ubuntu-usn

Ubuntu security notices

No Image

USN-4740-1: Apache Shiro vulnerabilities

2021-02-19 KENNETH 0

USN-4740-1: Apache Shiro vulnerabilities It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms. Source: USN-4740-1: Apache Shiro vulnerabilities

No Image

USN-4739-1: WebKitGTK vulnerability

2021-02-18 KENNETH 0

USN-4739-1: WebKitGTK vulnerability A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Source: USN-4739-1: WebKitGTK vulnerability

No Image

USN-4738-1: OpenSSL vulnerabilities

2021-02-18 KENNETH 0

USN-4738-1: OpenSSL vulnerabilities Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23840) Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841) Source: USN-4738-1: OpenSSL vulnerabilities

No Image

USN-4737-1: Bind vulnerability

2021-02-18 KENNETH 0

USN-4737-1: Bind vulnerability It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile. Source: USN-4737-1: Bind vulnerability

No Image

USN-4734-2: wpa_supplicant and hostapd vulnerabilities

2021-02-17 KENNETH 0

USN-4734-2: wpa_supplicant and hostapd vulnerabilities USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-0326) It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. (CVE-2020-12695) Source: USN-4734-2: wpa_supplicant and hostapd vulnerabilities