Ubuntu Security Notice 6696-1 - Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 8 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.
4b0662938dd8d4f3377ff21d6e5a575b539f89ee7c9b38c565dd184d1e38fed8
Ubuntu Security Notice 6694-1 - It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service.
462e6cb8ba210916a36cb74b260ab305aee4e0ca9a78e36ddc059b2b669d919e
Ubuntu Security Notice 6695-1 - It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that TeX Live allowed documents to make arbitrary network requests. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to exfiltrate sensitive information, or perform other network-related attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
e8f6e7fc279a5f1af336dbd407dfe96cd81c2d7194fe47a554772e61fc96870e
Ubuntu Security Notice 6673-2 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information.
c4fe18ae97be2193d34a7e1f1b12596463b48313b3820550e75dc093759247ba
Ubuntu Security Notice 6587-5 - USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information.
9f02a5fba82a37e9433c20a481152b829c57eaf4483d36e161436fe7547bf8f0
Ubuntu Security Notice 6686-2 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
88475de5e2398450d91c1bb38fd2f616290eb3128f9d1ab6ef796c5b5b3a08eb
Ubuntu Security Notice 6681-3 - Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service.
0f6456a501a2a52790c93531be3acfce9cd0cea9e69c63498f9c5b2580aa219b
Ubuntu Security Notice 6693-1 - It was discovered that .NET did not properly handle certain specially crafted requests. An attacker could potentially use this issue to cause a resource leak, leading to a denial of service.
8a6cbb24e79abc77c05ef916a922d0685d249ebcb25ec7dbe3505f1a201ccbf7
Ubuntu Security Notice 6663-2 - USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 16.04 LTS. As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS#1 v1.5 RSA, to prevent its use in possible Bleichenbacher timing attacks.
fe2239ee2a0b0aa19f4cd8b777b94d2227dcfccdfab1dd784c5471b9e405daab
Ubuntu Security Notice 6692-1 - It was discovered that Gson incorrectly handled deserialization of untrusted input data. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
581f6db3e96956bcd910506069e535dcb08e172118ad71cd397745a47802c943
Ubuntu Security Notice 6691-1 - It was discovered that OVN incorrectly enabled OVS Bidirectional Forwarding Detection on logical ports. A remote attacker could possibly use this issue to disrupt traffic.
0aa5e2e50eaa553a1603a3606ba38da3d1d9b430fb600ab43ff1ff2957fe25b2
Ubuntu Security Notice 6656-2 - USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.
f45b11c7e2648a6365c7c0c4a04b1f4fe6c6106dd3b6d76e794be3a2d298a00a
Ubuntu Security Notice 6689-1 - It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service.
181f1f7f4d6954f69249e0e6a3f58ba172952686bbf375b6655f6255942c39b3
Ubuntu Security Notice 6690-1 - Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch incorrectly handled certain crafted Geneve packets when hardware offloading via the netlink path is enabled. A remote attacker could possibly use this issue to cause Open vSwitch to crash, leading to a denial of service. It was discovered that Open vSwitch incorrectly handled certain ICMPv6 Neighbor Advertisement packets. A remote attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.
c48aa2b70b96e75c736131cbd6e784fb35739c48c114c1dc28b66d826cb192ed
Ubuntu Security Notice 6688-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.
14e46adfe602e3381472cca2694960e60b4f66b2adf1e14c5cefabbd3a423e8c
Ubuntu Security Notice 6681-2 - Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service.
497cdba15e2474c05f61de47875a39a3f760923ca11ee79f7167211274bac41c
Ubuntu Security Notice 6658-2 - USN-6658-1 fixed a vulnerability in libxml2. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
2a750c69f6b035fa2c99f3825916f5c17d092b9f9cd726a59615137e53c334da
Ubuntu Security Notice 6687-1 - It was discovered that AccountsService called a helper incorrectly when performing password change operations. A local attacker could possibly use this issue to obtain encrypted passwords.
5935f51374bbedbe8e20bc4619732fb163c84254783cd4b5e539b7512d9bce32
Ubuntu Security Notice 6680-2 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
6bc81fdaf7d2ab62cb88527ba4630824136da02c06781b70c420f590e02c5a29
Ubuntu Security Notice 6686-1 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
32b61fd68287a18eb0704bbcdd739624e37463787dff6bc8a0147ae34ca4a9e0
Ubuntu Security Notice 6685-1 - It was discovered that mqtt-client incorrectly handled memory while parsing malformed MQTT frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code.
cc49c88c4675421bfd9834e4e4e0c55406cf579405c22b78ee6f529f264652ce
Ubuntu Security Notice 6684-1 - It was discovered that ncurses incorrectly handled certain function return values, possibly leading to segmentation fault. A local attacker could possibly use this to cause a denial of service.
9c9caddc495e352909c94749c019135ed23b06515863dd6d046a8d28bcaac8cf
Ubuntu Security Notice 6682-1 - ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
17369ac09ff469d577917f6a11d6b237c679de121e53f191d4d051615739e955
Ubuntu Security Notice 6683-1 - It was discovered that HtmlCleaner incorrectly handled certain html documents. An attacker could possibly use this issue to cause a denial of service via application crash.
920b6cad9b18ef88bc6e4355f6d2168f1b3a372eff262a980a9d8d05feb02ab3
Ubuntu Security Notice 6681-1 - Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service.
e6207c1377c4c4662d23c4c6808627d6ca7ab8ee47c61e983d303f015693e726