Ubuntu security

USN-5170-1: MariaDB vulnerability A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been updated to 10.3.32 in Ubuntu 20.04 LTS and to 10.5.13 in Ubuntu 21.04 and Ubuntu 21.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Source: USN-5170-1: MariaDB vulnerability

USN-5174-1: Samba vulnerabilities Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. (CVE-2016-2124) Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. (CVE-2020-25717) Andrew Bartlett discovered that Samba did not properly check sensitive attributes. An authenticated attacker could possibly use this issue to escalate privileges. (CVE-2020-25722) Joseph Sutton discovered that Samba incorrectly handled certain TGS requests. An authenticated attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2021-3671) The fix for CVE-2020-25717 results in possible behaviour changes that could affect certain environments. Please see the upstream advisory for more information: https://www.samba.org/samba/security/CVE-2020-25717.html Source: USN-5174-1: Samba vulnerabilities

USN-5173-1: libmodbus vulnerabilities It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. Source: USN-5173-1: libmodbus vulnerabilities

USN-5172-1: uriparser vulnerabilities It was discovered that uriparser mishandled certain input. An attacker could use this vulnerability to cause uriparser to crash or possibly execute arbitrary code. (CVE-2018-19198, CVE-2018-19199, CVE-2018-19200) It was discovered that uriparser incorrectly handled certain URIs. An attacker could use this vulnerability to cause a crash or possibly leak sensitive information. (CVE-2018-20721) Source: USN-5172-1: uriparser vulnerabilities

USN-5171-1: Long Range ZIP vulnerabilities It was discovered that Long Range ZIP incorrectly handled certain specially crafted lrz files. A remote attacker could possibly use this issue to cause a denial of service (crash) or other unspecified impact. Source: USN-5171-1: Long Range ZIP vulnerabilities