Headline
Ubuntu Security Notice USN-5432-1
Ubuntu Security Notice 5432-1 - It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code. Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-5432-1May 23, 2022libpng vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:Several security issues were fixed in libpng.Software Description:- libpng: PNG (Portable Network Graphics) file libraryDetails:It was discovered that libpng incorrectly handled memory when parsingcertain PNG files. If a user or automated system were tricked into openinga specially crafted PNG file, an attacker could use this issue to causelibpng to crash, resulting in a denial of service, or possible executearbitrary code. (CVE-2017-12652)Zhengxiong Luo discovered that libpng incorrectly handled memory when parsingcertain PNG files. If a user or automated system were tricked into openinga specially crafted PNG file, an attacker could use this issue to causelibpng to crash, resulting in a denial of service, or possible executearbitrary code. (CVE-2018-14048)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM: libpng12-0 1.2.54-1ubuntu1.1+esm1 libpng12-dev 1.2.54-1ubuntu1.1+esm1 libpng3 1.2.54-1ubuntu1.1+esm1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5432-1 CVE-2017-12652, CVE-2018-14048Related news
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).