SECURITY

No Image

USN-5126-2: Bind vulnerability

2021-10-29 KENNETH 0

USN-5126-2: Bind vulnerability USN-5126-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Kishore Kumar Kothapalli discovered that Bind incorrectly handled the lame cache when processing responses. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Source: USN-5126-2: Bind vulnerability

No Image

USN-5126-1: Bind vulnerability

2021-10-28 KENNETH 0

USN-5126-1: Bind vulnerability Kishore Kumar Kothapalli discovered that Bind incorrectly handled the lame cache when processing responses. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Source: USN-5126-1: Bind vulnerability

No Image

USN-5125-1: PHP vulnerability

2021-10-28 KENNETH 0

USN-5125-1: PHP vulnerability It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Source: USN-5125-1: PHP vulnerability

No Image

USN-5009-2: libslirp vulnerabilities

2021-10-26 KENNETH 0

USN-5009-2: libslirp vulnerabilities USN-5009-1 fixed vulnerabilities in libslirp. This update provides the corresponding updates for Ubuntu 21.10. Original advisory details: Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-29129, CVE-2020-29130) It was discovered that libslirp incorrectly handled certain udp packets. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. (CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595) Source: USN-5009-2: libslirp vulnerabilities

No Image

USN-5122-2: Apport vulnerability

2021-10-26 KENNETH 0

USN-5122-2: Apport vulnerability USN-5122-1 fixed a vulnerability in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could possibly use this issue to escalate privileges. On Ubuntu 16.04 ESM This update will cause Apport to generate all core files in the /var/lib/apport/coredump directory. On Ubuntu 14.04 ESM, core file generation has been disabled by default. Source: USN-5122-2: Apport vulnerability