No Image

USN-4888-2: ldb vulnerabilities

2021-03-26 KENNETH 0

USN-4888-2: ldb vulnerabilities USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. (CVE-2021-20277) Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-27840) Source: USN-4888-2: ldb vulnerabilities

No Image

USN-4891-1: OpenSSL vulnerability

2021-03-25 KENNETH 0

USN-4891-1: OpenSSL vulnerability It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4891-1: OpenSSL vulnerability

No Image

USN-4889-1: Linux kernel vulnerabilities

2021-03-25 KENNETH 0

USN-4889-1: Linux kernel vulnerabilities Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363) Adam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Source: USN-4889-1: Linux kernel vulnerabilities

No Image

USN-4890-1: Linux kernel vulnerabilities

2021-03-25 KENNETH 0

USN-4890-1: Linux kernel vulnerabilities Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27171) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170) Source: USN-4890-1: Linux kernel vulnerabilities

No Image

USN-4888-1: ldb vulnerabilities

2021-03-25 KENNETH 0

USN-4888-1: ldb vulnerabilities Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. (CVE-2021-20277) Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-27840) Source: USN-4888-1: ldb vulnerabilities