#ubuntu

radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.

Ubuntu Security Notice 6492-1 - Kathrin Kleinhammer discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. Zhanxiang Song discovered that Mosquitto incorrectly handled certain inputs. If a user or an automated system were provided with a specially crafted input, a remote attacker could possibly use this issue to cause an authorisation bypass. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.

Ubuntu Security Notice 6493-2 - USN-6493-1 fixed a vulnerability in hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. On Ubuntu 18.04 LTS and Ubuntu 16.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended.

Ubuntu Security Notice 6493-1 - On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. In addition, on all releases, hibagent has been updated to do nothing if ODH is configured.

Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

Ubuntu Security Notice 6490-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Ubuntu Security Notice 6488-1 - Florian Picca discovered that strongSwan incorrectly handled certain DH public values. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 6489-1 - Brian McDermott discovered that Tang incorrectly handled permissions when creating/rotating keys. A local attacker could possibly use this issue to read the keys.

Ubuntu Security Notice 6497-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 6487-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.