[월:] 2021년 02월

USN-4720-1: Apport vulnerabilities Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2021-25682, CVE-2021-25683) Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A local attacker could possibly use this issue to cause Apport to hang, resulting in a denial of service. (CVE-2021-25684) Source: USN-4720-1: Apport vulnerabilities

USN-4719-1: ca-certificates update The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle. Source: USN-4719-1: ca-certificates update

USN-4718-1: fastd vulnerability It was discovered that fastd incorrectly handled certain packets. An attacker could possibly use this issue to cause a denial of service. Source: USN-4718-1: fastd vulnerability

USN-4467-2: QEMU vulnerabilities USN-4467-1 fixed several vulnerabilities in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13253) Ren Ding and Hanqing Zhao discovered that the QEMU ES1370 audio driver incorrectly handled certain invalid frame counts. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13361) Ren Ding and Hanqing Zhao discovered that the QEMU MegaRAID SAS SCSI driver incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2020-13362) Alexander [ more… ]