Ubuntu Security Notice 7039-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
dfba7d8e80b84fb47dc725d81c166af93f650cff7e694ffb3bd882ed52b39a79Ubuntu Security Notice 7021-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
69d8a00cc33c644b5218146c25ae3a8c80c5889b997d63ea9e1c79f9b9d8e330Ubuntu Security Notice 7020-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f5bcc60a1714fa022b4b4445bed98eea0eebfc6ffb87470f6e025f80790de5abUbuntu Security Notice 7034-2 - USN-7034-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate authority bundle.
697a9ba977b6fa8a3a1b2fd17bfb44bf55fd6b4c1b7d95ad6392f9ffbed0e2ffUbuntu Security Notice 7003-4 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
c85181693b4ae184acd8611269c3c7857764f26f86f84d4df3a4650c59c7d69dUbuntu Security Notice 7037-1 - It was discovered that OpenJPEG could enter a large loop and continuously print warning messages when given specially crafted input. An attacker could potentially use this issue to cause a denial of service.
81b6eb730c0ee7967ac3037f5a6565c45a7035ff9d03a4513c0353b44a6b4a72Ubuntu Security Notice 7038-1 - Thomas Stangner discovered a permission vulnerability in the Apache Portable Runtime library. A local attacker could possibly use this issue to read named shared memory segments, potentially exposing sensitive application data.
4bc9ae4d066ade2386768445712f54f05bbaee490eb4829d2fe9fdbeacc1200dUbuntu Security Notice 7036-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.
c4acd1ffc8ca871047fb8a39618d9c0b95465770474d22abee717b0b2de788adUbuntu Security Notice 7035-1 - It was discovered that the AppArmor policy compiler incorrectly generated looser restrictions than expected for rules allowing mount operations. A local attacker could possibly use this to bypass AppArmor restrictions in applications where some mount operations were permitted.
18e6675296e9bfadfac2c11a124d64d6e37cdc0a0120690b5b56b0de4b34dee9Ubuntu Security Notice 7034-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate authority bundle.
07051ae013dc2a27ea346908afccf5a1bad6728d7ac5c5a8b7c95220ee1faf34Ubuntu Security Notice 7032-1 - It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling.
19ad4cab25b37facba8c59f772004773b63724edac1ac9aadf381cd6bd195897Ubuntu Security Notice 7009-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
bc022d142c18a55625e63d62b56d8f76cf8e0a79f3f0ed802474777c8cbc4817Ubuntu Security Notice 7033-1 - It was discovered that some Intel Processors did not properly restrict access to the Running Average Power Limit interface. This may allow a local privileged attacker to obtain sensitive information. It was discovered that some Intel Processors did not properly implement finite state machines in hardware logic. This may allow a local privileged attacker to cause a denial of service.
f8ba90a3153c8d619b3a6dea5959ad86e6310426029496d99414b1e5ad0e97b7Ubuntu Security Notice 7031-2 - USN-7031-1 fixedCVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes theCVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters.
2a95508137a492aa4ffc4ab11704adb45120cf04c6fa0b177a2ef7e6efbb066dUbuntu Security Notice 7031-1 - It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters.
0eee778b016375b0a6cb2bcb8c4d9af923ade9931d7a99f7509e98baaa80faa4Ubuntu Security Notice 7030-1 - It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host.
2bfb521c06914c0ab18ef41afbccc0e489130e6851f8731294fac550a8cd4a0bUbuntu Security Notice 7029-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
23a7a47e5cb2c5a81b2a75efe93b379e63edd93720e34aaa0c1769e34132c3afUbuntu Security Notice 7007-3 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
ef3c54a1054dde36cb3bb88462606dc7b4117a7ccefd9ff9d1de96a5c1e0b601Ubuntu Security Notice 7021-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
d463b70754ae77b8d76a2f63079f954ac5540780f82f494a64ef54d0fd4ac7efUbuntu Security Notice 6999-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
6de1a939eafe16bbd634cfe3102ff4999f4af2a0695f025ac13e7dadc3e0867aUbuntu Security Notice 7028-1 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
7de5ce15aa6cad3ce493ec92fd8b9feaa278435231abe1f16c95487428745116Ubuntu Security Notice 7020-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f98c0e5a70256f65107c692a5ffbaaf185830877b966b18814d14c89fb57314eUbuntu Security Notice 7007-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
41bc59a99a084c9c65f05b5595c0193c9b8ba9e8e768f5e9e410d18762dd8014Ubuntu Security Notice 6992-2 - USN-6992-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. It was discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Seunghyun Lee discovered that Firefox contained a type confusion vulnerability when handling certain ArrayTypes. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
1a31056260cf5d6929e1518e2f1e7a41fcf2b1abd7a44adf996edaa600d232bfUbuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
be4bfb0a23a1362f7b8d1ad2b2b25bc06f3d7aee14e9df0b79b673b6a445fdbe
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed