USN-5268-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Keyu Man discovered that the ICMP implementation in the Linux kernel did not properly handle received ICMP error packets. A remote attacker could use this to facilitate attacks on U...

USN-5267-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute...

USN-5254-1: shadow vulnerabilities | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected...

USN-5209-1: Linux kernel vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data...

USN-5199-1: Python vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could...

CVE-2022-0685

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418...

@bionicmetrics/bionic (>=1.2.0 <=1.3.6), @smoosee/wakemeup (>=1.0.9 <=1.20.0) +7 more potentially affected by CVE-2020-7627 via node-key-sender (=1.0.11)

node-key-sender NPM version =1.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on node-key-sender and may be impacted: - @bionicmetrics/bionic =1.2.0, =1.0.9, =1.5.0, =0.0.1, =1.0.0, =1.0.5, =1.2.1, =1.1.0, =2.2.0 Source cves: CVE-2020-7627 Source...

CVE-2022-0408

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

Improper Input Validation

chromium-browser:bionic is vulnerable to improper input validation. A remote attacker is able to leak cross-origin data via a crafted HTML page...

Integer Underflow

bionic is vulnerable to integer underflows. The library does not properly check memory size causing an integer underflow that allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Use-After-Free

chromium-browser:bionic is vulnerable to use-after-free vulnerability. A remote unauthenticated attacker is able to exploit heap corruption via a crafted HTML page, resulting in a system hang...

USN-5179-1: BusyBox vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use...

USN-5168-1: NSS vulnerability | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute...

USN-5126-1: Bind vulnerability | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Bind could be made to consume resources if it received specially crafted network traffic. Affected Cloud Foundry Products and Versions Severity is unknown unless otherwise noted. Bionic Stemcells 1.x...

USN-5164-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to...

USN-5137-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-3428, CVE-2021-34556, CVE-2021-35477, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759,...

USN-5136-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in the Linux kernel. CVEs contained in this USN include: CVE-2021-38199, CVE-2021-3743, CVE-2021-3753, CVE-2021-3759, CVE-2019-19449,...

USN-5189-1: GLib vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges. CVEs contained in this USN include:...

USN-5147-1: Vim vulnerabilities | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Several security issues were fixed in Vim. CVEs contained in this USN include: CVE-2017-17087, CVE-2019-20807. Affected Cloud Foundry Products and Versions Severity is low unless...

USN-5133-1: ICU vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description ICU could be made to crash if it received specially crafted input. CVEs contained in this USN include: CVE-2020-21913. Affected Cloud Foundry Products and Versions Severity is low unle...