Ubuntu security

Ubuntu security notices

No Image

USN-5501-1: Django vulnerability

2022-07-04 KENNETH 0

USN-5501-1: Django vulnerability It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information. Source: USN-5501-1: Django vulnerability

No Image

USN-5500-1: Linux kernel vulnerabilities

2022-07-02 KENNETH 0

USN-5500-1: Linux kernel vulnerabilities Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. [ more… ]

No Image

USN-5493-2: Linux kernel (HWE) vulnerability

2022-07-02 KENNETH 0

USN-5493-2: Linux kernel (HWE) vulnerability It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). Source: USN-5493-2: Linux kernel (HWE) vulnerability

No Image

USN-5485-2: Linux kernel (OEM) vulnerabilities

2022-07-02 KENNETH 0

USN-5485-2: Linux kernel (OEM) vulnerabilities It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) Source: USN-5485-2: Linux kernel (OEM) vulnerabilities

No Image

USN-5499-1: curl vulnerabilities

2022-07-01 KENNETH 0

USN-5499-1: curl vulnerabilities Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server’s certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service. (CVE-2022-27781) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-middle attack. (CVE-2022-32208) Source: USN-5499-1: curl vulnerabilities