Ubuntu security

Ubuntu security notices

No Image

USN-5810-2: Git regression

2023-01-20 KENNETH 0

USN-5810-2: Git regression USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Original advisory details: Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-23521) Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-41903) Source: USN-5810-2: Git regression

No Image

USN-5812-1: urllib3 vulnerability

2023-01-19 KENNETH 0

USN-5812-1: urllib3 vulnerability It was discovered that urllib3 incorrectly handled certain characters in URLs. A remote attacker could possibly use this issue to cause urllib3 to consume resources, leading to a denial of service. Source: USN-5812-1: urllib3 vulnerability

No Image

USN-5811-2: Sudo vulnerability

2023-01-19 KENNETH 0

USN-5811-2: Sudo vulnerability USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files. (CVE-2023-22809) Source: USN-5811-2: Sudo vulnerability

No Image

USN-5811-1: Sudo vulnerabilities

2023-01-19 KENNETH 0

USN-5811-1: Sudo vulnerabilities Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files. (CVE-2023-22809) It was discovered that the Protobuf-c library, used by Sudo, incorrectly handled certain arithmetic shifts. An attacker could possibly use this issue to cause Sudo to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-33070) Source: USN-5811-1: Sudo vulnerabilities

No Image

USN-5810-1: Git vulnerabilities

2023-01-18 KENNETH 0

USN-5810-1: Git vulnerabilities Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-23521) Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-41903) Source: USN-5810-1: Git vulnerabilities