Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5625-1

Ubuntu Security Notice 5625-1 - It was discovered that Mako incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6592-01

Red Hat Security Advisory 2022-6592-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a heap overflow vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6580-01

Red Hat Security Advisory 2022-6580-01 - The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one site at a time.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5621-1

Ubuntu Security Notice 5621-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5626-1

Ubuntu Security Notice 5626-1 - Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. It was discovered that Bind incorrectly handled statistics requests. A remote attacker could possibly use this issue to obtain sensitive memory contents, or cause a denial of service. This issue only affected Ubuntu 22.04 LTS.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5622-1

Ubuntu Security Notice 5622-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5624-1

Ubuntu Security Notice 5624-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5623-1

Ubuntu Security Notice 5623-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6582-01

Red Hat Security Advisory 2022-6582-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and heap overflow vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6590-01

Red Hat Security Advisory 2022-6590-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6585-01

Red Hat Security Advisory 2022-6585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a double free vulnerability.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5618-1

Ubuntu Security Notice 5618-1 - It was discovered the Ghostscript incorrectly handled memory when processing certain inputs. By tricking a user into opening a specially crafted PDF file, an attacker could cause the program to crash.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6595-01

Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6634-01

Red Hat Security Advisory 2022-6634-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6610-01

Red Hat Security Advisory 2022-6610-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and heap overflow vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6608-01

Red Hat Security Advisory 2022-6608-01 - dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features provided by recent Linux kernel releases. Issues addressed include buffer over-read and null pointer vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6602-01

Red Hat Security Advisory 2022-6602-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6536-01

Red Hat Security Advisory 2022-6536-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5619-1

Ubuntu Security Notice 5619-1 - It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6537-01

Red Hat Security Advisory 2022-6537-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5. Issues addressed include denial of service and out of bounds read vulnerabilities.

Full Disclosure

Backdoor.Win32.Hellza.120 / Unauthorized Remote Command Execution

Posted by malvuln on Sep 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hellza.120
Vulnerability: Unauthorized Remote Command Execution
Description: The malware listens on TCP ports 12122, 21. Third-party
adversarys who can reach infected systems can issue commands made available
by the...

Full Disclosure

Trojan-Dropper.Win32.Corty.10 / Insecure Credential Storage

Posted by malvuln on Sep 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/f72138e574743640bdcdb9f102dff0a5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Corty.10
Vulnerability: Insecure Credential Storage
Description: The malware stores its credentials in cleartext within the
Windows registry.
Family: Corty
Type: PE32
MD5: f72138e574743640bdcdb9f102dff0a5
Vuln ID:...

Full Disclosure

Trojan.Ransom.Ryuk.A / Arbitrary Code Execution

Posted by malvuln on Sep 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5ac0f050f93f86e69026faea1fbb4450.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Ransom.Ryuk.A
Vulnerability: Arbitrary Code Execution
Description: The ransomware looks for and executes DLLs in its current
directory. Therefore, we can potentially hijack a vuln DLL execute our own
code, control and terminate...

Full Disclosure

Backdoor.Win32.Hellza.120 / Authentication Bypass

Posted by malvuln on Sep 19

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hellza.120
Vulnerability: Authentication Bypass
Description: The malware listens on TCP ports 12122, 21. Third-party
adversarys who can reach infected systems can logon using any
username/password combination....

Full Disclosure

Re: over 2000 packages depend on abort()ing libgmp

Posted by Matthew Fernandez on Sep 19

What is the security boundary being violated here? As a maintainer of
some of the packages implicated here, I’m unsure what my actionable
tasks are. The threat model(s) for my packages does not consider crashes
to be a security violation. On the other side, things like crypto code
frequently use their own non-GMP implementation of bignum arith for this
(and other) reason.

Not trying to brush this off. But I’m just trying to gain an...

Exploit-DB Updates

[local] Blink1Control2 2.2.7 - Weak Password Encryption

Blink1Control2 2.2.7 - Weak Password Encryption

Exploit-DB Updates

[webapps] Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass

Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass

Exploit-DB Updates

[remote] Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)

Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Bookwyrm v0.4.3 - Authentication Bypass

Bookwyrm v0.4.3 - Authentication Bypass

Exploit-DB Updates

[remote] Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE)

Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE)

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5617-1

Ubuntu Security Notice 5617-1 - It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Julien Grall discovered that Xen incorrectly handled memory barriers on ARM-based systems. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or escalate privileges.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5613-2

Ubuntu Security Notice 5613-2 - USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression. It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution. It was discovered that Vim was not properly performing checks on name of lambda functions. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 22.04 LTS. It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was not properly processing latin1 data when issuing Ex commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers. An attacker could possibly use this issue to cause a denial of service. It was discovered that Vim was not properly processing invalid bytes when performing spell check operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5616-1

Ubuntu Security Notice 5616-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6551-01

Red Hat Security Advisory 2022-6551-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, information leakage, privilege escalation, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6541-01

Red Hat Security Advisory 2022-6541-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5615-1

Ubuntu Security Notice 5615-1 - It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that SQLite incorrectly handled ALTER TABLE for views that have a nested FROM clause. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5614-1

Ubuntu Security Notice 5614-1 - It was discovered that Wayland incorrectly handled reference counting certain objects. An attacker could use this issue to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code.

Exploit-DB Updates

[webapps] Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)

Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)

Full Disclosure

SEC Consult SA-20220914-0 :: Improper Access Control in SAP® SAProuter

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 15

SEC Consult Vulnerability Lab Security Advisory < 20220914-0 >
=======================================================================
title: Improper Access Control
product: SAP® SAProuter
vulnerable version: see section "Vulnerable / tested versions"
fixed version: see SAP security note 3158375
CVE number: CVE-2022-27668
impact: high
homepage:...

Full Disclosure

SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP® SAPControl Web Service Interface (sapuxuserchk)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 15

SEC Consult Vulnerability Lab Security Advisory < 20220915-0 >
=======================================================================
title: Local privilege escalation
product: SAP® SAPControl Web Service Interface (sapuxuserchk)
vulnerable version: see section "Vulnerable / tested versions"
fixed version: see SAP security note 3158619
CVE number: CVE-2022-29614...

Full Disclosure

over 2000 packages depend on abort()ing libgmp

Posted by Georgi Guninski on Sep 15

ping world

libgmp is library about big numbers.

it is not a library for very big numbers, because
if libgmp meets a very big number, it calls abort()
and coredumps.

2442 packages depend on libgmp on ubuntu20.

guest3@ubuntu20:~/prim$ apt-cache rdepends libgmp10 | wc -l
2442

gawk crash:

guest3@ubuntu20:~/prim$ gawk --bignum 'BEGIN { a = 2 ^ 2 ^41; print "a =", a }'
gmp: overflow in mpz type
Aborted (core dumped)...

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6542-01

Red Hat Security Advisory 2022-6542-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6540-01

Red Hat Security Advisory 2022-6540-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6527-01

Red Hat Security Advisory 2022-6527-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.0 RPMs.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5612-1

Ubuntu Security Notice 5612-1 - Pietro Borrello, Andreas Kogler, Martin Schwarzl, Daniel Gruss, Michael Schwarz and Moritz Lipp discovered that some Intel processors did not properly clear data between subsequent xAPIC MMIO reads. This could allow a local attacker to compromise SGX enclaves.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5613-1

Ubuntu Security Notice 5613-1 - It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6539-01

Red Hat Security Advisory 2022-6539-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6308-01

Red Hat Security Advisory 2022-6308-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.49. There are no RPMs for this release. Space precludes documenting all of the container images in this advisory. Issues addressed include bypass and code execution vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6526-01

Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5606-2

Ubuntu Security Notice 5606-2 - USN-5606-1 fixed a vulnerability in poppler. Unfortunately it was missing a commit to fix it properly. This update provides the corresponding fix for Ubuntu 18.04 LTS and Ubuntu 16.04 ESM. It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6523-01

Red Hat Security Advisory 2022-6523-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6520-01

Red Hat Security Advisory 2022-6520-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.109 and .NET Runtime 6.0.9.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6522-01

Red Hat Security Advisory 2022-6522-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.423 and .NET Runtime 3.1.29.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6518-01

Red Hat Security Advisory 2022-6518-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6517-01

Red Hat Security Advisory 2022-6517-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6521-01

Red Hat Security Advisory 2022-6521-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.109 and Runtime 6.0.9.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5583-2

Ubuntu Security Notice 5583-2 - USN-5583-1 fixed vulnerabilities in systemd. Unfortunately this caused a regression by introducing networking problems for some users. This update fixes the problem. It was discovered that systemd incorrectly handled certain DNS requests, which leads to user-after-free vulnerability. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2022-6504-01

Red Hat Security Advisory 2022-6504-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5611-1

Ubuntu Security Notice 5611-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5610-1

Ubuntu Security Notice 5610-1 - Addison Crump discovered that rust-regex did not properly limit the complexity of the regular expressions it parses. An attacker could possibly use this issue to cause a denial of service.