SECURITY

USN-5124-1: GNU binutils vulnerabilities It was discovered that GNU binutils incorrectly handled certain hash lookups. An attacker could use this issue to cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-16592) It was discovered that GNU binutils incorrectly handled certain corrupt DWARF debug sections. An attacker could possibly use this issue to cause GNU binutils to consume memory, resulting in a denial of service. (CVE-2021-3487) Source: USN-5124-1: GNU binutils vulnerabilities

USN-5123-2: MySQL vulnerabilities USN-5123-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html https://www.oracle.com/security-alerts/cpuoct2021.html Source: USN-5123-2: MySQL vulnerabilities

USN-5123-1: MySQL vulnerabilities Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html https://www.oracle.com/security-alerts/cpuoct2021.html Source: USN-5123-1: MySQL vulnerabilities

USN-5122-1: Apport vulnerability It was discovered that Apport could be tricked into writing core files as root into arbitrary directories in certain scenarios. A local attacker could possibly use this issue to escalate privileges. This update will cause Apport to generate all core files in the /var/lib/apport/coredump directory. Source: USN-5122-1: Apport vulnerability

USN-5121-1: Mailman vulnerabilities Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery (CSRF) tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. (CVE-2021-42097) Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman’s cross-site request forgery (CSRF) tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. (CVE-2021-42096) Source: USN-5121-1: Mailman vulnerabilities