Ubuntu security

USN-5399-1: libvirt vulnerabilities It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvirt to stop accepting connections, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-3667) It was discovered that libvirt incorrectly handled threads during shutdown. A local attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3975) It was discovered that libvirt incorrectly handled the libxl driver. An attacker inside a guest could possibly use this issue to cause libvirtd to crash or stop responding, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2021-4147) It was discovered that libvirt incorrectly handled the nwfilter [ more… ]

USN-5382-2: libinput vulnerability USN-5382-1 fixed a vulnerability in libinput. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly handle input devices with specially crafted names. A local attacker with physical access could use this to cause libinput to crash or expose sensitive information. Source: USN-5382-2: libinput vulnerability

USN-5398-1: Simple DirectMedia Layer vulnerability It was discovered that SDL (Simple DirectMedia Layer) incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Source: USN-5398-1: Simple DirectMedia Layer vulnerability

USN-5397-1: curl vulnerabilities Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. (CVE-2022-22576) Harry Sintonen discovered that curl incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776) Source: USN-5397-1: curl vulnerabilities

USN-5396-1: Ghostscript vulnerability It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Source: USN-5396-1: Ghostscript vulnerability