Ubuntu security

Ubuntu security notices

No Image

USN-4923-1: EDK II vulnerabilities

2021-04-21 KENNETH 0

USN-4923-1: EDK II vulnerabilities Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. (CVE-2021-28210) Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-28211) Source: USN-4923-1: EDK II vulnerabilities

No Image

USN-4922-1: Ruby vulnerability

2021-04-21 KENNETH 0

USN-4922-1: Ruby vulnerability Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. Source: USN-4922-1: Ruby vulnerability

No Image

USN-4921-1: libcaca vulnerability

2021-04-21 KENNETH 0

USN-4921-1: libcaca vulnerability It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. Source: USN-4921-1: libcaca vulnerability

No Image

USN-4918-2: ClamAV vulnerabilities

2021-04-20 KENNETH 0

USN-4918-2: ClamAV vulnerabilities USN-4918-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2021-1252) It was discovered that ClamAV incorrectly handled parsing PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1404) It was discovered that ClamAV incorrectly handled parsing email. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2021-1405) Source: USN-4918-2: ClamAV vulnerabilities

No Image

USN-4563-2: NTP vulnerability

2021-04-20 KENNETH 0

USN-4563-2: NTP vulnerability USN-4563-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 20.04 LTS and Ubuntu 20.10. Original advisory details: It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service (crash). Source: USN-4563-2: NTP vulnerability