10806 matches found
USN-5696-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.31 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.40. In addition to security fixes, the updated...
USN-5695-1: Linux kernel (GCP) vulnerabilities
It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...
USN-5694-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a specially crafted document, a remote attacker could use this issue to execute arbitrary scripts. CVE-2022-3140 Thomas Florian discovered that LibreOffice incorrectly...
USN-5693-1: Linux kernel (OEM) vulnerabilities
David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-2602...
USN-5692-1: Linux kernel vulnerabilities
David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-2602...
USN-5691-1: Linux kernel vulnerabilities
David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-2602...
USN-5690-1: libXdmcp vulnerability
It was discovered that libXdmcp was generating weak session keys. A local attacker could possibly use this issue to perform a brute force attack and obtain another user's key...
USN-5689-1: Perl vulnerability
It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification...
USN-5688-1: Libksba vulnerability
It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service application crash or possibly execute arbitrary code...
USN-5687-1: Linux kernel (Azure) vulnerabilities
It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...
USN-5686-1: Git vulnerabilities
Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. CVE-2022-39253 Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to...
USN-5685-1: FRR vulnerabilities
It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. CVE-2022-37032 It was discovered that FRR incorrectly handled processing certain BGP messages. A remote attacker...
USN-5684-1: Linux kernel (Azure) vulnerabilities
It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...
USN-5570-2: zlib vulnerability
USN-5570-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue...
USN-5683-1: Linux kernel (IBM) vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Selim En...
USN-5682-1: Linux kernel (AWS) vulnerabilities
It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2...
USN-5681-1: gThumb vulnerabilities
It was discovered that gThumb did not properly managed memory under certain circumstances. An attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-18718 It was discovered that gThumb did not properly manage...
USN-5680-1: gThumb vulnerabilities
It was discovered that gThumb did not properly managed memory when processing certain image files. If a user were tricked into opening a specially crafted JPEG file, an attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service, or possibly execute arbitrary...
USN-5679-1: Linux kernel (HWE) vulnerabilities
It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...
USN-5678-1: Linux kernel vulnerabilities
It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...
USN-5677-1: Linux kernel vulnerabilities
It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2...
USN-5675-1: Heimdal vulnerabilities
Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was not properly performing checksum algorithm verifications in the S4U2Self extension module. An attacker could possibly use this issue to perform a machine-in-the-middle attack and request S4U2Self tickets for any user known by the...
USN-5676-1: PostgreSQL vulnerability
Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user’s objects. An attacker having permission to create non-temp objects can use this issue to execute arbitrary commands as the superuser...
USN-5674-1: XML Security Library vulnerability
It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service...
USN-5673-1: unzip vulnerabilities
It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary...
USN-5672-1: GMP vulnerability
It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service...
USN-5671-1: AdvanceCOMP vulnerabilities
It was discovered that AdvanceCOMP did not properly manage memory of function beuint32read under certain circumstances. If a user were tricked into opening a specially crafted binary file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of...
USN-5670-1: .NET 6 vulnerability
Edward Thomson discovered that .NET 6 incorrectly handled permissions for local NuGet cache. A local attacker could possibly use this issue to execute arbitrary code...
USN-5669-2: Linux kernel vulnerabilities
It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...
USN-5669-1: Linux kernel vulnerabilities
It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...
USN-5668-1: Linux kernel vulnerabilities
It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2...
USN-5667-1: Linux kernel vulnerabilities
Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-188...
USN-5665-1: PCRE vulnerabilities
It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service. CVE-2017-6004 It was discovered that PCRE incorrectly handled certain Unicode encoding. A remote attacke...
USN-5666-1: OpenSSH vulnerability
It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution...
USN-5662-1: Oniguruma vulnerabilities
It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. CVE-2019-16163,...
USN-5664-1: OpenJPEG vulnerabilities
It was discovered that OpenJPEG did not properly handle PNM headers, resulting in a null pointer dereference. A remote attacker could possibly use this issue to cause a denial of service DoS. CVE-2016-7445 It was discovered that OpenJPEG incorrectly handled certain image files resulting in divisi...
USN-5663-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, obtain sensitive information, spoof the...
USN-5371-3: nginx vulnerability
USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perfo...
USN-5661-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary macros. CVE-2022-26305 It was discovered that Libreoffice incorrectly handled encryptin...
USN-5660-1: Linux kernel (GCP) vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Moshe Ko...
USN-5659-1: kitty vulnerabilities
Stephane Chauveau discovered that kitty incorrectly handled image filenames with special characters in error messages. A remote attacker could possibly use this to execute arbitrary commands. This issue only affected Ubuntu 20.04 LTS. CVE-2020-35605 Carter Sande discovered that kitty incorrectly...
USN-5657-1: Graphite2 vulnerability
It was discovered that Graphite2 mishandled specially crafted files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-5658-1: DHCP vulnerabilities
It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service. CVE-2022-2928 It was discovered that DHCP incorrectly handled certain memory operations. A remote attacker...
USN-5257-2: ldns vulnerabilities
USN-5257-1 fixed several vulnerabilities in ldns. This update provides the corresponding update for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. Original advisory details: It was discovered that ldns incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...
USN-5656-1: JACK vulnerability
Joseph Yasi discovered that JACK incorrectly handled the closing of a socket in certain conditions. An attacker could potentially use this issue to cause a crash...
USN-5655-1: Linux kernel (Intel IoTG) vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...
USN-5654-1: Linux kernel (GKE) vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Moshe Ko...
USN-5653-1: Django vulnerability
Benjamin Balder Bach discovered that Django incorrectly handled certain internationalized URLs. A remote attacker could possibly use this issue to cause Django to crash, resulting in a denial of service...
USN-5205-1: Tcpreplay vulnerabilities
It was discovered that Tcpreplay incorrectly handled certain specially crafted packet capture input when processed by tcpprep. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. CVE-2018-13112 It was discovered that Tcpreplay...
USN-5036-1: Tor vulnerabilities
It was discovered that Tor incorrectly handled certain memory operations. A remote attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. CVE-2019-8955 It was discovered that Tor did not properly handle the input length to dumpdesc function. A remot...