ubuntu-usn

Ubuntu security notices

No Image

USN-4723-1: PEAR vulnerability

2021-02-08 KENNETH 0

USN-4723-1: PEAR vulnerability It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code. Source: USN-4723-1: PEAR vulnerability

No Image

USN-4722-1: ReadyMedia (MiniDLNA) vulnerabilities

2021-02-05 KENNETH 0

USN-4722-1: ReadyMedia (MiniDLNA) vulnerabilities It was discovered that ReadyMedia (MiniDLNA) allowed subscription requests with a delivery URL on a different network segment than the fully qualified event- subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. (CVE-2020-12695) It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. A remote attacker could send a malicious UPnP HTTP request to the service using HTTP chunked encoding and cause a denial of service. (CVE-2020-28926) Source: USN-4722-1: ReadyMedia (MiniDLNA) vulnerabilities

No Image

USN-4721-1: Flatpak vulnerability

2021-02-05 KENNETH 0

USN-4721-1: Flatpak vulnerability Simon McVittieg discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system (a sandbox escape). A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak “run” command, and use it to execute arbitrary code outside the sandbox. Source: USN-4721-1: Flatpak vulnerability

No Image

USN-4720-2: Apport vulnerabilities

2021-02-03 KENNETH 0

USN-4720-2: Apport vulnerabilities USN-4720-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2021-25682, CVE-2021-25683) Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A local attacker could possibly use this issue to cause Apport to hang, resulting in a denial of service. (CVE-2021-25684) Source: USN-4720-2: Apport vulnerabilities

No Image

USN-4720-1: Apport vulnerabilities

2021-02-03 KENNETH 0

USN-4720-1: Apport vulnerabilities Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2021-25682, CVE-2021-25683) Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A local attacker could possibly use this issue to cause Apport to hang, resulting in a denial of service. (CVE-2021-25684) Source: USN-4720-1: Apport vulnerabilities