Articles by KENNETH

USN-5638-4: Expat vulnerabilities USN-5638-1 fixed several vulnerabilities in Expat. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Source: USN-5638-4: Expat vulnerabilities

USN-5902-1: PHP vulnerabilities It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. (CVE-2023-0567) It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. (CVE-2023-0568) It was discovered that PHP incorrectly handled a large number of parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service. (CVE-2023-0662) Source: USN-5902-1: PHP vulnerabilities

USN-5821-3: pip regression USN-5821-1 fixed a vulnerability in wheel and pip. Unfortunately, it was missing a commit to fix it properly in pip. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Source: USN-5821-3: pip regression

USN-5901-1: GnuTLS vulnerability Hubert Kario discovered that GnuTLS had a timing side-channel when handling certain RSA messages. A remote attacker could possibly use this issue to recover sensitive information. Source: USN-5901-1: GnuTLS vulnerability