SECURITY

No Image

USN-6299-1: poppler vulnerabilities

2023-08-18 KENNETH 0

USN-6299-1: poppler vulnerabilities It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-36023, CVE-2020-36024) Source: USN-6299-1: poppler vulnerabilities

No Image

USN-6294-2: HAProxy vulnerability

2023-08-17 KENNETH 0

USN-6294-2: HAProxy vulnerability USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions. Source: USN-6294-2: HAProxy vulnerability

No Image

USN-6298-1: ZZIPlib vulnerabilities

2023-08-17 KENNETH 0

USN-6298-1: ZZIPlib vulnerabilities Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-7727) YiMing Liu discovered that ZZIPlib incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-18442) Source: USN-6298-1: ZZIPlib vulnerabilities

No Image

USN-6297-1: Ghostscript vulnerability

2023-08-17 KENNETH 0

USN-6297-1: Ghostscript vulnerability It was discovered that Ghostscript incorrectly handled outputting certain PDF files. A local attacker could potentially use this issue to cause a crash, resulting in a denial of service. Source: USN-6297-1: Ghostscript vulnerability

No Image

USN-6296-1: PostgreSQL vulnerabilities

2023-08-17 KENNETH 0

USN-6296-1: PostgreSQL vulnerabilities It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. (CVE-2023-39417) It was discovered that PostgreSQL incorrectly handled the MERGE command. A remote attacker could possibly use this issue to bypass certain UPDATE and SELECT policies. This issue only affected Ubuntu 23.04. (CVE-2023-39418) Source: USN-6296-1: PostgreSQL vulnerabilities