Ubuntu Security Notice 5892-2 - USN-5892-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code.
31cccce14c13d752e3da2d4dae4af97860c9c7d2e50376f9e6b7d48629524e70Ubuntu Security Notice 5672-2 - USN-5672-1 fixed a vulnerability in GMP. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service.
4a0ada3b7510d628efc6c88de70908c1a5c5b91821a0f42fe6e4debbd138384aUbuntu Security Notice 5922-1 - It was discovered that FriBidi incorrectly handled the processing of input strings, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. It was discovered that FriBidi incorrectly validated input data to its CapRTL unicode encoder, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code.
fa561b2e83b1346bb71f4330811531728a46bfa18b63dcb5f3891986dfb2a9d2Ubuntu Security Notice 5767-3 - USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
3dc497cd1ab19fc28ac4bd2bee894b67b6bef61851ee8c1945e255f133cd4e65Ubuntu Security Notice 5921-1 - Koen van Hove discovered that the rsync client incorrectly validated filenames returned by servers. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to write arbitrary files, and possibly escalate privileges.
35d52e9980c3b3b1564055c12ccb518fb324abda65d1fd79b116b82879e48886This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.
e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed