SECURITY

USN-4962-1: Babel vulnerability It was discovered that Babel incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Source: USN-4962-1: Babel vulnerability

USN-4963-1: Pillow vulnerabilities It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash or hand, resulting in a denial of service. Source: USN-4963-1: Pillow vulnerabilities

USN-4961-1: pip vulnerability It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. Source: USN-4961-1: pip vulnerability

USN-4960-1: runC vulnerability Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount the host filesystem into the container and escalate privileges. Source: USN-4960-1: runC vulnerability

USN-4945-2: Linux kernel (Raspberry Pi) vulnerabilities USN-4945-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. This update provides the corresponding Linux kernel updates targeted specifically for Raspberry Pi devices in those same Ubuntu Releases. Original advisory details: It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25639) Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) It was discovered that the fastrpc driver in the Linux kernel did not prevent user space applications from sending kernel [ more… ]