Ubuntu security

USN-5546-1: OpenJDK vulnerabilities Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. (CVE-2022-21449) It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. [ more… ]

USN-5547-1: NVIDIA graphics drivers vulnerabilities Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-31607) Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled certain memory operations, leading to a null-pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2022-31615) Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic Boost D-Bus component did not properly restrict access to its endpoint. When enabled in non-default configurations, a local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-31608) Source: USN-5547-1: NVIDIA graphics drivers vulnerabilities

USN-5545-1: Linux kernel (OEM) vulnerability Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. Source: USN-5545-1: Linux kernel (OEM) vulnerability

USN-5463-2: NTFS-3G vulnerabilities USN-5463-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Roman Fiedler discovered that NTFS-3G incorrectly handled certain return codes. A local attacker could possibly use this issue to intercept protocol traffic between FUSE and the kernel. (CVE-2022-30783) It was discovered that NTFS-3G incorrectly handled certain NTFS disk images. If a user or automated system were tricked into mounting a specially crafted disk image, a remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789) Roman Fiedler discovered that NTFS-3G incorrectly handled certain file handles. A local attacker could possibly use this issue to read and write arbitrary memory. (CVE-2022-30785, CVE-2022-30787) Source: USN-5463-2: NTFS-3G vulnerabilities

USN-5544-1: Linux kernel vulnerabilities It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) Felix Fu discovered that the Sun RPC implementation in the Linux kernel did not properly handle socket states, leading to a use-after-free vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-28893) Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. (CVE-2022-34918) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading [ more… ]