[월:] 2023년 07월

USN-6228-1: Linux kernel vulnerabilities It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) Wei Chen discovered that the InfiniBand RDMA communication manager implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-2176) Source: USN-6228-1: Linux kernel vulnerabilities

USN-6227-1: SpiderMonkey vulnerabilities Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution. Source: USN-6227-1: SpiderMonkey vulnerabilities

USN-6226-1: SciPy vulnerabilities It was discovered that SciPy did not properly manage memory operations during reference counting. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-25399) A use-after-free was discovered in SciPy when handling reference counts. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2023-29824) Source: USN-6226-1: SciPy vulnerabilities

USN-6225-1: Knot Resolver vulnerability It was discovered that Knot Resolver did not correctly handle certain client options. A remote attacker could send requests to malicous domains and cause a denial of service. Source: USN-6225-1: Knot Resolver vulnerability