vitich.kiev.ua was registered on Dec 15, 1999
Linux
02/07 Endless 5.0.0
Categories: Linux
USN-5845-2: OpenSSL vulnerabilities
USN-5845-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
David Benjamin discovered that OpenSSL incorrectly handled X.400 address
processing. A remote attacker could possibly use this issue to read
arbitrary memory contents or cause OpenSSL to crash, resulting in a denial
of service. (CVE-2023-0286)
Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly
handled streaming ASN.1 data. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2023-0215)
Ubuntu 5846-1: X.Org X Server vulnerability
X.Org X Server could be made to crash or run programs as the administrator if it received specially crafted input.
Ubuntu 5845-1: OpenSSL vulnerabilities
Several security issues were fixed in OpenSSL.
Ubuntu 5844-1: OpenSSL vulnerabilities
Several security issues were fixed in OpenSSL.
USN-5847-1: Grunt vulnerabilities
It was discovered that Grunt was not properly loading YAML files before
parsing them. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2020-7729)
It was discovered that Grunt was not properly handling symbolic links
when performing file copy operations. An attacker could possibly use this
issue to expose sensitive information or execute arbitrary code.
(CVE-2022-0436)
It was discovered that there was a race condition in the Grunt file copy
function, which could lead to an arbitrary file write. An attacker could
possibly use this issue to perform a local privilege escalation attack or
to execute arbitrary code. (CVE-2022-1537)
USN-5846-1: X.Org X Server vulnerability
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations. An attacker could possibly use these issues to
cause the X Server to crash, execute arbitrary code, or escalate
privileges.
USN-5845-1: OpenSSL vulnerabilities
David Benjamin discovered that OpenSSL incorrectly handled X.400 address
processing. A remote attacker could possibly use this issue to read
arbitrary memory contents or cause OpenSSL to crash, resulting in a denial
of service. (CVE-2023-0286)
Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly
handled streaming ASN.1 data. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2023-0215)
USN-5844-1: OpenSSL vulnerabilities
David Benjamin discovered that OpenSSL incorrectly handled X.400 address
processing. A remote attacker could possibly use this issue to read
arbitrary memory contents or cause OpenSSL to crash, resulting in a denial
of service. (CVE-2023-0286)
Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate
verification. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203)
Hubert Kario discovered that OpenSSL had a timing based side channel in the
OpenSSL RSA Decryption implementation. A remote attacker could possibly use
this issue to recover sensitive information. (CVE-2022-4304)
Dawei Wang discovered that OpenSSL incorrectly handled parsing certain PEM
data. A remote attacker could possibly use this issue to cause OpenSSL to
crash, resulting in a denial of service. (CVE-2022-4450)
Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly
handled streaming ASN.1 data. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2023-0215)
Marc Schönefeld discovered that OpenSSL incorrectly handled malformed PKCS7
data. A remote attacker could possibly use this issue to cause OpenSSL to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2023-0216)
Kurt Roeckx discovered that OpenSSL incorrectly handled validating certain
DSA public keys. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0217)
Hubert Kario and Dmitry Belyavsky discovered that OpenSSL incorrectly
validated certain signatures. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0401)
Ubuntu 5810-3: Git vulnerabilities
Several security issues were fixed in Git.
USN-5810-3: Git vulnerabilities
USN-5810-1 fixed several vulnerabilities in Git. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)
Oracle8: ELSA-2023-0606: thunderbird Important Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Debian: DSA-5342-1: xorg-server security update
Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.
RedHat: RHSA-2023-0565:01 Important: OpenShift Container Platform 4.11.26
Red Hat OpenShift Container Platform release 4.11.26 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
SciLinux: SLSA-2023-0600-1 Important: thunderbird on SL7.x x86_64
This update upgrades Thunderbird to version 102.7.1. * Mozilla: Revocation status of S/Mime signature certificates was not checked (CVE-2023-0430) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 thunderbird-102.7.1-2.el7_9.x86_64.rpm thunderbird-debuginfo-102.7.1-2.el7_9.x86 [More...]
Oracle9: ELSA-2023-0611: git security Important Security Update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
Oracle9: ELSA-2023-0608: thunderbird Important Security Update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
Oracle8: ELSA-2023-0610: git security Important Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
Oracle7: ELSA-2023-0600: thunderbird Important (aarch64) Security Update
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: