Packet Storm

Ubuntu Security Notice 6167-1 - It was discovered that QEMU did not properly manage the guest drivers when shared buffers are not allocated. A malicious guest driver could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. It was discovered that QEMU did not properly check the size of the structure pointed to by the guest physical address pqxl. A malicious guest attacker could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10.

Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 6174-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. It was discovered that the Human Interface Device support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.

The expressiveness of Turing-complete blockchains implies that verifying a transaction's validity requires executing it on the current blockchain state. Transaction fees are designed to compensate actors for resources expended on transactions, but can only be charged from transactions included in blocks. In this work, the authors show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return by introducing three attacks.

Red Hat Security Advisory 2023-3661-01 - The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. Issues addressed include a code execution vulnerability.

Coursemat Multi-Tenant Course Selling Website version 1.1 suffers from a cross site scripting vulnerability.

Red Hat Security Advisory 2023-3660-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

SystemK NVR 504/508/516 version 2.3.5SK.30084998 suffer from a command injection vulnerability.

Debian Linux Security Advisory 5432-1 - Jurien de Jong discovered that the parsing of KeyInfo elements within the XMLTooling library may result in server-side request forgery.