[월:] 2022년 02월

No Image

USN-5307-1: QEMU vulnerabilities

2022-02-28 KENNETH 0

USN-5307-1: QEMU vulnerabilities Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20196) Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203) It was discovered that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546) It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this issue to cause [ more… ]

No Image

USN-5306-1: WebKitGTK vulnerabilities

2022-02-28 KENNETH 0

USN-5306-1: WebKitGTK vulnerabilities A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Source: USN-5306-1: WebKitGTK vulnerabilities

No Image

USN-5305-1: MariaDB vulnerabilities

2022-02-28 KENNETH 0

USN-5305-1: MariaDB vulnerabilities Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Source: USN-5305-1: MariaDB vulnerabilities

No Image

USN-5303-1: PHP vulnerability

2022-02-28 KENNETH 0

USN-5303-1: PHP vulnerability It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Source: USN-5303-1: PHP vulnerability

No Image

USN-5304-1: PolicyKit vulnerability

2022-02-28 KENNETH 0

USN-5304-1: PolicyKit vulnerability Kevin Backhouse discovered that PolicyKit incorrectly handled file descriptors. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. Source: USN-5304-1: PolicyKit vulnerability