Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5614-1

Ubuntu Security Notice 5614-1 - It was discovered that Wayland incorrectly handled reference counting certain objects. An attacker could use this issue to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-5614-1
September 15, 2022

wayland vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS

Summary:

Wayland could be made to crash or run programs.

Software Description:

  • wayland: Wayland compositor infrastructure

Details:

It was discovered that Wayland incorrectly handled reference counting
certain objects. An attacker could use this issue to cause Wayland to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
libwayland-bin 1.20.0-1ubuntu0.1
libwayland-client0 1.20.0-1ubuntu0.1
libwayland-egl1 1.20.0-1ubuntu0.1
libwayland-server0 1.20.0-1ubuntu0.1

Ubuntu 20.04 LTS:
libwayland-bin 1.18.0-1ubuntu0.1
libwayland-client0 1.18.0-1ubuntu0.1
libwayland-egl1 1.18.0-1ubuntu0.1
libwayland-server0 1.18.0-1ubuntu0.1

Ubuntu 18.04 LTS:
libwayland-bin 1.16.0-1ubuntu1.1~18.04.4
libwayland-client0 1.16.0-1ubuntu1.1~18.04.4
libwayland-egl1 1.16.0-1ubuntu1.1~18.04.4
libwayland-server0 1.16.0-1ubuntu1.1~18.04.4

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5614-1
CVE-2021-3782

Package Information:
https://launchpad.net/ubuntu/+source/wayland/1.20.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/wayland/1.18.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/wayland/1.16.0-1ubuntu1.1~18.04.4

Related news

Red Hat Security Advisory 2023-3813-01

Red Hat Security Advisory 2023-3813-01 - An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8.

RHSA-2023:3813: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4492: A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2...

Red Hat Security Advisory 2023-3664-01

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

RHSA-2023:3664: Red Hat Security Advisory: OpenShift Jenkins image and Jenkins agent base image security update

Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...

RHSA-2023:2786: Red Hat Security Advisory: wayland security, bug fix, and enhancement update

An update for wayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3782: An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of e...

CVE-2023-0036: en/security-disclosure/2023/2023-01.md · OpenHarmony/security - Gitee.com

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

Ubuntu Security Notice USN-5614-2

Ubuntu Security Notice 5614-2 - USN-5614-1 fixed a vulnerability in Wayland. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Wayland incorrectly handled reference counting certain objects. An attacker could use this issue to cause Wayland to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2021-3782: Reference count overflow in shm leads to use-after-free (#224) · Issues · wayland / wayland · GitLab

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution