Articles by KENNETH

USN-5908-1: Sudo vulnerability It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROOT setting, a local attacker could use this issue to cause Sudo to crash, resulting in a denial of service, or possibly escalate privileges. Source: USN-5908-1: Sudo vulnerability

USN-5871-2: Git regression USN-5871-1 fixed vulnerabilities in Git. A backport fixing part of the vulnerability in CVE-2023-22490 was required. This update fix this for Ubuntu 18.04 LTS. Original advisory details: It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. (CVE-2023-22490) Source: USN-5871-2: Git regression

USN-5907-1: c-ares vulnerability It was discovered that c-ares incorrectly handled certain sortlist strings. A remote attacker could use this issue to cause c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5907-1: c-ares vulnerability

USN-5906-1: PostgreSQL vulnerability Jacob Champion discovered that the PostgreSQL client incorrectly handled Kerberos authentication. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to obtain sensitive information. Source: USN-5906-1: PostgreSQL vulnerability

USN-5905-1: PHP vulnerabilities It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31628) It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. (CVE-2022-31629) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-31631) It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. (CVE-2023-0568) It was discovered that PHP incorrectly handled a large number of field and file parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service. (CVE-2023-0662) Source: USN-5905-1: [ more… ]