SECURITY

USN-5099-1: Imlib2 vulnerability It was discovered that Imlib2 incorrectly handled certain ICO images. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code. Source: USN-5099-1: Imlib2 vulnerability

USN-4973-2: Python vulnerability USN-4973-1 fixed this vulnerability previously, but it was re-introduced in python3.8 in focal because of the SRU in LP: #1928057. This update fixes the problem. Original advisory details: It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions. Source: USN-4973-2: Python vulnerability

USN-5098-1: bl vulnerability It was discovered that bl didn’t properly sanitize the inputs. An attacker could use this to leak sensitive information. Source: USN-5098-1: bl vulnerability

USN-5097-1: LedgerSMB vulnerabilities It was discovered that LedgerSMB incorrectly handled certain inputs. An attacker could use this to leak sensitive information, cause a DoS, or execute arbitrary code. (CVE-2021-3693, CVE-2021-3694, CVE-2021-3731) Source: USN-5097-1: LedgerSMB vulnerabilities

USN-5094-2: Linux kernel (Raspberry Pi) vulnerabilities It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543) It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679) Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. (CVE-2021-3732) It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A [ more… ]