Ubuntu security

USN-6276-1: unixODBC vulnerability It was discovered that unixODBC incorrectly handled certain unicode to ansi copies. An attacker could possibly use this issue to cause a denial of service. Source: USN-6276-1: unixODBC vulnerability

USN-6274-1: XMLTooling vulnerability Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery. Source: USN-6274-1: XMLTooling vulnerability

USN-6275-1: Cargo vulnerability Addison Crump discovered that Cargo incorrectly set file permissions on UNIX-like systems when extracting crate archives. If the crate would contain files writable by any user, a local attacker could possibly use this issue to execute code as another user. Source: USN-6275-1: Cargo vulnerability

USN-6273-1: poppler vulnerabilities Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-27337) It was discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-34872) Source: USN-6273-1: poppler vulnerabilities

USN-5064-3: GNU cpio vulnerability USN-5064-1 fixed a vulnerability in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5064-3: GNU cpio vulnerability