Ubuntu security

USN-6005-1: Sudo vulnerabilities Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed. Source: USN-6005-1: Sudo vulnerabilities

USN-6002-1: Irssi vulnerability It was discovered that Irssi incorrectly handled certain internal routines. An attacker could possibly use this issue to cause a crash. Source: USN-6002-1: Irssi vulnerability

USN-6003-1: Emacs vulnerability Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands. Source: USN-6003-1: Emacs vulnerability

USN-6001-1: Linux kernel (AWS) vulnerabilities Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service (connection termination) or inject forged data. (CVE-2020-36516) Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2021-26401) Jürgen Groß discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service [ more… ]

USN-6000-1: Linux kernel (BlueField) vulnerabilities It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3169) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Gwangun Jung discovered a race condition in the IPv4 implementation in [ more… ]