Ubuntu security

USN-5719-1: OpenJDK vulnerabilities It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue to cause the corruption of sensitive information. (CVE-2022-21619) It was discovered that OpenJDK incorrectly randomized DNS port numbers. A remote attacker could possibly use this issue to perform spoofing attacks. (CVE-2022-21624) It was discovered that OpenJDK did not limit the number of connections accepted from HTTP clients. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21628) It was discovered that OpenJDK incorrectly handled X.509 certificates. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 8 and OpenJDK 11. (CVE-2022-21626) It was discovered that OpenJDK incorrectly handled cached server connections. An attacker could possibly use this issue to perform spoofing attacks. This issue only affected OpenJDK 11, [ more… ]

USN-5717-1: PHP vulnerabilities It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31628) It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data (CVE-2022-31629) It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS. (CVE-2022-31630) Nicky Mouha discovered that PHP incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS. (CVE-2022-37454) Source: USN-5717-1: PHP vulnerabilities

USN-5718-1: pixman vulnerability Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5718-1: pixman vulnerability

USN-5714-1: LibTIFF vulnerabilities It was discovered that LibTIFF incorrectly handled certain memory operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2953) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to allow for information disclosure or to cause the application to crash. This issue only affected to Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-2867, CVE-2022-2868, CVE-2022-2869) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffsplit. An attacker could trick a user [ more… ]

USN-5658-2: DHCP vulnerabilities USN-5658-1 fixed vulnerabilities in DHCP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service. (CVE-2022-2928) It was discovered that DHCP incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause DHCP clients and servers to consume resources, leading to a denial of service. (CVE-2022-2929) Source: USN-5658-2: DHCP vulnerabilities