USN-6289-1: WebKitGTK vulnerabilities Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Source: USN-6289-1: WebKitGTK vulnerabilities
Announcing NGINX Plus R30 We’re happy to announce the availability of NGINX Plus Release 30 (R30). Based on NGINX Open Source, NGINX Plus is the only all-in-one software web server, load balancer, reverse proxy, content cache, and API gateway. New and enhanced features in NGINX Plus R30 include: Native support for QUIC+HTTP/3 – NGINX Plus now has official support for HTTP/3. The implementation does not depend on third-party libraries to provide the missing OpenSSL TLS functionality required to deliver HTTP/3 support over QUIC protocol. It uses an OpenSSL Compatibility Layer developed by the NGINX team to circumvent the challenges with QUIC TLS interfaces that are not supported by OpenSSL. Per-worker connection telemetry – Monitoring connections at a per-worker level is now supported. This enables users to fine tune NGINX performance by regulating the number of worker processes and effectively distributing connections amongst workers for [ more… ]
USN-6288-1: MySQL vulnerabilities Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.34 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-34.html https://www.oracle.com/security-alerts/cpujul2023.html Source: USN-6288-1: MySQL vulnerabilities
USN-4897-2: Pygments vulnerabilities USN-4897-1 fixed several vulnerabilities in Pygments. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service. (CVE-2021-27291) It was discovered that Pygments incorrectly handled parsing certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-20270) Source: USN-4897-2: Pygments vulnerabilities
USN-6287-1: Go yaml vulnerabilities Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. (CVE-2021-4235) It was discovered that the Go yaml package incorrectly handled certain large YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. (CVE-2022-3064) Source: USN-6287-1: Go yaml vulnerabilities
Copyright © 2026 | WordPress Theme by MH Themes
