ubuntu-usn

Ubuntu security notices

No Image

USN-6055-1: Ruby vulnerabilities

2023-05-04 KENNETH 0

USN-6055-1: Ruby vulnerabilities It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue is being addressed only for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-28756) Source: USN-6055-1: Ruby vulnerabilities

No Image

USN-6054-1: Django vulnerability

2023-05-03 KENNETH 0

USN-6054-1: Django vulnerability Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote attacker could possibly use this issue to bypass certain validations. Source: USN-6054-1: Django vulnerability

No Image

USN-6053-1: PHP vulnerability

2023-05-02 KENNETH 0

USN-6053-1: PHP vulnerability It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. Source: USN-6053-1: PHP vulnerability

No Image

USN-6052-1: Linux kernel vulnerability

2023-05-01 KENNETH 0

USN-6052-1: Linux kernel vulnerability It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Source: USN-6052-1: Linux kernel vulnerability

No Image

USN-6051-1: Linux kernel vulnerabilities

2023-05-01 KENNETH 0

USN-6051-1: Linux kernel vulnerabilities It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. (CVE-2023-1829) It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1872) Source: USN-6051-1: Linux kernel vulnerabilities