ubuntu-usn

Ubuntu security notices

No Image

USN-6068-1: Open vSwitch vulnerability

2023-05-10 KENNETH 0

USN-6068-1: Open vSwitch vulnerability David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service. Source: USN-6068-1: Open vSwitch vulnerability

No Image

USN-6067-1: OpenStack Neutron vulnerabilities

2023-05-10 KENNETH 0

USN-6067-1: OpenStack Neutron vulnerabilities David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could possibly use this issue to impersonate the IPv6 addresses of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-20267) Jake Yip and Justin Mammarella discovered that OpenStack Neutron incorrectly handled the linuxbridge driver when ebtables-nft is being used. An attacker could possibly use this issue to impersonate the hardware addresss of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-38598) Pavel Toporkov discovered that OpenStack Neutron incorrectly handled extra_dhcp_opts values. An attacker could possibly use this issue to reconfigure dnsmasq. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40085) Slawek Kaplonski discovered that OpenStack Neutron incorrectly handled the routes middleware. [ more… ]

No Image

USN-6066-1: OpenStack Heat vulnerability

2023-05-10 KENNETH 0

USN-6066-1: OpenStack Heat vulnerability It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data. Source: USN-6066-1: OpenStack Heat vulnerability

No Image

USN-6065-1: css-what vulnerabilities

2023-05-10 KENNETH 0

USN-6065-1: css-what vulnerabilities It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-33587, CVE-2022-21222) Source: USN-6065-1: css-what vulnerabilities

No Image

USN-6064-1: SQL parse vulnerability

2023-05-10 KENNETH 0

USN-6064-1: SQL parse vulnerability It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service. Source: USN-6064-1: SQL parse vulnerability