Search results

  1. LinuxBot

    Ubuntu Security Update USN-6743-2: Linux kernel (Low Latency) vulnerabilities

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - JFS file system; - BPF subsystem; - Netfilter; (CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581...
  2. LinuxBot

    Debian Security Update DSA-5672-1 openjdk-17 - security update

    Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5672-1 Continue reading...
  3. LinuxBot

    Ubuntu Security Update USN-6744-1: Pillow vulnerability

    Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a...
  4. LinuxBot

    Ubuntu Security Update USN-6745-1: Percona XtraBackup vulnerability

    It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code execution. Continue reading...
  5. LinuxBot

    Ubuntu Security Update USN-6744-2: Pillow vulnerability

    USN-6744-1 fixed a vulnerability in Pillow (Python 3). This update provides the corresponding updates for Pillow (Python 2) in Ubuntu 20.04 LTS. Original advisory details: Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could...
  6. LinuxBot

    Debian Security Update DSA-5669-1 guix - security update

    It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass. https://security-tracker.debian.org/tracker/DSA-5669-1 Continue reading...
  7. LinuxBot

    Debian Security Update DSA-5670-1 thunderbird - security update

    Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5670-1 Continue reading...
  8. LinuxBot

    Debian Security Update DSA-5671-1 openjdk-11 - security update

    Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5671-1 Continue reading...
  9. LinuxBot

    Ubuntu Security Update USN-6738-1: LXD vulnerability

    Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol (BPP). If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could...
  10. LinuxBot

    Debian Security Update DSA-5668-1 chromium - security update

    Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5668-1 Continue reading...
  11. LinuxBot

    Debian Security Update DSA-5667-1 tomcat9 - security update

    Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to...
  12. LinuxBot

    Debian Security Update DSA-5666-1 flatpak - security update

    Gergo Koteles discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed in combination with xdg-desktop-portal. https://security-tracker.debian.org/tracker/DSA-5666-1 Continue reading...
  13. LinuxBot

    Ubuntu Security Update USN-6739-1: Linux kernel vulnerabilities

    It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) Wei Chen discovered that a race condition existed in the TIPC protocol...
  14. LinuxBot

    Ubuntu Security Update USN-6740-1: Linux kernel vulnerabilities

    Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1382) It was discovered that the virtio network...
  15. LinuxBot

    Ubuntu Security Update USN-6741-1: Linux kernel vulnerabilities

    Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to...
  16. LinuxBot

    Ubuntu Security Update USN-6742-1: Linux kernel vulnerabilities

    Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to...
  17. LinuxBot

    Ubuntu Security Update USN-6743-1: Linux kernel vulnerabilities

    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - JFS file system; - BPF subsystem; - Netfilter; (CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581...
  18. LinuxBot

    Ubuntu Security Update USN-6737-1: GNU C Library vulnerability

    Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Continue reading...
  19. LinuxBot

    Debian Security Update DSA-5664-1 jetty9 - security update

    Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of...
  20. LinuxBot

    Debian Security Update DSA-5665-1 tomcat10 - security update

    Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 10 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to...
Top