Ubuntu security notices
USN-4512-1: util-linux vulnerability It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion. Source: USN-4512-1: util-linux vulnerability
USN-4511-1: QEMU vulnerability Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Source: USN-4511-1: QEMU vulnerability
USN-4510-1: Samba vulnerability Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the “server schannel” setting to default to “yes”, instead of “auto”, which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting. Source: USN-4510-1: Samba vulnerability
USN-4509-1: Perl DBI module vulnerabilities It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2013-7490) It was discovered that Perl DBI module incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information. (CVE-2014-10401) Source: USN-4509-1: Perl DBI module vulnerabilities
USN-4508-1: StoreBackup vulnerability It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code. (CVE-2020-7040) Source: USN-4508-1: StoreBackup vulnerability
Copyright © 2024 | WordPress Theme by MH Themes
