SECURITY

USN-5030-1: Perl DBI module vulnerabilities It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2014-10402) It was discovered that the Perl DBI module incorrectly handled certain long strings. A local attacker could possibly use this issue to cause the DBI module to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-14393) Source: USN-5030-1: Perl DBI module vulnerabilities

USN-5029-1: GnuTLS vulnerabilities It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5029-1: GnuTLS vulnerabilities

USN-5028-1: Exiv2 vulnerability It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. Source: USN-5028-1: Exiv2 vulnerability

USN-5026-2: QPDF vulnerabilities USN-5026-1 fixed several vulnerabilities in QPDF. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. (CVE-2018-18020) It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36978) Source: USN-5026-2: QPDF vulnerabilities

USN-5027-1: PEAR vulnerability It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code. Source: USN-5027-1: PEAR vulnerability