Ubuntu Security Notice 7116-1 - It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated.
446a88199d9186d03c7cdc7b5e4b83cd8d96c3cfc050d5bbded309e03b02cb0cUbuntu Security Notice 7015-5 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
08f60811c86141139bb27d0271c6dc8fb3d71d45f06454f487eabe3442ba3aa1Ubuntu Security Notice 7114-1 - It was discovered that Glib incorrectly handled certain trailing characters. An attacker could possibly use this issue to cause a crash or other undefined behavior.
4db03b1520199c6230c02cdc5e8f20493c1c1be2747f204c7c236a798edb64d9Ubuntu Security Notice 7104-1 - It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure.
0f628650750691a59648b4a0228da093ce429c68aa5c949edc1146e5a110c9b2Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
dd5f06682ca93a1fe2093e0af57570ec9766114fd67a9256775ecb3b152853a5Ubuntu Security Notice 7108-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the user authentication request message. An attacker could possibly use this issue to control the remote end of an SSH client session via packet injection/removal and shell emulation.
879c1bba1c6e49f095f223b8a2b416c8ae15269b5259350aefb2b128068cebe4Ubuntu Security Notice 7106-1 - It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. It was discovered that Tomcat had a vulnerability in its FORM authentication feature, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
a7e1f25fa58014ab4990b4ca73018677dc891d2ab83b50bc02c672928853008fUbuntu Security Notice 7089-6 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
515b12c4124017f9c9b2a16d46a9bd62684fd3cd10bf1db6c2b42939bd7a194aUbuntu Security Notice 7112-1 - It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.
79519e626cd3d16dd3eb3af83d09539a391326284b873a411f29ab8e922b9563Ubuntu Security Notice 7111-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.
8309e2cc82bec72641de9766c00b5b04be56b3f96d79c53bdc77264e677a87a9Ubuntu Security Notice 7088-5 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
c4e7f1b5ea3bf3722a4cbe7f2f32f3a71766382741673a08f931c00204a0c5a6Ubuntu Security Notice 7089-5 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
38c2b5bbf914d159a695ab1789496137c8c27f28f851de9815a9296aa57c2bdeUbuntu Security Notice 7071-2 - A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system.
4600b05a59b404330cebcee8721bbdf4b80ce45ff3349218774f16c47979b7b7Ubuntu Security Notice 7049-2 - USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data.
1ef836801b877272adfe67ac7b50491e2b11f94aae8175ec4b8655236596a7edUbuntu Security Notice 7110-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
bf1a03d0be2b727fc9dee77e804300ce9b9409eafee43a69c1d54846bcfab354Ubuntu Security Notice 7109-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.
58c0bd17f1c8113660d80deb0928ae6b2fe30fb7373a788126eaeb55879ba80aUbuntu Security Notice 7107-1 - It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.
b29823bfaf7715177aa099252dea5c17d60d20ee2a13e95c6592b075179da5bcUbuntu Security Notice 7100-2 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
163422edaa457d7b18dd68f3c52d86764e74e2b0d95f740cb2caa422b41f81a3Ubuntu Security Notice 7102-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
e524f0f3159df2b33c1a1301dba5fa9cec3efb554922a66708a6e2595daaf4ccUbuntu Security Notice 7100-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
149202c681713c94c011a6f610cf658675b27f1348643a377029ea858ada57beUbuntu Security Notice 7099-1 - Andy Boothe discovered that the Networking component of OpenJDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 21 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.
29b263918debd56be4aebdf3e71beae5c9845e96ba8f3e7b7fe36d6d94a66329Ubuntu Security Notice 7098-1 - Andy Boothe discovered that the Networking component of OpenJDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 17 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.
cf116ce85361438eb76663db4ba2508746f89a1862e1c501087735897f701389Ubuntu Security Notice 7097-1 - Andy Boothe discovered that the Networking component of OpenJDK 11 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 11 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.
56def6f52132dd93bfb1fcfe02c34d890ace48a5763a2cc4542eda6ef1bfaa02Ubuntu Security Notice 7096-1 - Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 8 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.
6a063637bcb3d9afc4247c689491e36d1c8aa84b35d8b2b9ac54aab476e8c3a9Ubuntu Security Notice 7094-1 - It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that QEMU incorrectly handled certain memory copy operations when loading ROM contents. If a user were tricked into running an untrusted kernel image, a remote attacker could possibly use this issue to run arbitrary code. This issue only affected Ubuntu 14.04 LTS.
0a3549b040f05e5f31b861b3a44ea0e7afe9f586f80ca702bb4d248e08d92775
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed