Ubuntu security

Ubuntu security notices

No Image

USN-6243-1: Graphite-Web vulnerabilities

2023-07-25 KENNETH 0

USN-6243-1: Graphite-Web vulnerabilities It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2017-18638) It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2022-4728, CVE-2022-4729, CVE-2022-4730) Source: USN-6243-1: Graphite-Web vulnerabilities

No Image

USN-6242-1: OpenSSH vulnerability

2023-07-25 KENNETH 0

USN-6242-1: OpenSSH vulnerability It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user’s system and execute arbitrary code. Source: USN-6242-1: OpenSSH vulnerability

No Image

USN-6241-1: OpenStack vulnerability

2023-07-24 KENNETH 0

USN-6241-1: OpenStack vulnerability Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information. This update may require configuration changes, please see the upstream advisory and the other links below for more information: https://security.openstack.org/ossa/OSSA-2023-003.html https://discourse.ubuntu.com/t/cve-2023-2088-for-charmed-openstack/37051 https://lists.openstack.org/pipermail/openstack-discuss/2023-July/034439.html Source: USN-6241-1: OpenStack vulnerability

No Image

USN-6240-1: FRR vulnerability

2023-07-24 KENNETH 0

USN-6240-1: FRR vulnerability It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. Source: USN-6240-1: FRR vulnerability

No Image

USN-6232-1: wkhtmltopdf vulnerability

2023-07-21 KENNETH 0

USN-6232-1: wkhtmltopdf vulnerability It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files with default options. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information. Source: USN-6232-1: wkhtmltopdf vulnerability