Ubuntu security

Ubuntu security notices

No Image

USN-5767-2: Python vulnerability

2022-12-09 KENNETH 0

USN-5767-2: Python vulnerability USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash. (CVE-2022-45061) Source: USN-5767-2: Python vulnerability

No Image

USN-5767-1: Python vulnerabilities

2022-12-08 KENNETH 0

USN-5767-1: Python vulnerabilities Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-37454) It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash. (CVE-2022-45061) Source: USN-5767-1: Python vulnerabilities

No Image

USN-5768-1: GNU C Library vulnerabilities

2022-12-08 KENNETH 0

USN-5768-1: GNU C Library vulnerabilities Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. (CVE-2016-10228, CVE-2019-25013, CVE-2020-27618) It was discovered that the GNU C Library did not properly handled DNS responses when ENDS0 is enabled. An attacker could possibly use this issue to cause fragmentation-based attacks. (CVE-2017-12132) Source: USN-5768-1: GNU C Library vulnerabilities

No Image

USN-5766-1: Heimdal vulnerability

2022-12-08 KENNETH 0

USN-5766-1: Heimdal vulnerability It was discovered that Heimdal did not properly manage memory when normalizing Unicode. An attacker could possibly use this issue to cause a denial of service. Source: USN-5766-1: Heimdal vulnerability

No Image

USN-5765-1: PostgreSQL vulnerability

2022-12-08 KENNETH 0

USN-5765-1: PostgreSQL vulnerability Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. Source: USN-5765-1: PostgreSQL vulnerability