No Image

USN-4990-1: Nettle vulnerabilities

2021-06-17 KENNETH 0

USN-4990-1: Nettle vulnerabilities It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. (CVE-2021-3580) It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16869) Source: USN-4990-1: Nettle vulnerabilities

No Image

USN-4989-2: BlueZ vulnerabilities

2021-06-16 KENNETH 0

USN-4989-2: BlueZ vulnerabilities USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. (CVE-2020-26558) Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27153) Source: USN-4989-2: BlueZ vulnerabilities

No Image

USN-4989-1: BlueZ vulnerabilities

2021-06-16 KENNETH 0

USN-4989-1: BlueZ vulnerabilities It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. (CVE-2020-26558) Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27153) Ziming Zhang discovered that BlueZ incorrectly handled certain array indexes. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-3588) Source: USN-4989-1: BlueZ vulnerabilities

No Image

USN-4988-1: ImageMagick vulnerabilities

2021-06-15 KENNETH 0

USN-4988-1: ImageMagick vulnerabilities It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Source: USN-4988-1: ImageMagick vulnerabilities

No Image

USN-4986-4: rpcbind regression

2021-06-11 KENNETH 0

USN-4986-4: rpcbind regression USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service. Source: USN-4986-4: rpcbind regression