Headline
Ubuntu Security Notice USN-5563-1
Ubuntu Security Notice 5563-1 - It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data.
=========================================================================Ubuntu Security Notice USN-5563-1August 10, 2022http-parser vulnerability=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:http-parser could be made to expose sensitive data if it receiveda specially crafted request.Software Description:- http-parser: parser for HTTP messages: development libraries and header filesDetails:It was discovered that http-parser incorrectly handled certain requests.An attacker could possibly use this issue to bypass security controls orgain unauthorized access to sensitive data.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS: libhttp-parser2.7.1 2.7.1-2ubuntu0.1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5563-1 CVE-2020-8287Package Information: https://launchpad.net/ubuntu/+source/http-parser/2.7.1-2ubuntu0.1Related news
Ubuntu Security Notice 6380-1 - Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Ethan Rubinson discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).