SECURITY

No Image

USN-4973-1: Python vulnerability

2021-06-01 KENNETH 0

USN-4973-1: Python vulnerability It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions. Source: USN-4973-1: Python vulnerability

No Image

USN-4972-1: PostgreSQL vulnerabilities

2021-06-01 KENNETH 0

USN-4972-1: PostgreSQL vulnerabilities Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges. (CVE-2021-32027) Andres Freund discovered that PostgreSQL incorrect handled certain INSERT … ON CONFLICT … DO UPDATE commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. (CVE-2021-32028) Tom Lane discovered that PostgreSQL incorrect handled certain UPDATE … RETURNING commands. A remote attacker could possibly use this issue to read server memory and obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-32029) Source: USN-4972-1: PostgreSQL vulnerabilities

No Image

USN-4971-1: libwebp vulnerabilities

2021-06-01 KENNETH 0

USN-4971-1: libwebp vulnerabilities It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4971-1: libwebp vulnerabilities

No Image

USN-4970-1: GUPnP vulnerability

2021-06-01 KENNETH 0

USN-4970-1: GUPnP vulnerability It was discovered that GUPnP incorrectly filtered local requests. If a user were tricked into visiting a malicious website, a remote attacker could possibly use this issue to perform actions against local UPnP services such as obtaining or altering sensitive information. Source: USN-4970-1: GUPnP vulnerability

No Image

USN-4968-2: LZ4 vulnerability

2021-05-31 KENNETH 0

USN-4968-2: LZ4 vulnerability USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4968-2: LZ4 vulnerability