb45903424dfb4988Ubuntu Security Notice 7117-1 - Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed perl code. This could allow a local attacker to execute arbitrary shell commands.
243f9908492121d33be291aab7ae169001482e1d128c0417a2f83b5ed1d56c6eUbuntu Security Notice 7115-1 - It was discovered that Waitress could process follow up requests when receiving a specially crafted message. An attacker could use this issue to have the server process inconsistent client requests. Dylan Jay discovered that Waitress could be lead to write to an unexisting socket after closing the remote connection. An attacker could use this issue to increase resource utilization leading to a denial of service.
6ad6f923ea9cc45b7e046d6e571ff79657024a06937696cab8baf2ba282bbeb0Ubuntu Security Notice 7116-1 - It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated.
446a88199d9186d03c7cdc7b5e4b83cd8d96c3cfc050d5bbded309e03b02cb0cUbuntu Security Notice 7015-5 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
08f60811c86141139bb27d0271c6dc8fb3d71d45f06454f487eabe3442ba3aa1Ubuntu Security Notice 7114-1 - It was discovered that Glib incorrectly handled certain trailing characters. An attacker could possibly use this issue to cause a crash or other undefined behavior.
4db03b1520199c6230c02cdc5e8f20493c1c1be2747f204c7c236a798edb64d9Ubuntu Security Notice 7104-1 - It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure.
0f628650750691a59648b4a0228da093ce429c68aa5c949edc1146e5a110c9b2Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
dd5f06682ca93a1fe2093e0af57570ec9766114fd67a9256775ecb3b152853a5Gentoo Linux Security Advisory 202411-9 - Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 5.38.2 are affected.
3595d9ddc5c7b57b0fc6a001f6671c27b47cdadd1a00fb459436bae50b95624cGentoo Linux Security Advisory 202411-8 - A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. Versions greater than or equal to 21.1.14 are affected.
9271c063b90a591200750bcb35bab19393e368ea5f07f2bd018a4463936416d0Gentoo Linux Security Advisory 202411-7 - A vulnerability has been discovered in Pillow, which may lead to arbitrary code execution. Versions greater than or equal to 10.3.0 are affected.
f33ea09ad2289f635434f7ee97a896c3bcb59965736b5163ab8e08d19639a6afDebian Linux Security Advisory 5814-1 - A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages.
f4443ed9384523d3abd4c6e094c23140071005acad52f74522bbc76a50c61b13Debian Linux Security Advisory 5813-1 - Moritz Rauch discovered that the Symfony PHP framework implemented persisted remember-me cookies incorrectly, which could result in authentication bypass.
e9c9a8326794040dd9177127445ba714c9333b88e1f6e6b41a6df5985ba53e3eDebian Linux Security Advisory 5812-1 - Multiple security issues were discovered in PostgreSQL, which may result in the execution of arbitrary code, privilege escalation or log manipulation.
abb6dfdb39e0f1210c77d3a3255391005a7200482ed21d2007d66c5cb1de9267Ubuntu Security Notice 7108-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the user authentication request message. An attacker could possibly use this issue to control the remote end of an SSH client session via packet injection/removal and shell emulation.
879c1bba1c6e49f095f223b8a2b416c8ae15269b5259350aefb2b128068cebe4Ubuntu Security Notice 7106-1 - It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. It was discovered that Tomcat had a vulnerability in its FORM authentication feature, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
a7e1f25fa58014ab4990b4ca73018677dc891d2ab83b50bc02c672928853008f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed