[월:] 2021년 06월

USN-4972-1: PostgreSQL vulnerabilities Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges. (CVE-2021-32027) Andres Freund discovered that PostgreSQL incorrect handled certain INSERT … ON CONFLICT … DO UPDATE commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. (CVE-2021-32028) Tom Lane discovered that PostgreSQL incorrect handled certain UPDATE … RETURNING commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-32029) Source: USN-4972-1: PostgreSQL vulnerabilities

USN-4971-1: libwebp vulnerabilities It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4971-1: libwebp vulnerabilities

USN-4970-1: GUPnP vulnerability It was discovered that GUPnP incorrectly filtered local requests. If a user were tricked into visiting a malicious website, a remote attacker could possibly use this issue to perform actions against local UPnP services such as obtaining or altering sensitive information. Source: USN-4970-1: GUPnP vulnerability