No Image

USN-5573-1: rsync vulnerability

2022-08-19 KENNETH 0

USN-5573-1: rsync vulnerability Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5573-1: rsync vulnerability

No Image

USN-5572-1: Linux kernel (AWS) vulnerabilities

2022-08-19 KENNETH 0

USN-5572-1: Linux kernel (AWS) vulnerabilities Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741) Source: USN-5572-1: Linux kernel (AWS) vulnerabilities

No Image

USN-5571-1: PostgreSQL vulnerability

2022-08-19 KENNETH 0

USN-5571-1: PostgreSQL vulnerability Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated. Source: USN-5571-1: PostgreSQL vulnerability

No Image

USN-5570-1: zlib vulnerability

2022-08-18 KENNETH 0

USN-5570-1: zlib vulnerability Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5570-1: zlib vulnerability

No Image

USN-5526-2: PyJWT regression

2022-08-17 KENNETH 0

USN-5526-2: PyJWT regression USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature. Source: USN-5526-2: PyJWT regression