USN-5807-2: libXpm vulnerabilities

Read Time:45 Second

USN-5807-1 fixed vulnerabilities in libXpm. This update provides the
corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

Martin Ettl discovered that libXpm incorrectly handled certain XPM files.
If a user or automated system were tricked into opening a specially crafted
XPM file, a remote attacker could possibly use this issue to cause libXpm
to stop responding, resulting in a denial of service. (CVE-2022-44617)

Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files.
If a user or automated system were tricked into opening a specially crafted
XPM file, a remote attacker could possibly use this issue to cause libXpm
to stop responding, resulting in a denial of service. (CVE-2022-46285)

Alan Coopersmith discovered that libXpm incorrectly handled calling
external helper binaries. If libXpm was being used by a setuid binary, a
local attacker could possibly use this issue to escalate privileges.
(CVE-2022-4883)

Read More

Three-quarters of businesses braced for ‘serious’ email attack this year

Read Time:1 Minute, 5 Second

IT security leaders at three-out-of-four global businesses expect an email-borne attack will have serious consequences for their organization in the coming year, with the increasing sophistication of attacks a top concern, according to the 2023 State of Email Security (SOES) report.

Businesses’ use of email is increasing, with 82% of companies reporting a higher volume of email in 2022 compared with 2021 and 2020, the 2023 SOES report found. More email has led to more email-based threats, and 74% of respondents said these have risen over the past 12 months. While the increasing number of threats is a problem, it’s the growing sophistication of email attacks that poses the greatest danger, according to the report. “Cybercriminals continue to refine and adapt their strategies, and malware kits on the dark web make it possible even for common criminals without technology smarts to employ highly sophisticated methods of incursion,” it read. The increasingly sophisticated nature of attacks is the biggest challenge for 59% of respondents, with 76% predicting that an email-borne attack will have serious consequences for their organization in the coming year. Of these, 7% believe that such an attack is “inevitable,” while another three out of 10 consider it “extremely likely.”

To read this article in full, please click here

Read More

CVE-2015-10082

Read Time:20 Second

A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.

Read More

CVE-2014-125089

Read Time:25 Second

A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.

Read More