No Image

USN-5450-1: Subversion vulnerabilities

2022-05-27 KENNETH 0

USN-5450-1: Subversion vulnerabilities Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. (CVE-2021-28544) Thomas Weißschuh discovered that subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact. (CVE-2022-24070) Source: USN-5450-1: Subversion vulnerabilities

No Image

USN-5448-1: ncurses vulnerabilities

2022-05-27 KENNETH 0

USN-5448-1: ncurses vulnerabilities It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker could possibly use this issue to execute arbitrary code. (CVE-2017-10684) It was discovered that ncurses was not properly checking user input, which could result in it being treated as a format argument. An attacker could possibly use this issue to expose sensitive information or to execute arbitrary code. (CVE-2017-10685) It was discovered that ncurses was incorrectly performing memory management operations and was not blocking access attempts to illegal memory locations. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-11112, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733, CVE-2017-13734) It was discovered that ncurses was not properly performing checks on pointer values before attempting to access the related memory locations, which [ more… ]

No Image

USN-5449-1: libXv vulnerability

2022-05-27 KENNETH 0

USN-5449-1: libXv vulnerability It was discovered that libXv incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Source: USN-5449-1: libXv vulnerability

No Image

USN-5402-2: OpenSSL vulnerabilities

2022-05-26 KENNETH 0

USN-5402-2: OpenSSL vulnerabilities USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. (CVE-2022-1292) Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473) Source: USN-5402-2: OpenSSL vulnerabilities

No Image

USN-5447-1: logrotate vulnerability

2022-05-26 KENNETH 0

USN-5447-1: logrotate vulnerability It was discovered that logrotate incorrectly handled the state file. A local attacker could possibly use this issue to keep a lock on the state file and cause logrotate to stop working, leading to a denial of service. Source: USN-5447-1: logrotate vulnerability