Ubuntu security

Ubuntu security notices

No Image

USN-6191-1: Linux kernel regression

2023-06-29 KENNETH 0

USN-6191-1: Linux kernel regression USN-6081-1, USN-6084-1, USN-6092-1 and USN-6095-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a spurious warning in the IPv6 subsystem. This update removes the undesired warning message. Source: USN-6191-1: Linux kernel regression

No Image

USN-6190-1: AccountsService vulnerability

2023-06-28 KENNETH 0

USN-6190-1: AccountsService vulnerability Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-6190-1: AccountsService vulnerability

No Image

USN-6189-1: etcd vulnerability

2023-06-28 KENNETH 0

USN-6189-1: etcd vulnerability It was discovered that etcd leaked credentials when debugging was enabled. This allowed remote attackers to discover etcd authentication credentials and possibly escalate privileges on systems using etcd. Source: USN-6189-1: etcd vulnerability

No Image

USN-6161-2: .NET regression

2023-06-23 KENNETH 0

USN-6161-2: .NET regression USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. (CVE-2023-24936) Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-29331) Kalle Niemitalo discovered that the .NET package manager, NuGet, was susceptible to a potential race condition. An attacker could possibly use this issue to perform remote code execution. (CVE-2023-29337) Tom Deseyn discovered that .NET did not properly process certain arguments when extracting the [ more… ]

No Image

USN-6188-1: OpenSSL vulnerability

2023-06-22 KENNETH 0

USN-6188-1: OpenSSL vulnerability Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Source: USN-6188-1: OpenSSL vulnerability