[월:] 2023년 02월

USN-5847-1: Grunt vulnerabilities It was discovered that Grunt was not properly loading YAML files before parsing them. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-7729) It was discovered that Grunt was not properly handling symbolic links when performing file copy operations. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. (CVE-2022-0436) It was discovered that there was a race condition in the Grunt file copy function, which could lead to an arbitrary file write. An attacker could possibly use this issue to perform a local privilege escalation attack or to execute arbitrary code. (CVE-2022-1537) Source: USN-5847-1: Grunt vulnerabilities

USN-5846-1: X.Org X Server vulnerability Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges. Source: USN-5846-1: X.Org X Server vulnerability

USN-5845-1: OpenSSL vulnerabilities David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. (CVE-2023-0286) Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly handled streaming ASN.1 data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0215) Source: USN-5845-1: OpenSSL vulnerabilities

USN-5844-1: OpenSSL vulnerabilities David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. (CVE-2023-0286) Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate verification. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203) Hubert Kario discovered that OpenSSL had a timing based side channel in the OpenSSL RSA Decryption implementation. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2022-4304) Dawei Wang discovered that OpenSSL incorrectly handled parsing certain PEM data. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2022-4450) Octavio [ more… ]

USN-5810-3: Git vulnerabilities USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-23521) Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-41903) Source: USN-5810-3: Git vulnerabilities