Ubuntu security

USN-6227-1: SpiderMonkey vulnerabilities Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution. Source: USN-6227-1: SpiderMonkey vulnerabilities

USN-6226-1: SciPy vulnerabilities It was discovered that SciPy did not properly manage memory operations during reference counting. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-25399) A use-after-free was discovered in SciPy when handling reference counts. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2023-29824) Source: USN-6226-1: SciPy vulnerabilities

USN-6225-1: Knot Resolver vulnerability It was discovered that Knot Resolver did not correctly handle certain client options. A remote attacker could send requests to malicous domains and cause a denial of service. Source: USN-6225-1: Knot Resolver vulnerability

USN-6224-1: Linux kernel vulnerabilities It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) Wei Chen discovered that the InfiniBand RDMA communication manager implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-2176) Source: USN-6224-1: Linux kernel vulnerabilities

USN-6223-1: Linux kernel (Azure CVM) vulnerabilities It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1076) It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1077) It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079) It was discovered that the Xircom PCMCIA network device driver in the Linux kernel did not properly handle device removal [ more… ]