Ubuntu security

USN-5798-1: .NET 6 vulnerability Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint. Source: USN-5798-1: .NET 6 vulnerability

USN-5791-3: Linux kernel (Azure) vulnerabilities It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) It was discovered that the Intel 740 frame buffer driver in the Linux kernel contained a divide by zero vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3061) It was discovered that the sound subsystem in the Linux kernel contained a race condition in some [ more… ]

USN-5796-2: w3m vulnerability USN-5796-1 fixed a vulnerability in w3m. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5796-2: w3m vulnerability

USN-5782-3: Firefox regressions USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. (CVE-2022-46871) Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. (CVE-2022-46872) Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. (CVE-2022-46873) Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly [ more… ]

USN-5793-2: Linux kernel (Azure) vulnerabilities It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3910) It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20421) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) It was discovered that the sound [ more… ]