Headline
Ubuntu Security Notice USN-5720-1
Ubuntu Security Notice 5720-1 - It was discovered that Zstandard was not properly managing file permissions when generating output files. A local attacker could possibly use this issue to cause a race condition and gain unauthorized access to sensitive data.
==========================================================================Ubuntu Security Notice USN-5720-1November 09, 2022libzstd vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:Zstandard could be made to expose sensitive informationSoftware Description:- libzstd: fast lossless compression algorithmDetails:It was discovered that Zstandard was not properly managing filepermissions when generating output files. A local attacker couldpossibly use this issue to cause a race condition and gainunauthorized access to sensitive data.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM: libzstd1 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3 zstd 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5720-1 CVE-2021-24031, CVE-2021-24032
Related news
Red Hat Security Advisory 2024-3527-03 - Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Issues addressed include buffer overflow, denial of service, integer overflow, memory leak, and resource exhaustion vulnerabilities.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).