ubuntu-usn

Ubuntu security notices

No Image

USN-4736-1: Thunderbird vulnerabilities

2021-02-17 KENNETH 0

USN-4736-1: Thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964) It was discovered that responses received during the plaintext phase of the STARTTLS connection setup were subsequently evaluated during the encrypted session. A person in the middle could potentially exploit this to perform a response injection attack. (CVE-2020-15685) Source: USN-4736-1: Thunderbird vulnerabilities

No Image

USN-4735-1: PostgreSQL vulnerability

2021-02-15 KENNETH 0

USN-4735-1: PostgreSQL vulnerability Heikki Linnakangas discovered that PostgreSQL incorrectly leaked values of denied columns when handling certain errors. A remote attacker could possibly use this issue to obtain sensitive information. Source: USN-4735-1: PostgreSQL vulnerability

No Image

USN-4734-1: wpa_supplicant and hostapd vulnerabilities

2021-02-12 KENNETH 0

USN-4734-1: wpa_supplicant and hostapd vulnerabilities It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-0326) It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. (CVE-2020-12695) Source: USN-4734-1: wpa_supplicant and hostapd vulnerabilities

No Image

USN-4733-1: GNOME Autoar vulnerability

2021-02-11 KENNETH 0

USN-4733-1: GNOME Autoar vulnerability Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Source: USN-4733-1: GNOME Autoar vulnerability

No Image

USN-4732-1: SQLite vulnerability

2021-02-11 KENNETH 0

USN-4732-1: SQLite vulnerability It was discovered that SQLite incorrectly handled certain sub-queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4732-1: SQLite vulnerability