[월:] 2022년 03월

USN-5310-2: GNU C Library vulnerabilities USN-5310-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3999) It was discovered that the GNU C Library sunrpc module incorrectly handled buffer lengths. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. (CVE-2022-23218, CVE-2022-23219) Source: USN-5310-2: GNU C Library vulnerabilities

USN-5300-3: PHP vulnerabilities USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 21.10. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. (CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. (CVE-2017-9119) It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information. (CVE-2021-21707) Source: USN-5300-3: PHP vulnerabilities

USN-5313-1: OpenJDK vulnerabilities It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. (CVE-2022-21248) It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issue to cause a denial of service via a specially crafted TIFF file. (CVE-2022-21277) Jonni Passki discovered that OpenJDK incorrectly verified access restrictions when performing URI resolution. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21282) It was discovered that OpenJDK incorrectly handled certain regular expressions in the Pattern class implementation. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21283) It was discovered that OpenJDK incorrectly handled specially crafted Java class files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21291) Markus Loewe discovered [ more… ]

USN-5314-1: Firefox vulnerabilities A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2022-26485) A use-after-free was discovered in the WebGPU IPC framework. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2022-26486) Source: USN-5314-1: Firefox vulnerabilities