Ubuntu Security Notice USN-6103-1

Ubuntu Security Notice 6103-1 - It was discovered that JSON Schema incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to exploit JavaScript runtimes and cause a denial of service or execute arbitrary code.

May 24^th 2023 at 15:56

Debian Security Advisory 5410-1

Debian Linux Security Advisory 5410-1 - Multiple security issues were discovered in Sofia-SIP, a SIP User-Agent library, which could result in denial of service.

May 24^th 2023 at 15:56

Red Hat Security Advisory 2023-3269-01

Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.

May 24^th 2023 at 15:54

Red Hat Security Advisory 2023-3276-01

Red Hat Security Advisory 2023-3276-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

May 24^th 2023 at 15:54

Ubuntu Security Notice USN-6074-3

Ubuntu Security Notice 6074-3 - USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service. Anne van Kesteren discovered that Firefox did not properly validate the import call in service workers. An attacker could potentially exploits this to obtain sensitive information. Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. If a user were tricked into opening a malicious favicon file, an attacker could cause a denial of service.

May 24^th 2023 at 15:52

Ubuntu Security Notice USN-6101-1

Ubuntu Security Notice 6101-1 - It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. It was discovered that GNU binutils did not properly verify the version definitions in zer0-lengthverdef table. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04.

May 24^th 2023 at 15:51

Red Hat Security Advisory 2023-3218-01

Red Hat Security Advisory 2023-3218-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60.

May 24^th 2023 at 15:50

Red Hat Security Advisory 2023-3280-01

Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

May 24^th 2023 at 15:50

Ubuntu Security Notice USN-6102-1

Ubuntu Security Notice 6102-1 - It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only affected Ubuntu 20.04 LTS. It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

May 24^th 2023 at 15:33

Ubuntu Security Notice USN-6098-1

Ubuntu Security Notice 6098-1 - It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that Jhead did not properly handle certain crafted images while processing longitude tags. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

May 24^th 2023 at 15:31

Ubuntu Security Notice USN-5996-2

Ubuntu Security Notice 5996-2 - USN-5996-1 fixed vulnerabilities in Liblouis. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

May 24^th 2023 at 15:31

Red Hat Security Advisory 2023-3263-01

Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

May 24^th 2023 at 15:29

Ubuntu Security Notice USN-6042-2

Ubuntu Security Notice 6042-2 - USN-6042-1 fixed a vulnerability in Cloud-init. The update introduced a regression on Ubuntu 20.04 LTS resulting in a possible loss of networking. This update fixes the problem. James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

May 24^th 2023 at 15:27

Red Hat Security Advisory 2023-3264-01

Red Hat Security Advisory 2023-3264-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

May 24^th 2023 at 15:20

Red Hat Security Advisory 2023-3278-01

Red Hat Security Advisory 2023-3278-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

May 24^th 2023 at 15:19

Ubuntu Security Notice USN-6088-2

Ubuntu Security Notice 6088-2 - USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. Felix Wilhelm discovered that runC incorrecly handled netlink messages. An attacker could possibly use this issue to escalate privileges.

May 24^th 2023 at 15:12

Red Hat Security Advisory 2023-3262-01

Red Hat Security Advisory 2023-3262-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

May 24^th 2023 at 15:11

Red Hat Security Advisory 2023-3265-01

Red Hat Security Advisory 2023-3265-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

May 24^th 2023 at 14:55

Red Hat Security Advisory 2023-3277-01

Red Hat Security Advisory 2023-3277-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

May 24^th 2023 at 14:55

Exploit-DB Updates
[webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
May 24^th 2023 at 00:00

[webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

May 24^th 2023 at 00:00

Exploit-DB Updates
[webapps] Service Provider Management System v1.0 - SQL Injection
May 24^th 2023 at 00:00

[webapps] Service Provider Management System v1.0 - SQL Injection

Service Provider Management System v1.0 - SQL Injection

May 24^th 2023 at 00:00

Ubuntu Security Notice USN-5725-2

Ubuntu Security Notice 5725-2 - USN-5725-1 fixed a vulnerability in Go. This update provides the corresponding update for Ubuntu 16.04 LTS. Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon discovered that Go incorrectly handled certain inputs. An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service.

May 23^rd 2023 at 14:00

Ubuntu Security Notice USN-6073-9

Ubuntu Security Notice 6073-9 - USN-6073-4 fixed a vulnerability in os-brick. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

May 23^rd 2023 at 13:59

Ubuntu Security Notice USN-6073-6

Ubuntu Security Notice 6073-6 - USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

May 23^rd 2023 at 13:58

Ubuntu Security Notice USN-6073-7

Ubuntu Security Notice 6073-7 - USN-6073-2 fixed a vulnerability in Glance_store. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

May 23^rd 2023 at 13:57

Ubuntu Security Notice USN-6099-1

Ubuntu Security Notice 6099-1 - It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.

May 23^rd 2023 at 13:56

Ubuntu Security Notice USN-6073-8

Ubuntu Security Notice 6073-8 - USN-6073-3 fixed a vulnerability in Nova. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.