No Image

USN-5300-3: PHP vulnerabilities

2022-03-07 KENNETH 0

USN-5300-3: PHP vulnerabilities USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 21.10. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. (CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. (CVE-2017-9119) It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information. (CVE-2021-21707) Source: USN-5300-3: PHP vulnerabilities

No Image

USN-5313-1: OpenJDK vulnerabilities

2022-03-07 KENNETH 0

USN-5313-1: OpenJDK vulnerabilities It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. (CVE-2022-21248) It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issue to cause a denial of service via a specially crafted TIFF file. (CVE-2022-21277) Jonni Passki discovered that OpenJDK incorrectly verified access restrictions when performing URI resolution. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21282) It was discovered that OpenJDK incorrectly handled certain regular expressions in the Pattern class implementation. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21283) It was discovered that OpenJDK incorrectly handled specially crafted Java class files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21291) Markus Loewe discovered [ more… ]

No Image

USN-5314-1: Firefox vulnerabilities

2022-03-07 KENNETH 0

USN-5314-1: Firefox vulnerabilities A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2022-26485) A use-after-free was discovered in the WebGPU IPC framework. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2022-26486) Source: USN-5314-1: Firefox vulnerabilities

No Image

USN-5311-1: containerd vulnerability

2022-03-03 KENNETH 0

USN-5311-1: containerd vulnerability It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information. Source: USN-5311-1: containerd vulnerability

No Image

USN-5300-2: PHP vulnerabilities

2022-03-03 KENNETH 0

USN-5300-2: PHP vulnerabilities USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. (CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. (CVE-2017-9119) It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information. (CVE-2021-21707) Source: USN-5300-2: PHP vulnerabilities