Ubuntu security

Ubuntu security notices

No Image

USN-5578-1: Open VM Tools vulnerability

2022-08-24 KENNETH 0

USN-5578-1: Open VM Tools vulnerability It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root privileges inside the virtual machine. Source: USN-5578-1: Open VM Tools vulnerability

No Image

USN-5577-1: Linux kernel (OEM) vulnerabilities

2022-08-24 KENNETH 0

USN-5577-1: Linux kernel (OEM) vulnerabilities Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Source: USN-5577-1: Linux kernel (OEM) vulnerabilities

No Image

USN-5576-1: Twisted vulnerability

2022-08-24 KENNETH 0

USN-5576-1: Twisted vulnerability It was discovered that Twisted incorrectly parsed some types of HTTP requests in its web server implementation. In certain proxy or multi-server configurations, a remote attacker could craft malicious HTTP requests in order to obtain sensitive information. Source: USN-5576-1: Twisted vulnerability

No Image

USN-5474-2: Varnish Cache regression

2022-08-24 KENNETH 0

USN-5474-2: Varnish Cache regression USN-5474-1 fixed vulnerabilities in Varnish Cache. Unfortunately the fix for CVE-2020-11653 was incomplete. This update fixes the problem. Original advisory details: It was discovered that Varnish Cache could have an assertion failure when a TLS termination proxy uses PROXY version 2. A remote attacker could possibly use this issue to restart the daemon and cause a performance loss. (CVE-2020-11653) Source: USN-5474-2: Varnish Cache regression

No Image

USN-5575-2: Libxslt vulnerabilities

2022-08-23 KENNETH 0

USN-5575-2: Libxslt vulnerabilities USN-5575-1 fixed vulnerabilities in Libxslt. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-5815) Alexey Neyman incorrectly handled certain HTML pages. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. (CVE-2021-30560) Source: USN-5575-2: Libxslt vulnerabilities