No Image

USN-4946-1: Linux kernel vulnerabilities

2021-05-12 KENNETH 0

USN-4946-1: Linux kernel vulnerabilities It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20292) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schönherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930) Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26931) Jan Beulich discovered that the Xen netback backend in the [ more… ]

No Image

USN-4947-1: Linux kernel (OEM) vulnerabilities

2021-05-12 KENNETH 0

USN-4947-1: Linux kernel (OEM) vulnerabilities Kiyin (尹亮) discovered that the x25 implementation in the Linux kernel contained overflows when handling addresses from user space. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-35519) It was discovered that the fastrpc driver in the Linux kernel did not prevent user space applications from sending kernel RPC messages. A local attacker could possibly use this to gain elevated privileges. (CVE-2021-28375) It was discovered that the TIPC protocol implementation in the Linux kernel did not properly validate passed encryption key sizes. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29646) It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause [ more… ]

No Image

USN-4945-1: Linux kernel vulnerabilities

2021-05-12 KENNETH 0

USN-4945-1: Linux kernel vulnerabilities It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25639) Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) It was discovered that the fastrpc driver in the Linux kernel did not prevent user space applications from sending kernel RPC messages. A local attacker could possibly use this to gain elevated privileges. (CVE-2021-28375) It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker [ more… ]

No Image

USN-4944-1: MariaDB vulnerabilities

2021-05-12 KENNETH 0

USN-4944-1: MariaDB vulnerabilities This update fixed multiple vulnerabilities in MariaDB. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.48. Ubuntu 20.04 LTS has been updated to MariaDB 10.3.29. Ubuntu 20.10 has been updated to MariaDB 10.3.29. Ubuntu 21.04 has been updated to MariaDB 10.5.10. Source: USN-4944-1: MariaDB vulnerabilities

No Image

USN-4943-1: XStream vulnerabilities

2021-05-11 KENNETH 0

USN-4943-1: XStream vulnerabilities Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. (CVE-2020-26217) It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. (CVE-2020-26258) It was discovered that XStream was vulnerable to arbitrary file deletion on the local host. A remote attacker could use this to delete arbitrary known files on the host as long as the executing process had sufficient rights only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. (CVE-2020-26259) It was discovered that XStream was vulnerable to denial of [ more… ]