ubuntu-usn

Ubuntu security notices

No Image

USN-6307-1: JOSE for C/C++ vulnerability

2023-08-25 KENNETH 0

USN-6307-1: JOSE for C/C++ vulnerability It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. An attacker could use this to cause a denial of service (system crash) or might expose sensitive information. Source: USN-6307-1: JOSE for C/C++ vulnerability

No Image

USN-6306-1: Fast DDS vulnerabilities

2023-08-25 KENNETH 0

USN-6306-1: Fast DDS vulnerabilities It was discovered that Fast DDS incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service and information exposure. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-38425) It was discovered that Fast DDS incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. (CVE-2023-39534, CVE-2023-39945, CVE-2023-39946, CVE-2023-39947, CVE-2023-39948, CVE-2023-39949) Source: USN-6306-1: Fast DDS vulnerabilities

No Image

USN-6305-1: PHP vulnerabilities

2023-08-24 KENNETH 0

USN-6305-1: PHP vulnerabilities It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-3823) It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code. (CVE-2023-3824) Source: USN-6305-1: PHP vulnerabilities

No Image

USN-6304-1: Inetutils vulnerabilities

2023-08-23 KENNETH 0

USN-6304-1: Inetutils vulnerabilities It was discovered that telnetd in GNU Inetutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS (CVE-2022-39028) It was discovered that Inetutils incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information, or execute arbitrary code. (CVE-2023-40303) Source: USN-6304-1: Inetutils vulnerabilities

No Image

USN-6303-2: ClamAV vulnerability

2023-08-22 KENNETH 0

USN-6303-2: ClamAV vulnerability USN-6303-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Source: USN-6303-2: ClamAV vulnerability