Ubuntu security

Ubuntu security notices

No Image

USN-4589-2: Docker vulnerability

2020-10-16 KENNETH 0

USN-4589-2: Docker vulnerability USN-4589-1 fixed a vulnerability in containerd. This update provides the corresponding update for docker.io. Original advisory details: It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user’s registry credentials. Source: USN-4589-2: Docker vulnerability

No Image

USN-4589-1: containerd vulnerability

2020-10-16 KENNETH 0

USN-4589-1: containerd vulnerability It was discovered that containerd could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user’s registry credentials. Source: USN-4589-1: containerd vulnerability

No Image

USN-4583-1: PHP vulnerabilities

2020-10-15 KENNETH 0

USN-4583-1: PHP vulnerabilities It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7069) It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. (CVE-2020-7070) Source: USN-4583-1: PHP vulnerabilities

No Image

USN-4582-1: Vim vulnerabilities

2020-10-15 KENNETH 0

USN-4582-1: Vim vulnerabilities It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-17087) It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. (CVE-2019-20807) Source: USN-4582-1: Vim vulnerabilities

No Image

USN-4581-1: Python vulnerability

2020-10-14 KENNETH 0

USN-4581-1: Python vulnerability It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection. Source: USN-4581-1: Python vulnerability