Ubuntu security

Ubuntu security notices

No Image

USN-6156-2: SSSD regression

2023-06-16 KENNETH 0

USN-6156-2: SSSD regression USN-6156-1 fixed a vulnerability in SSSD. In certain environments, not all packages ended up being upgraded at the same time, resulting in authentication failures when the PAM module was being used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that SSSD incorrrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges. Source: USN-6156-2: SSSD regression

No Image

USN-6169-1: GNU SASL vulnerability

2023-06-16 KENNETH 0

USN-6169-1: GNU SASL vulnerability It was discovered that GNU SASL’s GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API authentication data. A remote attacker could possibly use this issue to cause a denial of service or to expose sensitive information. Source: USN-6169-1: GNU SASL vulnerability

No Image

USN-6168-1: libx11 vulnerability

2023-06-16 KENNETH 0

USN-6168-1: libx11 vulnerability Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service. Source: USN-6168-1: libx11 vulnerability

No Image

USN-6155-2: Requests vulnerability

2023-06-15 KENNETH 0

USN-6155-2: Requests vulnerability USN-6155-1 fixed a vulnerability in Requests. This update provides the corresponding update for Ubuntu 16.04 ESM and 18.04 ESM. Original advisory details: Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. Source: USN-6155-2: Requests vulnerability

No Image

USN-6166-1: libcap2 vulnerabilities

2023-06-14 KENNETH 0

USN-6166-1: libcap2 vulnerabilities David Gstir discovered that libcap2 incorrectly handled certain return codes. An attacker could possibly use this issue to cause libcap2 to consume memory, leading to a denial of service. (CVE-2023-2602) Richard Weinberger discovered that libcap2 incorrectly handled certain long input strings. An attacker could use this issue to cause libcap2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-2603) Source: USN-6166-1: libcap2 vulnerabilities