Ubuntu Security Notice 6955-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f52294c61eaa6af90fd8451686e8bc506a5d1b65dae9073f40211e6668f02be8Ubuntu Security Notice 6926-3 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.
67f80c016324f30ff3664a941b9a12abe1b24c7c9def9edb0d9cde6176d5315cUbuntu Security Notice 6953-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
b1ed67fee33b4917c2d819ae313e1d458b7c4e2db993a5cf83d2ec6c6b54d6ddUbuntu Security Notice 6952-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
4096317c1a9bde967a3c305817802b1b430dad31a7749285f4b9eebbdce233f9Ubuntu Security Notice 6951-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
1b2472c9b386990fb946c9155e64b258ce63d178132ad4b837e17958bee5634bUbuntu Security Notice 6950-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
520384544fee23ad6e708dc62b10e258d9da95523db931b26ecc05e116e68e8cUbuntu Security Notice 6949-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
321410c5b4251ead308a6d0e8e636928b98e29f0e76f8570af6ff7cec4a63b09Ubuntu Security Notice 6948-1 - It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. It was discovered that Salt incorrectly created certificates with weak file permissions. It was discovered that Salt incorrectly handled credential validation. A remote attacker could possibly use this issue to bypass authentication.
57efb96d5f60e2ff00f2eedcf8822df624f594139bdfc6d7e8b2d03186299d0bUbuntu Security Notice 6947-1 - It was discovered that Kerberos incorrectly handled GSS message tokens where an unwrapped token could appear to be truncated. An attacker could possibly use this issue to cause a denial of service. It was discovered that Kerberos incorrectly handled GSS message tokens when sent a token with invalid length fields. An attacker could possibly use this issue to cause a denial of service.
4ef643d5c30ae35953fe5029603fd5cc1716760f7b956b0fe011cd33fc697fb5Ubuntu Security Notice 6945-1 - Rory McNamara discovered that wpa_supplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root.
a1469ccd1a0809d92167536b7c7b7a1f6ef54c467f544361227d99a25641d41bUbuntu Security Notice 6946-1 - It was discovered that Django incorrectly handled certain strings in floatformat function. An attacker could possibly use this issue to cause a memory exhaustion. It was discovered that Django incorrectly handled very large inputs. An attacker could possibly use this issue to cause a denial of service. It was discovered that Django in AdminURLFieldWidget incorrectly handled certain inputs with a very large number of Unicode characters. An attacker could possibly use this issue to cause a denial of service.
88d5f13c9cfa3952f8acd342b379410cc7fb2e78ce8c3ebd98802a884770c6f3Ubuntu Security Notice 6200-2 - USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem.
ded6c4c8b3d3bb0eeac147b90c00e05a999088a5edf3575723974f537a908acbUbuntu Security Notice 6944-1 - Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.
5f93afb3b824fe8ddb04cb4fa82fa74a7dfc010696ce877a226b6d2172775efbUbuntu Security Notice 6895-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
5abbf5bf5626f5254f4e45c8a2e156eed0e1819bb69d45b4255f18556cc62da1Ubuntu Security Notice 6942-1 - It was discovered that Gross incorrectly handled memory when composing log entries. An attacker could possibly use this issue to cause Gross to crash, resulting in a denial of service, or possibly execute arbitrary code.
feb2f237b27e68ffb24d8a4d362b5ae5b9244219d8230adee41aad3672240643Ubuntu Security Notice 6943-1 - It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS It was discovered that Tomcat incorrectly handled certain HTTP/2 connection requests. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. This issue only affected tomcat8 for Ubuntu 18.04 LTS
f0aa0eff0ede3e5e3704517eb7ba3f99160da85aee66c59e0606b7a0e59f71b9Ubuntu Security Notice 6909-2 - USN-6909-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 18.04 LTS. Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
06bca4f6d5a9f305cf07f48c14000e2250516db86891e6a4647f465a1667e725Ubuntu Security Notice 6926-2 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.
2d46229c1bb410100a951de8431f990f91bf51ba7ec8b3772ca11b05a1a2247cUbuntu Security Notice 6922-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Chenyuan Yang discovered that the Unsorted Block Images flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service.
71b8947d41c138f27d222eb7302e5df7fb65a49f364bca58542817fdfba1fd3fUbuntu Security Notice 6936-1 - It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code.
915864c106ba1f20dec42a0e6d56fbfeba7b088c4b12b3f58c4bd561ac9b887bUbuntu Security Notice 6941-1 - It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private†or “globally reachableâ€. This could possibly result in applications applying incorrect security policies.
111b39ad42a74b48cc3d8cc88aad37bf6346b3ce048406d371b36951d2b5be53Ubuntu Security Notice 6913-2 - USN-6913-1 fixed CVE-2022-39369 for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update provides the corresponding fix for Ubuntu 16.04 LTS. Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service.
3e0766c6da89db4391b9bcbf28e4bb0c96afac677b2a0f597431e1d2dba6bd3fUbuntu Security Notice 6939-1 - Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this issue to bypass a MIME filename extension-blocking protection mechanism and possibly deliver executable attachments to the mailboxes of end users.
582b87650e7c0b3fca6b658c3b550c8444aa2cb4f55af6f2d339070de3ef0ea8Ubuntu Security Notice 6938-1 - It was discovered that the device input subsystem in the Linux kernel did not properly handle the case when an event code falls outside of a bitmap. A local attacker could use this to cause a denial of service. 黄æ€èª discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
2b1fe74bf4e050be2f9b24272b13e4eb597cb8e2474c9e01998d2ad12881b722Ubuntu Security Notice 6933-1 - It was discovered that ClickHouse incorrectly handled memory, leading to a heap out-of-bounds data read. An attacker could possibly use this issue to cause a denial of service, or leak sensitive information. It was discovered that ClickHouse incorrectly handled memory, leading to a heap-based buffer overflow. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.
ccfe407715734a4d016346c0155bfaf7c8607967f3341f35c2c849c7495f9708
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed