No Image

USN-3081-2: Tomcat vulnerability

2020-10-28 KENNETH 0

USN-3081-2: Tomcat vulnerability Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. Source: USN-3081-2: Tomcat vulnerability

No Image

USN-4603-1: MariaDB vulnerabilities

2020-10-28 KENNETH 0

USN-4603-1: MariaDB vulnerabilities It was discovered that MariaDB didn’t properly validate the content of a packet received from a server. A remote attacker could use this vulnerability to sent a specialy crafted file to cause a denial of service. (CVE-2020-13249) It was discovered that MariaDB has other security issues. An attacker can cause a hang or frequently repeatable crash (denial of service). (CVE-2020-15180, CVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Source: USN-4603-1: MariaDB vulnerabilities

No Image

USN-4602-2: Perl vulnerabilities

2020-10-27 KENNETH 0

USN-4602-2: Perl vulnerabilities USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543) Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878) Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use [ more… ]

No Image

USN-4600-2: Netty vulnerabilities

2020-10-27 KENNETH 0

USN-4600-2: Netty vulnerabilities USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash (denial of service). (CVE-2020-11612) Original advisory details: It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information. (CVE-2019-16869, CVE-2019-20444, CVE-2019-20445, CVE-2020-7238) Source: USN-4600-2: Netty vulnerabilities

No Image

USN-4605-1: Blueman vulnerability

2020-10-27 KENNETH 0

USN-4605-1: Blueman vulnerability Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. (CVE-2020-15238) Source: USN-4605-1: Blueman vulnerability