The Cloud in the clouds

Heading back to the airport to sit in another 747 pilot seat chair is always exciting. After our first research session on a grounded airplane this time we spent more time looking at the IFE In-Flight Entertainment system. We found very different results from the first plane. Rather than an old...

USN-4990-1: Nettle vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. CVE-2021-3580 It was discovere...

USN-4969-1: DHCP vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service...

Security Advisory Update: Transitioning from Xenial to Bionic Stemcells | Cloud Foundry

The Cloud Foundry Foundation Security Working Group would like to provide a brief update with regard to security advisories. As you may know, Ubuntu Xenial 16.04 has transitioned from free long-term support LTS status to paid extended security maintenance ESM. Accordingly, the Cloud Foundry...

USN-4982-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service system crash...

USN-4968-1: LZ4 vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issu...

USN-4945-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service system crash...

CVE-2021-30641

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

CVE-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link...

Denial Of Service (DoS)

binutils:bionic is vulnerable to denial of service DoS. The getcount function in cplus-dem.c in GNU libiberty allows remote attackers to cause a denial of service malloc called with the result of an integer-overflowing calculation or possibly have unspecified other impact via a crafted string, as...

Remote Code Execution (RCE)

gdm3, bionic is vulnerable to remote code execution RCE. The daemon in GDM does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a...

Denial Of Service (DoS)

binutils:bionic is vulnerable to Denial Of Service DoS. An issue was discovered in cp-demangle.c in GNU libiberty. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many 'P' characters...

Information Disclosure

vlc:bionic is vulnerable to information disclosure. The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk cast converts a return value to an unsigned int even if...

Denial Of Service (DoS)

vlc:bionic is vulnerable to denial of service DoS. A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player. As a result, an FPE can be triggered via a crafted CAF file...

Denial Of Service (DoS)

firefox:bionic is vulnerable to denial of service DoS. If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https...

Use-after-free

Bionic is vulnerable to Use-after-free. There is a use-after-free in the error function in elfcomm.c when called from the processarchive function in readelf.c via a crafted ELF file...

Heap Buffer Over-read

binutils:bionic is vulnerable to heap buffer over-read in dexpression1 in cp-demangle.c after many recursive calls...

Heap Buffer Over-read

vlc:bionic is vulnerable to heap buffer over-read. The xiphSplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file...

Denial Of Service (DoS)

binutils:bionic is vulnerable to denail of service DoS. A flaw in the mergestrings function in merge.c in the Binary File Descriptor BFD library aka libbfd results in a NULL pointer dereference in bfdaddmergesection when attempting to merge sections with large alignments. A specially crafted ELF...

Security Policy Bypass

firefox:bionic is vulnerable to security policy bypass. By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy CSP...