[월:] 2022년 08월

USN-5548-1: libxml2 vulnerability It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code. Source: USN-5548-1: libxml2 vulnerability

USN-5546-2: OpenJDK 8 vulnerabilities USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. (CVE-2022-21449) It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. This issue was [ more… ]

USN-5551-1: mod-wsgi vulnerability It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations. Source: USN-5551-1: mod-wsgi vulnerability