[월:] 2022년 09월

USN-5642-1: WebKitGTK vulnerabilities Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Source: USN-5642-1: WebKitGTK vulnerabilities

USN-5641-1: Squid vulnerabilities Mikhail Evdokimov discovered that Squid incorrectly handled cache manager ACLs. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-41317) It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2022-41318) Source: USN-5641-1: Squid vulnerabilities

USN-5640-1: Linux kernel (Oracle) vulnerabilities It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that [ more… ]