Ubuntu security

USN-5354-1: Twisted vulnerabilities It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. (CVE-2022-21712) It was discovered that Twisted incorrectly processed SSH handshake data on connection establishments. A remote attacker could use this issue to cause Twisted to crash, resulting in a denial of service. (CVE-2022-21716) Source: USN-5354-1: Twisted vulnerabilities

USN-5351-2: Paramiko vulnerability USN-5351-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain access to private keys. Source: USN-5351-2: Paramiko vulnerability

USN-5313-2: OpenJDK 11 regression USN-5313-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression in OpenJDK 11 that could impact interoperability with some popular HTTP/2 servers making it unable to connect to said servers. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. (CVE-2022-21248) It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issue to cause a denial of service via a specially crafted TIFF file. (CVE-2022-21277) Jonni Passki discovered that OpenJDK incorrectly verified access restrictions when performing URI resolution. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21282) It was discovered that OpenJDK incorrectly handled certain regular expressions [ more… ]

USN-5353-1: Linux kernel (OEM) vulnerability It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Source: USN-5353-1: Linux kernel (OEM) vulnerability

USN-5352-1: Libtasn1 vulnerability It was discovered that Libtasn1 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Source: USN-5352-1: Libtasn1 vulnerability