USN-5580-1: Linux kernel (AWS) vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 It was...

USN-5579-1: Linux kernel vulnerabilities

Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information guest kernel memory. CVE-2022-26365 Roger Pau Monné...

USN-5290-1: Symfony vulnerabilities

James Isaac and Mathias Brodala discovered that Symfony incorrectly handled switch users functionality. An attacker could possibly use this issue to enumerate users. CVE-2021-21424 It was discovered that Symfony incorrectly handled certain specially crafted CSV files. An attacker could possibly u...

USN-5578-1: Open VM Tools vulnerability

It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root privileges inside the virtual machine...

LSN-0089-1: Kernel Live Patch Security Notice

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5342-2: Python vulnerabilities

USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this iss...

USN-5577-1: Linux kernel (OEM) vulnerabilities

Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the framebuffer driver on the Linux...

USN-5576-1: Twisted vulnerability

It was discovered that Twisted incorrectly parsed some types of HTTP requests in its web server implementation. In certain proxy or multi-server configurations, a remote attacker could craft malicious HTTP requests in order to obtain sensitive information...

USN-5474-2: Varnish Cache regression

USN-5474-1 fixed vulnerabilities in Varnish Cache. Unfortunately the fix for CVE-2020-11653 was incomplete. This update fixes the problem. Original advisory details: It was discovered that Varnish Cache could have an assertion failure when a TLS termination proxy uses PROXY version 2. A remote...

USN-5575-2: Libxslt vulnerabilities

USN-5575-1 fixed vulnerabilities in Libxslt. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive...

USN-5575-1: Libxslt vulnerabilities

Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2019-5815 Alexey Neyman incorrectly handled certain HTML pages. An attacker...

USN-5574-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

USN-5573-1: rsync vulnerability

Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-5572-1: Linux kernel (AWS) vulnerabilities

Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information guest kernel memory. CVE-2022-26365 Roger Pau Monné...

USN-5571-1: PostgreSQL vulnerability

Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated...

USN-5245-1: Apache Maven vulnerability

It was discovered that Apache Maven followed repositories that are defined in a dependency's Project Object Model pom even if the repositories weren't encrypted http protocol. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service...

USN-5570-1: zlib vulnerability

Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-5526-2: PyJWT regression

USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Aapo Oksman discovered that PyJWT incorrectly...

USN-5569-1: Unbound vulnerabilities

Xiang Li discovered that Unbound incorrectly handled delegation caching. A remote attacker could use this issue to keep rogue domain names resolvable long after they have been revoked...

USN-5568-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

USN-5367-1: fish vulnerability

Justin Steven discovered that fish was not properly filtering local git configuration directives when running background git commands. A remote unauthenticated attacker could possibly use this issue to execute arbitrary code...

USN-5567-1: Linux kernel (OEM) vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5566-1: Linux kernel vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5565-1: Linux kernel vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5564-1: Linux kernel (Intel IoTG) vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5563-1: http-parser vulnerability

It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data...

USN-5562-1: Linux kernel vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5560-2: Linux kernel vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5561-1: GNOME Web vulnerabilities

It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perform cross-site scripting XSS attacks. This issue only affected Ubuntu 20.04 LTS. CVE-2021-45085, CVE-2021-45086, CVE-2021-45087 It was discovered that GNOME Web incorrectly handled...

USN-5560-1: Linux kernel vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5559-1: Moment.js vulnerabilities

It was discovered that Moment.js incorrectly handled certain input paths. An attacker could possibly use this issue to cause a loss of integrity by changing the correct path to one of their choice. CVE-2022-24785 It was discovered that Moment.js incorrectly handled certain input. An attacker coul...

USN-5558-1: libcdio vulnerabilities

Zhao Liang discovered that libcdio was not properly performing memory management operations when processing ISO files, which could result in a heap buffer overflow or in a NULL pointer dereference. If a user or automated system were tricked into opening a specially crafted file, an attacker could...

USN-5185-1: MATIO vulnerability

It was discovered that MATIO incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information...

USN-5556-1: Booth vulnerability

It was discovered that Booth incorrectly handled user authentication. An attacker could use this vulnerability to cause a denial of service...

USN-5557-1: Linux kernel vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5160-1: Midnight Commander vulnerability

It was discovered that Midnight Commander would not check server fingerprints when establishing an SFTP connection. If a remote attacker were able to intercept communications this flaw could be exploited to impersonate the SFTP server...

USN-5169-1: oddjob vulnerability

Matthias Gerstner discovered that there was a race condition in the mkhomedir tool shipped with the oddjob package. An authenticated attacker could use this to setup a symlink attack and change permissions on files on the host filesystem...

USN-5177-1: Inetutils vulnerability

It was discovered that Inetutils did not properly check the response of ftp requests. A remote attacker could use this vulnerability to cause a crash or run programs in the user machine...

USN-5555-1: GStreamer Good Plugins vulnerabilities

It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2022-1920, CVE-2022-1921 It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this...

USN-5239-1: HttpClient vulnerability

It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code...

USN-5553-1: libjpeg-turbo vulnerabilities

It was discovered that libjpeg-turbo was not properly handling EOF characters, which could lead to excessive memory consumption through the execution of a large loop. An attacker could possibly use this issue to cause a denial of service. CVE-2018-11813 It was discovered that libjpeg-turbo was no...

USN-5554-1: GDK-PixBuf vulnerability

Pedro Ribeiro discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly...

USN-5552-1: phpLiteAdmin vulnerability

It was discovered that phpLiteAdmin incorrectly handled certain GET requests. An attacker could possibly use this issue to perform cross-site scripting XSS attacks...

USN-5182-1: Roundcube Webmail vulnerabilities

It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A remote attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM...

USN-5548-1: libxml2 vulnerability

It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code...

USN-5546-2: OpenJDK 8 vulnerabilities

USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain...

USN-5551-1: mod-wsgi vulnerability

It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations...

USN-5550-1: GnuTLS vulnerabilities

It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-4209 It was discovered that GnuTLS...

USN-5549-1: Django vulnerability

It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine...

USN-5546-1: OpenJDK vulnerabilities

Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. CVE-2022-21449 It was discovered that OpenJDK incorrectly limited memo...