[월:] 2020년 11월

USN-4615-1: Yerase's TNEF vulnerabilities It was discovered that Yerase’s TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service. (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802) Source: USN-4615-1: Yerase's TNEF vulnerabilities

USN-4616-1: AccountsService vulnerabilities Kevin Backhouse discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. (CVE-2020-16126) Kevin Backhouse discovered that AccountsService incorrectly handled reading .pam_environment files. A local user could possibly use this issue to cause AccountsService to crash or hang, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-16127) Matthias Gerstner discovered that AccountsService incorrectly handled certain path checks. A local attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14036) Source: USN-4616-1: AccountsService vulnerabilities

USN-4614-1: GDM vulnerability Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user. Source: USN-4614-1: GDM vulnerability

USN-4613-1: python-cryptography vulnerability Hubert Kario discovered that python-cryptography incorrectly handled certain decryption. An attacker could possibly use this issue to expose sensitive information. Source: USN-4613-1: python-cryptography vulnerability