Ubuntu security

Ubuntu security notices

No Image

USN-5275-1: BlueZ vulnerability

2022-02-08 KENNETH 0

USN-5275-1: BlueZ vulnerability Ziming Zhang discovered that BlueZ incorrectly handled memory write operations in its gatt server. A remote attacker could possibly use this to cause BlueZ to crash leading to a denial of service, or potentially remotely execute code. (CVE-2022-0204) Source: USN-5275-1: BlueZ vulnerability

No Image

USN-5269-2: Django vulnerabilities

2022-02-07 KENNETH 0

USN-5269-2: Django vulnerabilities USN-5269-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. (CVE-2022-22818) Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issue to cause Django to hang, resulting in a denial of service. (CVE-2022-23833) Source: USN-5269-2: Django vulnerabilities

No Image

USN-5262-1: GPT fdisk vulnerabilities

2022-02-04 KENNETH 0

USN-5262-1: GPT fdisk vulnerabilities The potential for an out of bounds write due to a missing bounds check was discovered to impact the sgdisk utility of GPT fdisk. Exploitation requires the use of a maliciously formatted storage device and could cause sgdisk to crash as well as possibly allow for local privilege escalation. Source: USN-5262-1: GPT fdisk vulnerabilities

No Image

USN-5264-1: Graphviz vulnerabilities

2022-02-04 KENNETH 0

USN-5264-1: Graphviz vulnerabilities It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. (CVE-2018-10196, CVE-2019-11023) It was discovered that graphviz contains a buffer overflow vulnerability. Exploitation via a specially crafted input file can cause a denial of service or possibly allow for arbitrary code execution. (CVE-2020-18032) Source: USN-5264-1: Graphviz vulnerabilities

No Image

USN-5030-2: Perl DBI module vulnerabilities

2022-02-04 KENNETH 0

USN-5030-2: Perl DBI module vulnerabilities USN-5030-1 addressed vulnerabilities in Perl DBI module. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2014-10402) It was discovered that the Perl DBI module incorrectly handled certain long strings. A local attacker could possibly use this issue to cause the DBI module to crash, resulting in a denial of service. (CVE-2020-14393) Source: USN-5030-2: Perl DBI module vulnerabilities