Ubuntu security

Ubuntu security notices

No Image

USN-5498-1: Vim vulnerabilities

2022-06-30 KENNETH 0

USN-5498-1: Vim vulnerabilities It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. Source: USN-5498-1: Vim vulnerabilities

No Image

USN-5497-1: Libjpeg6b vulnerabilities

2022-06-30 KENNETH 0

USN-5497-1: Libjpeg6b vulnerabilities It was discovered that Libjpeg6b was not properly performing bounds checks when compressing PPM and Targa image files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-11212) Chijin Zhou discovered that Libjpeg6b was incorrectly handling the EOF character in input data when generating JPEG files. An attacker could possibly use this issue to force the execution of a large loop, force excessive memory consumption, and cause a denial of service. (CVE-2018-11813) Sheng Shu and Dongdong She discovered that Libjpeg6b was not properly limiting the amount of memory being used when it was performing decompression or multi-pass compression operations. An attacker could possibly use this issue to force excessive memory consumption and cause a denial of service. (CVE-2020-14152) Source: USN-5497-1: Libjpeg6b vulnerabilities

No Image

USN-5496-1: cloud-init vulnerability

2022-06-30 KENNETH 0

USN-5496-1: cloud-init vulnerability Mike Stroyan discovered that cloud-init could log password hashes when reporting schema failures. An attacker with access to these logs could potentially use this to gain user credentials. Source: USN-5496-1: cloud-init vulnerability

No Image

USN-5495-1: curl vulnerabilities

2022-06-27 KENNETH 0

USN-5495-1: curl vulnerabilities Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208) Source: USN-5495-1: curl vulnerabilities

No Image

USN-5494-1: SpiderMonkey JavaScript Library vulnerabilities

2022-06-27 KENNETH 0

USN-5494-1: SpiderMonkey JavaScript Library vulnerabilities It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash or expose sensitive information. (CVE-2022-28285) It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash. (CVE-2022-31740) Source: USN-5494-1: SpiderMonkey JavaScript Library vulnerabilities