Articles by KENNETH

USN-6111-1: Flask vulnerability It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information. Source: USN-6111-1: Flask vulnerability

USN-6005-2: Sudo vulnerabilities USN-6005-1 fixed vulnerabilities in Sudo. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory details: Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed. Source: USN-6005-2: Sudo vulnerabilities

USN-6110-1: Jhead vulnerabilities It was discovered that Jhead did not properly handle certain crafted Canon images when processing them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. (CVE-2021-3496) It was discovered that Jhead did not properly handle certain crafted images when printing Canon-specific information. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. (CVE-2021-28275) It was discovered that Jhead did not properly handle certain crafted images when removing unknown sections. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. (CVE-2021-28275) Kyle Brown discovered that Jhead did not properly handle certain crafted images when editing their comments. An attacker could possibly use this to crash Jhead, resulting in a denial of service. (LP: #2020068) Source: USN-6110-1: Jhead vulnerabilities

USN-6097-1: Linux PTP vulnerability It was discovered that Linux PTP did not properly perform a length check when forwarding a PTP message between ports. A remote attacker could possibly use this issue to access sensitive information, execute arbitrary code, or cause a denial of service. Source: USN-6097-1: Linux PTP vulnerability