[월:] 2023년 08월

USN-6298-1: ZZIPlib vulnerabilities Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-7727) YiMing Liu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-18442) Source: USN-6298-1: ZZIPlib vulnerabilities

USN-6297-1: Ghostscript vulnerability It was discovered that Ghostscript incorrectly handled outputting certain PDF files. A local attacker could potentially use this issue to cause a crash, resulting in a denial of service. Source: USN-6297-1: Ghostscript vulnerability

USN-6296-1: PostgreSQL vulnerabilities It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. (CVE-2023-39417) It was discovered that PostgreSQL incorrectly handled the MERGE command. A remote attacker could possibly use this issue to bypass certain UPDATE and SELECT policies. This issue only affected Ubuntu 23.04. (CVE-2023-39418) Source: USN-6296-1: PostgreSQL vulnerabilities

USN-6295-1: Podman vulnerability It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code. Source: USN-6295-1: Podman vulnerability