Headline
Ubuntu Security Notice USN-5990-1
Ubuntu Security Notice 5990-1 - It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. It was discovered that musl did not handle wide-character conversion properly. A remote attacker could use this vulnerability to cause resource consumption , denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
==========================================================================Ubuntu Security Notice USN-5990-1March 31, 2023musl vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 ESM- Ubuntu 18.04 ESM- Ubuntu 16.04 ESM- Ubuntu 14.04 ESMSummary:Several security issues were fixed in musl.Software Description:- musl: standard C libraryDetails:It was discovered that musl did not handle certain i386 math functionsproperly. An attacker could use this vulnerability to cause a denial ofservice (crash) or possibly execute arbitrary code. This issue onlyaffected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS.(CVE-2019-14697)It was discovered that musl did not handle wide-character conversionproperly. A remote attacker could use this vulnerability to cause resourceconsumption (infinite loop), denial of service, or possibly executearbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28928)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 ESM:musl 1.1.24-1ubuntu0.1~esm1musl-dev 1.1.24-1ubuntu0.1~esm1Ubuntu 18.04 ESM:musl 1.1.19-1ubuntu0.1~esm1musl-dev 1.1.19-1ubuntu0.1~esm1Ubuntu 16.04 ESM:musl 1.1.9-1ubuntu0.1~esm3musl-dev 1.1.9-1ubuntu0.1~esm3Ubuntu 14.04 ESM:musl 0.9.15-1ubuntu0.1~esm2musl-dev 0.9.15-1ubuntu0.1~esm2In general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-5990-1CVE-2019-14697, CVE-2020-28928Related news
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically i...
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.