ubuntu-usn

USN-4733-2: GNOME Autoar regression USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix introduced a regression when extracting archives containing directories. This update fixes the problem. Original advisory details: Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Source: USN-4733-2: GNOME Autoar regression

USN-4757-2: wpa_supplicant and hostapd vulnerability USN-4757-1 fixed a vulnerability in wpa_supplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Source: USN-4757-2: wpa_supplicant and hostapd vulnerability

USN-4757-1: wpa_supplicant and hostapd vulnerability It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Source: USN-4757-1: wpa_supplicant and hostapd vulnerability

USN-4754-4: Python 2.7 vulnerability USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2020-27619, CVE-2021-3177) Source: USN-4754-4: Python 2.7 vulnerability

USN-4737-2: Bind vulnerability USN-4737-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile. Source: USN-4737-2: Bind vulnerability