[월:] 2023년 05월

USN-6070-1: Linux kernel vulnerabilities It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. (CVE-2023-1829) It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1872) Source: USN-6070-1: Linux kernel vulnerabilities

USN-6069-1: Linux kernel (Raspberry Pi) vulnerability It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Source: USN-6069-1: Linux kernel (Raspberry Pi) vulnerability

USN-6068-1: Open vSwitch vulnerability David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service. Source: USN-6068-1: Open vSwitch vulnerability

USN-6067-1: OpenStack Neutron vulnerabilities David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could possibly use this issue to impersonate the IPv6 addresses of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-20267) Jake Yip and Justin Mammarella discovered that OpenStack Neutron incorrectly handled the linuxbridge driver when ebtables-nft is being used. An attacker could possibly use this issue to impersonate the hardware addresss of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-38598) Pavel Toporkov discovered that OpenStack Neutron incorrectly handled extra_dhcp_opts values. An attacker could possibly use this issue to reconfigure dnsmasq. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40085) Slawek Kaplonski discovered that OpenStack Neutron incorrectly handled the routes middleware. [ more… ]

USN-6066-1: OpenStack Heat vulnerability It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data. Source: USN-6066-1: OpenStack Heat vulnerability