[월:] 2021년 05월

USN-4936-1: Thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978) It was discovered that Thunderbird may keep key material in memory in some circumstances. A local attacker could potentially exploit this to obtain private keys. (CVE-2021-29950) Source: USN-4936-1: Thunderbird vulnerabilities

USN-4938-1: Unbound vulnerabilities It was discovered that Unbound contained multiple security issues. A remote attacker could possibly use these issues to cause a denial of service, inject arbitrary commands, execute arbitrary code, and overwrite local files. Source: USN-4938-1: Unbound vulnerabilities

USN-4934-2: Exim vulnerabilities USN-4934-1 fixed several vulnerabilities in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2020-28026 only affected Ubuntu 16.04 ESM. Original advisory details: It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code remotely, obtain sensitive information, or escalate local privileges. Source: USN-4934-2: Exim vulnerabilities

USN-4937-1: GNOME Autoar vulnerability Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Source: USN-4937-1: GNOME Autoar vulnerability