Ubuntu security

Ubuntu security notices

No Image

USN-5968-1: GitPython vulnerability

2023-03-23 KENNETH 0

USN-5968-1: GitPython vulnerability It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host. Source: USN-5968-1: GitPython vulnerability

No Image

USN-5967-1: object-path vulnerabilities

2023-03-22 KENNETH 0

USN-5967-1: object-path vulnerabilities It was discovered that the set() method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash. (CVE-2020-15256, CVE-2021-23434, CVE-2021-3805) Source: USN-5967-1: object-path vulnerabilities

No Image

USN-5965-1: TigerVNC vulnerability

2023-03-21 KENNETH 0

USN-5965-1: TigerVNC vulnerability It was discovered that TigerVNC mishandled TLS certificate exceptions. An attacker could use this vulnerability to impersonate any server after a client had added an exception and obtain sensitive information. Source: USN-5965-1: TigerVNC vulnerability

No Image

USN-5904-2: SoX regression

2023-03-21 KENNETH 0

USN-5904-2: SoX regression USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for CVE-2021-33844 was incomplete. This update fixes the problem. Original advisory details: Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. (CVE-2019-13590) Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-23159, CVE-2021-23172, CVE-2021-23210, CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, and CVE-2022-31651) Source: USN-5904-2: SoX regression

No Image

USN-5806-3: Ruby vulnerability

2023-03-21 KENNETH 0

USN-5806-3: Ruby vulnerability USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Original advisory details: Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. Source: USN-5806-3: Ruby vulnerability