Ubuntu security

USN-5747-1: Bind vulnerabilities It was discovered that Bind incorrectly handled large query name when using lightweight resolver protocol. A remote attacker could use this issue to consume resources, leading to a denial of service. (CVE-2016-2775) It was discovered that Bind incorrectly handled large zone data size received via AXFR response. A remote authenticated attacker could use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6170) Source: USN-5747-1: Bind vulnerabilities

USN-5746-1: HarfBuzz vulnerability Behzad Najjarpour Jabbari discovered that HarfBuzz incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Source: USN-5746-1: HarfBuzz vulnerability

USN-5689-2: Perl vulnerability USN-5689-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 22.10. Original advisory details: It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification. Source: USN-5689-2: Perl vulnerability

USN-5745-1: shadow vulnerability Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization. Source: USN-5745-1: shadow vulnerability

USN-5744-1: libICE vulnerability It was discovered that libICE was using a weak mechanism to generate the session cookies. A local attacker could possibly use this issue to perform a privilege escalation attack. Source: USN-5744-1: libICE vulnerability