Ubuntu security

USN-4929-1: Bind vulnerabilities Greg Kuechle discovered that Bind incorrectly handled certain incremental zone updates. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25214) Siva Kakarla discovered that Bind incorrectly handled certain DNAME records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25215) It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-25216) Source: USN-4929-1: Bind vulnerabilities

USN-4928-1: GStreamer Good Plugins vulnerabilities It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause access sensitive information or cause a crash. (CVE-2021-3497) It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code or cause a crash. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-3498) Source: USN-4928-1: GStreamer Good Plugins vulnerabilities

USN-4913-2: Underscore vulnerability USN-4913-1 fixed vulnerabilities in Underscore. This update provides the corresponding updates for Ubuntu 21.04. Original advisory details: It was discovered that Underscore incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code. Source: USN-4913-2: Underscore vulnerability

USN-4892-1: OpenJDK vulnerability It was discovered that OpenJDK incorrectly verified Jar signatures. An attacker could possibly use this issue to bypass intended security restrictions when using Jar files signed with a disabled algorithm. Source: USN-4892-1: OpenJDK vulnerability

USN-4922-2: Ruby vulnerability USN-4922-1 fixed a vulnerability in Ruby. This update provides the corresponding update for Ubuntu 21.04. Original advisory details: Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. Source: USN-4922-2: Ruby vulnerability