ubuntu-usn

Ubuntu security notices

No Image

USN-5260-1: Samba vulnerabilities

2022-02-01 KENNETH 0

USN-5260-1: Samba vulnerabilities Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled certain memory operations. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as root. (CVE-2021-44142) Michael Hanselmann discovered that Samba incorrectly created directories. In certain configurations, a remote attacker could possibly create a directory on the server outside of the shared directory. (CVE-2021-43566) Kees van Vloten discovered that Samba incorrectly handled certain aliased SPN checks. A remote attacker could possibly use this issue to impersonate services. (CVE-2022-0336) Source: USN-5260-1: Samba vulnerabilities

No Image

USN-5257-1: ldns vulnerabilities

2022-01-31 KENNETH 0

USN-5257-1: ldns vulnerabilities It was discovered that ldns incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-19860, CVE-2020-19861) Source: USN-5257-1: ldns vulnerabilities

No Image

USN-5255-1: WebKitGTK vulnerabilities

2022-01-28 KENNETH 0

USN-5255-1: WebKitGTK vulnerabilities A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Source: USN-5255-1: WebKitGTK vulnerabilities

No Image

USN-5064-2: GNU cpio vulnerability

2022-01-28 KENNETH 0

USN-5064-2: GNU cpio vulnerability USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5064-2: GNU cpio vulnerability

No Image

USN-5254-1: shadow vulnerabilities

2022-01-27 KENNETH 0

USN-5254-1: shadow vulnerabilities It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424) It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2018-7169) Source: USN-5254-1: shadow vulnerabilities