[월:] 2022년 06월

USN-5396-2: Ghostscript vulnerability USN-5396-1 addressed a vulnerability in Ghostscript. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Source: USN-5396-2: Ghostscript vulnerability

USN-5474-1: Varnish Cache vulnerabilities It was dicovered that Varnish Cache did not clear a pointer between the handling of one client request and the next request within the same connection. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2019-20637) It was discovered that Varnish Cache could have an assertion failure when a TLS termination proxy uses PROXY version 2. A remote attacker could possibly use this issue to restart the daemon and cause a performance loss. (CVE-2020-11653) It was discovered that Varnish Cache allowed request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-36740) It was discovered that Varnish Cache allowed request smuggling for HTTP/1 connections. A remote attacker could possibly use this issue to obtain sensitive information. [ more… ]

USN-5472-1: FFmpeg vulnerabilities It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding (LPC) or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20445, CVE-2020-20446, CVE-2020-20453) It was discovered that FFmpeg incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20450) It was discovered that FFmpeg incorrectly handled file conversion to APNG format. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-21041) It was discovered that FFmpeg incorrectly handled remuxing RTP-hint tracks. A remote attacker could possibly [ more… ]

USN-5473-1: ca-certificates update The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority bundle. Source: USN-5473-1: ca-certificates update