Ubuntu security notices
USN-5065-1: Open vSwitch vulnerability It was discovered that Open vSwitch incorrectly handled decoding RAW_ENCAP actions. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5065-1: Open vSwitch vulnerability
USN-5064-1: GNU cpio vulnerability Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5064-1: GNU cpio vulnerability
USN-5063-1: HAProxy vulnerabilities Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks. Source: USN-5063-1: HAProxy vulnerabilities
USN-5062-1: Linux kernel vulnerability Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. Source: USN-5062-1: Linux kernel vulnerability
USN-5051-4: OpenSSL regression USN-5051-2 introduced a regression in OpenSSL that affected only Ubuntu 14.04 ESM. This update fix the regression. Original advisory details: Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2021-3712) Source: USN-5051-4: OpenSSL regression
Copyright © 2024 | WordPress Theme by MH Themes
