No Image

USN-5855-3: ImageMagick regression

2023-04-01 KENNETH 0

USN-5855-3: ImageMagick regression USN-5855-2 fixed vulnerabilities in ImageMagick. Unfortunately an additional mitigation caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images. Source: USN-5855-3: ImageMagick regression

No Image

USN-5991-1: Linux kernel (GCP) vulnerabilities

2023-03-31 KENNETH 0

USN-5991-1: Linux kernel (GCP) vulnerabilities It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. [ more… ]

No Image

USN-5990-1: musl vulnerabilities

2023-03-31 KENNETH 0

USN-5990-1: musl vulnerabilities It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-14697) It was discovered that musl did not handle wide-character conversion properly. A remote attacker could use this vulnerability to cause resource consumption (infinite loop), denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28928) Source: USN-5990-1: musl vulnerabilities

No Image

USN-5989-1: GlusterFS vulnerability

2023-03-30 KENNETH 0

USN-5989-1: GlusterFS vulnerability Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service. Source: USN-5989-1: GlusterFS vulnerability

No Image

USN-5988-1: Xcftools vulnerabilities

2023-03-30 KENNETH 0

USN-5988-1: Xcftools vulnerabilities It was discovered that integer overflows vulnerabilities existed in Xcftools. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-5086, CVE-2019-5087) Source: USN-5988-1: Xcftools vulnerabilities