[월:] 2023년 03월

USN-5956-2: PHPMailer vulnerability USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Original advisory details: Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10033, CVE-2016-10045) It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2017-11503) Yongxiang Li discovered that PHPMailer was not properly converting relative paths provided as user input when adding attachments to messages, which could lead to relative image URLs [ more… ]

USN-5957-1: LibreCAD vulnerabilities Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-19105) Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DWG files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-21898, CVE-2021-21899) Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DRW files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2021-21900) Albin Eldstål-Ahrens discovered that LibreCAD incorrectly handled memory when parsing JWW files. An attacker could use this issue to cause LibreCAD [ more… ]

USN-5956-1: PHPMailer vulnerabilities Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-10033, CVE-2016-10045) It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2017-11503) Yongxiang Li discovered that PHPMailer was not properly converting relative paths provided as user input when adding attachments to messages, which could lead to relative image URLs being treated as absolute local file paths and added as attachments. An attacker could possibly use this issue to access unauthorized resources and [ more… ]

USN-5955-1: Emacs vulnerability It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary commands. Source: USN-5955-1: Emacs vulnerability