#ubuntu

Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.

BoidCMS version 2.0.1 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Rahad Chowdhury in December of 2023, though this advisory provides additional vectors of attack.

Easywall version 0.3.1 suffers from an authenticated remote command execution vulnerability.

Ubuntu Security Notice 6672-1 - Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.

Ubuntu Security Notice 6669-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.

Ubuntu Security Notice 6671-1 - It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack.

Ubuntu Security Notice 6670-1 - It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.

Ubuntu Security Notice 6653-3 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 6651-3 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 6647-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.