No Image

USN-4954-1: GNU C Library vulnerabilities

2021-05-14 KENNETH 0

USN-4954-1: GNU C Library vulnerabilities Jason Royes and Samuel Dytrych discovered that the memcpy() implementation for 32 bit ARM processors in the GNU C Library contained an integer underflow vulnerability. An attacker could possibly use this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2020-6096) It was discovered that the POSIX regex implementation in the GNU C Library did not properly parse alternatives. An attacker could use this to cause a denial of service. (CVE-2009-5155) Source: USN-4954-1: GNU C Library vulnerabilities

No Image

USN-4953-1: AWStats vulnerabilities

2021-05-14 KENNETH 0

USN-4953-1: AWStats vulnerabilities Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-29600) It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access sensitive information. (CVE-2020-35176) Source: USN-4953-1: AWStats vulnerabilities

No Image

USN-4932-2: Django vulnerability

2021-05-13 KENNETH 0

USN-4932-2: Django vulnerability USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Source: USN-4932-2: Django vulnerability

No Image

USN-4952-1: MySQL vulnerabilities

2021-05-13 KENNETH 0

USN-4952-1: MySQL vulnerabilities Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.25 in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-34.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-24.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-25.html https://www.oracle.com/security-alerts/cpuapr2021.html Source: USN-4952-1: MySQL vulnerabilities

No Image

USN-4951-1: Flatpak vulnerability

2021-05-12 KENNETH 0

USN-4951-1: Flatpak vulnerability Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement. Source: USN-4951-1: Flatpak vulnerability