No Image

USN-4901-1: Linux kernel (Trusty HWE) vulnerabilities

2021-04-06 KENNETH 0

USN-4901-1: Linux kernel (Trusty HWE) vulnerabilities Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363) Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in [ more… ]

No Image

USN-4900-1: OpenEXR vulnerabilities

2021-04-02 KENNETH 0

USN-4900-1: OpenEXR vulnerabilities It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Source: USN-4900-1: OpenEXR vulnerabilities

No Image

USN-4899-1: SpamAssassin vulnerability

2021-04-01 KENNETH 0

USN-4899-1: SpamAssassin vulnerability Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code. Source: USN-4899-1: SpamAssassin vulnerability

No Image

USN-4898-1: curl vulnerabilities

2021-03-31 KENNETH 0

USN-4898-1: curl vulnerabilities Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-22876) Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890) Source: USN-4898-1: curl vulnerabilities

No Image

USN-4897-1: Pygments vulnerability

2021-03-31 KENNETH 0

USN-4897-1: Pygments vulnerability Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service. Source: USN-4897-1: Pygments vulnerability