Ubuntu security

Ubuntu security notices

No Image

USN-5524-1: HarfBuzz vulnerability

2022-07-19 KENNETH 0

USN-5524-1: HarfBuzz vulnerability It was discovered that HarfBuzz incorrectly handled certain glyph sizes. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service. Source: USN-5524-1: HarfBuzz vulnerability

No Image

USN-5523-1: LibTIFF vulnerabilities

2022-07-19 KENNETH 0

USN-5523-1: LibTIFF vulnerabilities It was discovered that LibTIFF was not properly performing checks to guarantee that allocated memory space existed, which could lead to a NULL pointer dereference via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0907, CVE-2022-0908) It was discovered that LibTIFF was not properly performing checks to avoid division calculations where the denominator value was zero, which could lead to an undefined behavior situation via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0909) It was discovered that LibTIFF was not properly performing bounds checks, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. (CVE-2022-0924) It was discovered [ more… ]

No Image

USN-5522-1: WebKitGTK vulnerabilities

2022-07-19 KENNETH 0

USN-5522-1: WebKitGTK vulnerabilities Several security issues were discovered in WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Source: USN-5522-1: WebKitGTK vulnerabilities

No Image

USN-5520-2: HTTP-Daemon vulnerability

2022-07-18 KENNETH 0

USN-5520-2: HTTP-Daemon vulnerability USN-5520-1 fixed a vulnerability in HTTP-Daemon. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that HTTP-Daemon incorrectly handled certain crafted requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Source: USN-5520-2: HTTP-Daemon vulnerability

No Image

USN-5520-1: HTTP-Daemon vulnerability

2022-07-14 KENNETH 0

USN-5520-1: HTTP-Daemon vulnerability It was discovered that HTTP-Daemon incorrectly handled certain crafted requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Source: USN-5520-1: HTTP-Daemon vulnerability