Ubuntu security

USN-5723-1: Vim vulnerabilities It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1674) It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1725) It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2124) It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2125) It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. An attacker [ more… ]

USN-5724-1: Thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy (CSP) or other security restrictions, or execute arbitrary code. These issues only affect Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3266, CVE-2022-40956, CVE-2022-40957, CVE-2022-40958, CVE-2022-40959, CVE-2022-40960, CVE-2022-40962) Multiple security issues were discovered in the Matrix SDK bundled with Thunderbird. An attacker could potentially exploit these in order to impersonate another user. These issues only affect Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39236, CVE-2022-39249, CVE-2022-39250, CVE-2022-39251) Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit [ more… ]

USN-5721-1: WavPack vulnerability It was discovered that WavPack was not properly performing checks when dealing with memory. If a user were tricked into decompressing a specially crafted WavPack Audio File, an attacker could possibly use this issue to cause the WavPack decompressor to crash, resulting in a denial of service. Source: USN-5721-1: WavPack vulnerability

USN-5709-2: Firefox vulnerabilities USN-5709-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932) It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information. (CVE-2022-42931) Source: USN-5709-2: Firefox vulnerabilities

USN-5720-1: Zstandard vulnerabilities It was discovered that Zstandard was not properly managing file permissions when generating output files. A local attacker could possibly use this issue to cause a race condition and gain unauthorized access to sensitive data. Source: USN-5720-1: Zstandard vulnerabilities