Ubuntu security

USN-6018-1: Apport vulnerability Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation vulnerability in apport-cli when viewing crash reports and unprivileged users are allowed to run sudo less. A local attacker on a specially configured system could use this to escalate their privilege. Source: USN-6018-1: Apport vulnerability

USN-6019-1: Flask-CORS vulnerability It was discovered that Flask-CORS did not properly escape paths before evaluating resource rules. An attacker could possibly use this to expose sensitive information. Source: USN-6019-1: Flask-CORS vulnerability

USN-6017-1: Ghostscript vulnerability Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. Source: USN-6017-1: Ghostscript vulnerability

USN-6016-1: thenify vulnerability It was discovered that thenify incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Source: USN-6016-1: thenify vulnerability

USN-6012-1: Smarty vulnerability It was discovered that Smarty incorrectly parsed blocks’ names and included files’ names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code. (CVE-2022-29221) Source: USN-6012-1: Smarty vulnerability