Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

Ubuntu Security Notice USN-6598-1

Ubuntu Security Notice 6598-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

Packet Storm
#vulnerability#ubuntu#ssh
Ubuntu Security Notice USN-6597-1

Ubuntu Security Notice 6597-1 - It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service.

Pwn2Own Automotive: Tesla, Sony, Alpine Players Breached on Day One

By Deeba Ahmed Bug Bounty Bonanza: Hackers Rake in Big Bucks as Connected Cars Show Security Cracks. This is a post from HackRead.com Read the original post: Pwn2Own Automotive: Tesla, Sony, Alpine Players Breached on Day One

Ubuntu Security Notice USN-6596-1

Ubuntu Security Notice 6596-1 - It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked into opening a specially crafted invalid X.509 certificate, a remote attacker could possibly use this issue to perform spoofing and obtain sensitive information.

Ubuntu Security Notice USN-6595-1

Ubuntu Security Notice 6595-1 - It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitive information.

Ubuntu Security Notice USN-6594-1

Ubuntu Security Notice 6594-1 - Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Helper process management. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP request parsing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6593-1

Ubuntu Security Notice 6593-1 - It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled certain certificate chains with a cross-signing loop. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

Ubuntu Security Notice USN-6592-1

Ubuntu Security Notice 6592-1 - It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. It was discovered that libssh incorrectly handled return codes when performing message digest operations. A remote attacker could possibly use this issue to cause libssh to crash, obtain sensitive information, or execute arbitrary code.

Ubuntu Security Notice USN-6587-2

Ubuntu Security Notice 6587-2 - USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code.

Ubuntu Security Notice USN-6591-1

Ubuntu Security Notice 6591-1 - Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address this issue. They are not enabled by default for backward compatibility.