No Image

USN-6049-1: Netty vulnerabilities

2023-04-29 KENNETH 0

USN-6049-1: Netty vulnerabilities It was discovered that Netty’s Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-11612) It was discovered that Netty created temporary files with excessive permissions. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290) It was discovered that Netty did not properly validate content-length headers. A remote attacker could possibly use this issue to smuggle requests. This issue was only fixed in Ubuntu 20.04 ESM. (CVE-2021-21295, CVE-2021-21409) It was discovered that Netty’s Bzip2 decompression decoder did not limit the decompressed output data size. A remote attacker [ more… ]

No Image

USN-6037-1: Apache Commons Net vulnerability

2023-04-28 KENNETH 0

USN-6037-1: Apache Commons Net vulnerability ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private network of the client. Source: USN-6037-1: Apache Commons Net vulnerability

No Image

USN-6048-1: ZenLib vulnerability

2023-04-28 KENNETH 0

USN-6048-1: ZenLib vulnerability It was discovered that ZenLib doesn’t check the return value of a specific operation before using it. An attacker could use a specially crafted input to crash programs using the library. Source: USN-6048-1: ZenLib vulnerability

[BASH] changed default value of enable-bracketed-paste in bash 5.1

2023-04-28 KENNETH 0

bash 5.1 에서 변경된 “enable-bracketed-paste” 옵션의 기본값   증상 여러 라인의 커맨드를 입력하면 바로 실행되는 것이 아니라 cmd1;cmd2;cmd3;cmd4 형태처럼 입력만 되고 실행이 되지 않는 상황 발생     원인 bash 5.1 이상에서는 bracketed paste가 기본적으로 bash 에서 활성화 되었기 때문 기존 : off     처리 전체 유저 대상 : /etc/inputrc 파일 수정 특정 유저 대상 : ~/.inputrc 파일 수정    

No Image

USN-6047-1: Linux kernel vulnerability

2023-04-28 KENNETH 0

USN-6047-1: Linux kernel vulnerability It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Source: USN-6047-1: Linux kernel vulnerability