Ubuntu security

Ubuntu security notices

No Image

USN-5594-1: Linux kernel vulnerabilities

2022-09-02 KENNETH 0

USN-5594-1: Linux kernel vulnerabilities Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle an illegal instruction in a guest, resulting [ more… ]

No Image

USN-5593-1: Zstandard vulnerability

2022-09-02 KENNETH 0

USN-5593-1: Zstandard vulnerability It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Source: USN-5593-1: Zstandard vulnerability

No Image

USN-5587-1: curl vulnerability

2022-09-02 KENNETH 0

USN-5587-1: curl vulnerability Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP(S) server might return a 400 (Bad Request Error) response. A malicious cookie host could possibly use this to cause denial-of-service. Source: USN-5587-1: curl vulnerability

No Image

USN-5592-1: Linux kernel vulnerabilities

2022-09-02 KENNETH 0

USN-5592-1: Linux kernel vulnerabilities Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Source: USN-5592-1: Linux kernel vulnerabilities

No Image

USN-5591-3: Linux kernel vulnerability

2022-09-02 KENNETH 0

USN-5591-3: Linux kernel vulnerability It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Source: USN-5591-3: Linux kernel vulnerability