USN-5908-1: Sudo vulnerability

March 2, 2023

Read Time:15 Second

It was discovered that Sudo incorrectly handled the per-command chroot
feature. In certain environments where Sudo is configured with a rule that
contains a CHROOT setting, a local attacker could use this issue to cause
Sudo to crash, resulting in a denial of service, or possibly escalate
privileges.

Advisories

USN-5871-2: Git regression

March 2, 2023

Read Time:20 Second

USN-5871-1 fixed vulnerabilities in Git. A backport fixing
part of the vulnerability in CVE-2023-22490 was required.
This update fix this for Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that Git incorrectly handled certain repositories.
An attacker could use this issue to make Git uses its local
clone optimization even when using a non-local transport.
(CVE-2023-22490)

Advisories

sudo-1.9.13-1.p2.fc36

March 2, 2023

Read Time:7 Second

FEDORA-2023-cb5df36beb

Packages in this update:

sudo-1.9.13-1.p2.fc36

Update description:

Security fix for CVE-2023-27320

Advisories

sudo-1.9.13-1.p2.fc37

March 2, 2023

Read Time:7 Second

FEDORA-2023-d2d6ec2a32

Packages in this update:

sudo-1.9.13-1.p2.fc37

Update description:

Security fix for CVE-2023-27320

Advisories

sudo-1.9.13-1.p2.fc38

March 2, 2023

Read Time:7 Second

FEDORA-2023-11c9d868ca

Packages in this update:

sudo-1.9.13-1.p2.fc38

Update description:

Security fix for CVE-2023-27320

News

WH Smith Discloses Cyber-Attack, Company Data Theft

March 2, 2023

Read Time:4 Second

Employee data was accessed by the threat actors, including names, addresses, and more

Advisories

USN-5907-1: c-ares vulnerability

March 2, 2023

Read Time:11 Second

It was discovered that c-ares incorrectly handled certain sortlist strings.
A remote attacker could use this issue to cause c-ares to crash, resulting
in a denial of service, or possibly execute arbitrary code.

Advisories

USN-5906-1: PostgreSQL vulnerability

March 2, 2023

Read Time:11 Second

Jacob Champion discovered that the PostgreSQL client incorrectly handled
Kerberos authentication. If a user or automated system were tricked into
connecting to a malicious server, a remote attacker could possibly use this
issue to obtain sensitive information.

Advisories

USN-5905-1: PHP vulnerabilities

March 2, 2023

Read Time:44 Second

It was discovered that PHP incorrectly handled certain gzip files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-31628)

It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to compromise data integrity.
(CVE-2022-31629)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2022-31631)

It was discovered that PHP incorrectly handled resolving long paths. A
remote attacker could possibly use this issue to obtain or modify sensitive
information. (CVE-2023-0568)

It was discovered that PHP incorrectly handled a large number of field and file
parts in HTTP form uploads. A remote attacker could possibly use this issue to
cause PHP to consume resources, leading to a denial of service. (CVE-2023-0662)

Advisories

dcmtk-3.6.7-3.fc36

March 2, 2023

Read Time:6 Second

FEDORA-2023-eda976b192

Packages in this update:

dcmtk-3.6.7-3.fc36

Update description:

Security fix for CVE-2022-43272

Cyber Security News

Monthly Archives: March 2023

USN-5908-1: Sudo vulnerability

USN-5871-2: Git regression

sudo-1.9.13-1.p2.fc36

FEDORA-2023-cb5df36beb

Packages in this update:

Update description:

sudo-1.9.13-1.p2.fc37

FEDORA-2023-d2d6ec2a32

Packages in this update:

Update description:

sudo-1.9.13-1.p2.fc38

FEDORA-2023-11c9d868ca

Packages in this update:

Update description:

WH Smith Discloses Cyber-Attack, Company Data Theft

USN-5907-1: c-ares vulnerability

USN-5906-1: PostgreSQL vulnerability

USN-5905-1: PHP vulnerabilities

dcmtk-3.6.7-3.fc36

FEDORA-2023-eda976b192

Packages in this update:

Update description:

News, Advisories and much more