#ubuntu

Ubuntu Security Notice 7071-1 - A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system.

North Korean hackers target Linux-based payment switches with new FASTCash malware, enabling ATM cashouts. Secure your financial infrastructure…

Ubuntu Security Notice 7048-2 - USN-7048-1 fixed a vulnerability in Vim. This update provides the corresponding update for Ubuntu 14.04 LTS. Suyue Guo discovered that Vim incorrectly handled memory when flushing the typeahead buffer, leading to heap-buffer-overflow. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 7038-2 - USN-7038-1 fixed a vulnerability in Apache Portable Runtime library. This update provides the corresponding update for Ubuntu 14.04 LTS. Thomas Stangner discovered a permission vulnerability in the Apache Portable Runtime library. A local attacker could possibly use this issue to read named shared memory segments, potentially exposing sensitive application data.

Ubuntu Security Notice 7070-1 - It was discovered that libarchive mishandled certain memory checks, which could result in a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that libarchive mishandled certain memory operations, which could result in an out-of-bounds memory access. An attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.

Ubuntu Security Notice 7069-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7064-1 - It was discovered that nano allowed a possible privilege escalation through an insecure temporary file. If nano was killed while editing, the permissions granted to the emergency save file could be used by an attacker to escalate privileges using a malicious symlink.

North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.

Ubuntu Security Notice 7068-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into processing a specially crafted file, an attacker could exploit this to cause a denial of service or affect the reliability of the system. The vulnerabilities included memory leaks, buffer overflows, and improper handling of pixel data.

Ubuntu Security Notice 7014-3 - USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.