USN-6630-1: Glance_store vulnerability

It was discovered that Glancestore incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain accesskey values...

USN-6628-1: Linux kernel (Intel IoTG) vulnerabilities

Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...

USN-6625-2: Linux kernel (GCP) vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

USN-6627-1: libde265 vulnerabilities

It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. CVE-2021-35452, CVE-2021-36411, CVE-2022-43238, CVE-2022-43241,...

USN-6626-1: Linux kernel vulnerabilities

Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...

USN-6625-1: Linux kernel vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

USN-6624-1: Linux kernel vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

LSN-0100-1: Kernel Live Patch Security Notice

It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary...

USN-6610-2: Firefox regressions

USN-6610-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potential...

USN-6609-3: Linux kernel (Oracle) vulnerabilities

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6040 It was discovered that the CIFS...

USN-6623-1: Django vulnerability

It was discovered that Django incorrectly handled certain inputs that uses intcomma template filter. An attacker could possibly use this issue to cause a denial of service...

USN-6592-2: libssh vulnerabilities

USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this...

USN-6622-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. CVE-2023-5678 Sverker Eriksson discovered that OpenSSL incorrectly handled POLY1304 MAC...

USN-6621-1: ImageMagick vulnerability

It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service...

USN-6587-4: X.Org X Server regression

USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and...

USN-6620-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges...

USN-6619-1: runC vulnerability

Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could possibly use this issue to obtain sensitive information or bypass container restrictions...

USN-6591-2: Postfix update

USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability. We apologize for the inconvenience. Original advisory detail...

USN-6609-2: Linux kernel (NVIDIA) vulnerabilities

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6040 It was discovered that the CIFS...

USN-6618-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled certain long text arguments. An attacker could possibly use this issue to cause Pillow to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2023-44271 Duarte Santos discovered...

USN-6617-1: libde265 vulnerabilities

It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and...

USN-6587-3: X.Org X Server regression

USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processin...

USN-6616-1: OpenLDAP vulnerability

It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service...

USN-6615-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.36 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. In addition to security fixes, the updated packages contain bug fixes, new features...

USN-6614-1: amanda vulnerability

It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issue to perform a privilege escalation attack...

USN-6605-2: Linux kernel (KVM) vulnerabilities

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6040 It was discovered that the CIFS...

USN-6604-2: Linux kernel (Azure) vulnerabilities

It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service system crash. CVE-2023-1079 Jana Hofman...

USN-6613-1: Ceph vulnerability

Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An uprivileged user could use this to bypass Ceph's authorization checks and upload a file to any bucket...

USN-6612-1: TinyXML vulnerability

It was discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted XML file, a remote attacker could possibly use this issue to cause a denial of service...

USN-6610-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-0741, CVE-2024-0742,...

USN-6611-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism...

USN-6609-1: Linux kernel vulnerabilities

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6040 It was discovered that the CIFS...

USN-6608-1: Linux kernel vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could...

USN-6607-1: Linux kernel (Azure) vulnerabilities

It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

USN-6606-1: Linux kernel (OEM) vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51779 It was discovered that the CIFS...

USN-6605-1: Linux kernel vulnerabilities

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6040 It was discovered that the CIFS...

USN-6604-1: Linux kernel vulnerabilities

It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service system crash. CVE-2023-1079 Jana Hofman...

USN-6603-1: Linux kernel (AWS) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could...

USN-6602-1: Linux kernel vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...

USN-6601-1: Linux kernel vulnerability

It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

USN-6600-1: MariaDB vulnerabilities

Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in...

USN-6599-1: Jinja2 vulnerabilities

Yeting Li discovered that Jinja incorrectly handled certain regex. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2020-28493 It was discovered that Jinja incorrectly handled certain HTM...

USN-6598-1: Paramiko vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

USN-6597-1: Puma vulnerability

It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service...

USN-6596-1: Apache::Session::LDAP vulnerability

It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked into opening a specially crafted invalid X.509 certificate, a remote attacker could possibly use this issue to perform spoofing and obtain sensitive informati...

USN-6595-1: PyCryptodome vulnerability

It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitive information...

USN-6594-1: Squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. CVE-2023-49285 Joshua Rogers discovered that Squid incorrectly handled Helper process management. A remote...

USN-6593-1: GnuTLS vulnerabilities

It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. CVE-2024-0553 It was discovered that GnuTLS incorrectly handled certain certificate chains...

USN-6587-2: X.Org X Server vulnerabilities

USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and...

USN-6592-1: libssh vulnerabilities

It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. CVE-2023-6004 It was discovered that libssh incorrectl...