It was discovered that Sudo incorrectly handled the per-command chroot
feature. In certain environments where Sudo is configured with a rule that
contains a CHROOT setting, a local attacker could use this issue to cause
Sudo to crash, resulting in a denial of service, or possibly escalate
privileges.
Monthly Archives: March 2023
USN-5871-2: Git regression
USN-5871-1 fixed vulnerabilities in Git. A backport fixing
part of the vulnerability in CVE-2023-22490 was required.
This update fix this for Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that Git incorrectly handled certain repositories.
An attacker could use this issue to make Git uses its local
clone optimization even when using a non-local transport.
(CVE-2023-22490)
sudo-1.9.13-1.p2.fc36
FEDORA-2023-cb5df36beb
Packages in this update:
sudo-1.9.13-1.p2.fc36
Update description:
Security fix for CVE-2023-27320
sudo-1.9.13-1.p2.fc37
FEDORA-2023-d2d6ec2a32
Packages in this update:
sudo-1.9.13-1.p2.fc37
Update description:
Security fix for CVE-2023-27320
sudo-1.9.13-1.p2.fc38
FEDORA-2023-11c9d868ca
Packages in this update:
sudo-1.9.13-1.p2.fc38
Update description:
Security fix for CVE-2023-27320
WH Smith Discloses Cyber-Attack, Company Data Theft
Employee data was accessed by the threat actors, including names, addresses, and more
USN-5907-1: c-ares vulnerability
It was discovered that c-ares incorrectly handled certain sortlist strings.
A remote attacker could use this issue to cause c-ares to crash, resulting
in a denial of service, or possibly execute arbitrary code.
USN-5906-1: PostgreSQL vulnerability
Jacob Champion discovered that the PostgreSQL client incorrectly handled
Kerberos authentication. If a user or automated system were tricked into
connecting to a malicious server, a remote attacker could possibly use this
issue to obtain sensitive information.
USN-5905-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain gzip files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-31628)
It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to compromise data integrity.
(CVE-2022-31629)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2022-31631)
It was discovered that PHP incorrectly handled resolving long paths. A
remote attacker could possibly use this issue to obtain or modify sensitive
information. (CVE-2023-0568)
It was discovered that PHP incorrectly handled a large number of field and file
parts in HTTP form uploads. A remote attacker could possibly use this issue to
cause PHP to consume resources, leading to a denial of service. (CVE-2023-0662)
dcmtk-3.6.7-3.fc36
FEDORA-2023-eda976b192
Packages in this update:
dcmtk-3.6.7-3.fc36
Update description:
Security fix for CVE-2022-43272