vitich.kiev.ua was registered on Dec 15, 1999

UbuntuSecurity

Subscribe to UbuntuSecurity feed
Recent content on Ubuntu security notices
Updated: 42 min 16 sec ago

USN-5770-1: GCC vulnerability

Thu, 08/12/2022 - 22:18
Todd Eisenberger discovered that certain versions of GNU Compiler Collection (GCC) could be made to clobber the status flag of RDRAND and RDSEED with specially crafted input. This could potentially lead to less randomness in random number generation.
Categories: Linux, Security

USN-5769-1: protobuf vulnerabilities

Thu, 08/12/2022 - 19:57
It was discovered that protobuf did not properly manage memory when serializing large messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5237) It was discovered that protobuf did not properly manage memory when parsing specifically crafted messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service. (CVE-2022-1941)
Categories: Linux, Security

USN-5767-2: Python vulnerability

Thu, 08/12/2022 - 19:10
USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash. (CVE-2022-45061)
Categories: Linux, Security

USN-5767-1: Python vulnerabilities

Thu, 08/12/2022 - 15:25
Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-37454) It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash. (CVE-2022-45061)
Categories: Linux, Security

USN-5768-1: GNU C Library vulnerabilities

Thu, 08/12/2022 - 15:17
Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. (CVE-2016-10228, CVE-2019-25013, CVE-2020-27618) It was discovered that the GNU C Library did not properly handled DNS responses when ENDS0 is enabled. An attacker could possibly use this issue to cause fragmentation-based attacks. (CVE-2017-12132)
Categories: Linux, Security

USN-5766-1: Heimdal vulnerability

Thu, 08/12/2022 - 01:29
It was discovered that Heimdal did not properly manage memory when normalizing Unicode. An attacker could possibly use this issue to cause a denial of service.
Categories: Linux, Security

USN-5765-1: PostgreSQL vulnerability

Wed, 07/12/2022 - 21:35
Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established.
Categories: Linux, Security

USN-5763-1: NumPy vulnerabilities

Wed, 07/12/2022 - 07:01
It was discovered that NumPy did not properly manage memory when specifying arrays of large dimensions. If a user were tricked into running malicious Python file, an attacker could cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-33430) It was discovered that NumPy did not properly perform string comparison operations under certain circumstances. An attacker could possibly use this issue to cause NumPy to crash, resulting in a denial of service. (CVE-2021-34141) It was discovered that NumPy did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause NumPy to crash, resulting in a denial of service. (CVE-2021-41495, CVE-2021-41496)
Categories: Linux, Security

USN-5761-2: ca-certificates update

Tue, 06/12/2022 - 14:56
USN-5761-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package.
Categories: Linux, Security

USN-5764-1: U-Boot vulnerabilities

Tue, 06/12/2022 - 14:54
It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-2347) Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-30552, CVE-2022-30790) It was discovered that U-Boot incorrectly handled certain NFS lookup replies. A remote attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-30767) Jincheng Wang discovered that U-Boot incorrectly handled certain SquashFS structures. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-33103) Tatsuhiko Yasumatsu discovered that U-Boot incorrectly handled certain SquashFS structures. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-33967) It was discovered that U-Boot incorrectly handled the i2c command. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-34835)
Categories: Linux, Security

USN-5762-1: GNU binutils vulnerability

Mon, 05/12/2022 - 18:03
It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Categories: Linux, Security

USN-5761-1: ca-certificates update

Mon, 05/12/2022 - 17:20
Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package.
Categories: Linux, Security

USN-5760-2: libxml2 vulnerabilities

Mon, 05/12/2022 - 15:34
USN-5760-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2022-40303) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-40304)
Categories: Linux, Security

USN-5760-1: libxml2 vulnerabilities

Mon, 05/12/2022 - 13:00
It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. (CVE-2022-2309) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2022-40303) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-40304)
Categories: Linux, Security

USN-5759-1: LibBPF vulnerabilities

Mon, 05/12/2022 - 10:43
It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.10. (CVE-2021-45940, CVE-2021-45941, CVE-2022-3533) It was discovered that LibBPF incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause LibBPF to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-3534, CVE-2022-3606)
Categories: Linux, Security

USN-5755-2: Linux kernel vulnerabilities

Fri, 02/12/2022 - 21:35
It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621)
Categories: Linux, Security

USN-5756-2: Linux kernel (GKE) vulnerabilities

Fri, 02/12/2022 - 21:32
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621)
Categories: Linux, Security

USN-5758-1: Linux kernel vulnerabilities

Thu, 01/12/2022 - 22:37
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3239) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621) It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-3635) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750)
Categories: Linux, Security

USN-5757-2: Linux kernel vulnerabilities

Thu, 01/12/2022 - 21:52
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3239) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621)
Categories: Linux, Security

USN-5757-1: Linux kernel vulnerabilities

Thu, 01/12/2022 - 21:46
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42703) It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3239) It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-3524) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3564) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the TCP implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3566) It was discovered that the IPv6 implementation in the Linux kernel contained a data race condition. An attacker could possibly use this to cause undesired behaviors. (CVE-2022-3567) It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in the Linux kernel did not properly handle certain error conditions. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3594) It was discovered that a null pointer dereference existed in the NILFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3621)
Categories: Linux, Security

Pages