Ubuntu Security Notice 6882-2 - USN-6882-1 fixed vulnerabilities in Cinder. The update caused a regression in certain environments due to incorrect privilege handling. This update fixes the problem. Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.
dd9e43b685dbb6ab18fd981397a7bdc38600a0edc3e721ae3992ed421fc85ce0Ubuntu Security Notice 7088-4 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
d8177c3b5ff3c3d3fda97932c7f3da74d07c7efb90a9240a35307b994d06b627Ubuntu Security Notice 7095-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
a4c004e708b8e009bd474230b3de263f849417dad8771ca66e1ac6f371604336Ubuntu Security Notice 7089-3 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
10729d56a83995eb3098226ea10515d8f81f274ad50de359cbac115b9ca988c3Ubuntu Security Notice 7088-3 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
07a058d393aeb3ca0e8521b79d58db34aa38d2a713a564c2cb964636e33b13ccUbuntu Security Notice 7093-1 - It was discovered that Werkzeug incorrectly handled multiple form submission requests. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service.
483f7153b8e6742a0abe85bce778ad7a05b894f8541d84dcf7d81af87423094fUbuntu Security Notice 7092-1 - It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.
65d1be200e4d1922fc1cd30e8b53862145340a56143ef50e6560995be2228d0bUbuntu Security Notice 7091-1 - It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has many entity expansions with SAX2 or pull parser API. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service.
71f9fbd7bec60d2b7b4a569108c35e7c10d0ba77a14114bdae61eea8d0e2a457Ubuntu Security Notice 7083-1 - It was discovered that OpenJPEG incorrectly handled certain memory operations when using the command line "-ImgDir" in a directory with a large number of files, leading to an integer overflow vulnerability. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that OpenJPEG incorrectly handled decompressing certain .j2k files in sycc420_to_rgb, leading to a heap-based buffer overflow vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code.
ff9f9486933fc7bd7d89dc29eb83d72d64684aeba87a4f207fd9ed45b92e8df5Ubuntu Security Notice 7089-2 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
817e5bf8246382082ac9d9cd3facb86957ad9411468075631d38d06ead217a6dUbuntu Security Notice 7088-2 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
313e20a45455cc6eb16fd12695e979b334e4b0d1bcb777bf49b1e6a869f75909Ubuntu Security Notice 7090-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
6a9d3a1e4a4fbe85e4992cff08c3e238393e2444832e21faf50c67f89ed19bf6Ubuntu Security Notice 7089-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
ddf1e0bbd10d1ef692ad8303eb3ecdabeb9f0701fc3cf00afbec1c110f39b6a2Ubuntu Security Notice 7088-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
45049820bd4e0d7ebd34214af28ac0de01bc1555af2b52dcd9fceee216485cbbUbuntu Security Notice 7076-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
bda7c0835b76e6cb22841f216cfe22534c15850ff6552b4194bf6bddaf76eac3Ubuntu Security Notice 7021-5 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
eb08a7be99e6bc608aae772cb6e8597e4a4a6f2780086193c7dfb7689ea4a43fUbuntu Security Notice 7086-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.
aa6ed1f85bd38a08bd3e875585159586c98e9a9532a72c63afc09f15bf1ced9eUbuntu Security Notice 7087-1 - It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code.
1eed32f91872854f1e02f0b48a759383da1c9d02846a7e4fb7f0f2a490768aacUbuntu Security Notice 7085-2 - USN-7085-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.
5a04aa298bf2801943178ba9998c092ae2bcd6c0e34fcbc1cc3fb661e09fb376Ubuntu Security Notice 7084-2 - USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3 module bundled into pip. It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
312ed9f8bb4ab24eb7a502a24a8630b8be43aedef291065858629e605d73ca8dUbuntu Security Notice 7085-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.
bbf083f3d2d1406b17c352954c3eb9443be7fb0019d52c848f3b9d5be201e1e4Ubuntu Security Notice 7084-1 - It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
29ff94c3d9e8abedc1bc6ca7386296e337966fbed2dbee657de8625b278ef2efUbuntu Security Notice 7064-2 - USN-7064-1 fixed a vulnerability in nano. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that nano allowed a possible privilege escalation through an insecure temporary file. If nano was killed while editing, the permissions granted to the emergency save file could be used by an attacker to escalate privileges using a malicious symlink.
28b8f0f18fdb9afdd1730084e64b5329e335c056df75faa76abe7769b3d37d04Ubuntu Security Notice 7082-1 - Gerrard Tai discovered that libheif did not properly validate certain images, leading to out-of-bounds read and write vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or to obtain sensitive information.
c7e015f0d817a62979f775a5671414e9468c22afa72f7e209819ddedc20b3a98Ubuntu Security Notice 7081-1 - It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. It was discovered that the Go parser module did not properly handle deeply nested literal values. An attacker could possibly use this issue to cause a panic resulting in a denial of service.
7172da16c5ed0479a3c4aeec01a4da63b11371385e92211bd74a665c44254ecd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed