It was discovered that HTML::StripScripts does not properly parse HTML
content with certain style attributes. A remote attacker could use this issue
to cause a regular expression denial of service (ReDoS).
Rewards range from $750 for certain MiTM scenarios to $30,000 for some ACE vulnerabilities
The attack targeted Israeli websites and has been linked to a nation-state actor from Iran
Security processor provider Axiado has announced the availability of two new trusted compute units (TCUs) to help detect ransomware and other cyberattacks on servers and infrastructure elements in cloud data centers, 5G networks, and network switches.
Dubbed AX3000 and AX2000, these TCUs are AI-powered hardware security platform solutions that, the company says, integrate all security functions within a single system-on-chip (SoC) module.
“Products such as Axiado’s TCU are important developments in the market, as they answer a specific need for high-level and multi-function hardware security demands for data center technology,” said Michela Menting, senior research director at ABI Research. “Single-chip implementations provide a better cost-benefit ratio than having to implement different hardware components for different use cases—storage vs crypto acceleration vs ransomware identification.”
USN-5996-1 fixed vulnerabilities in Liblouis. This update provides
the corresponding updates for Ubuntu 23.04.
Original advisory details:
It was discovered that Liblouis incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-26767, CVE-2023-26768, CVE-2023-26769)
The MS- and EI-ISACs have a vision: to be the premier cyber threat intelligence (CTI) source for all SLTTs and elections infrastructure.
It was discovered that Jhead did not properly handle certain crafted images
while processing the JFIF markers. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.
(CVE-2019-19035)
It was discovered that Jhead did not properly handle certain crafted images
while processing longitude tags. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010301)
It was discovered that Jhead did not properly handle certain crafted images
while processing IPTC data. An attacker could cause Jhead to crash. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010302)
Binbin Li discovered that Jhead did not properly handle certain crafted images
while processing the DQT data. An attacker could cause Jhead to crash.
(CVE-2020-6624)
Binbin Li discovered that Jhead did not properly handle certain crafted images
while processing longitude data. An attacker could cause Jhead to crash.
(CVE-2020-6625)
Feng Zhao Yang discovered that Jhead did not properly handle certain crafted
images while reading JPEG sections. An attacker could cause Jhead to crash.
(CVE-2020-26208)
It was discovered that Jhead did not properly handle certain crafted images
while processing Canon images. An attacker could cause Jhead to crash.
(CVE-2021-28276)
It was discovered that Jhead did not properly handle certain crafted images
when removing a certain type of sections. An attacker could cause Jhead to
crash. (CVE-2021-28278)
USN-6088-1 fixed vulnerabilities in runC. This update provides
the corresponding updates for Ubuntu 16.04 LTS.
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges.
(CVE-2019-19921)
Felix Wilhelm discovered that runC incorrecly handled netlink
messages. An attacker could possibly use
this issue to escalate privileges. (CVE-2021-43784)
Andrew G. Morgan discovered that runC incorrectly set
inherited process capabilities inside the container.
An attacker could possibly use this issue to
escalate privileges. (CVE-2022-29162)
Original advisory details:
It was discovered that runC incorrectly made /sys/fs/cgroup
writable when in rootless mode. An attacker could possibly
use this issue to escalate privileges. (CVE-2023-25809)
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges. (CVE-2023-27561)
It was discovered that runC incorrectly handled /proc and
/sys mounts inside a container. An attacker could possibly
use this issue to bypass AppArmor, and potentially SELinux.
(CVE-2023-28642)
USN-6042-1 fixed a vulnerability in Cloud-init. The update introduced a
regression on Ubuntu 20.04 LTS resulting in a possible loss of networking.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
James Golovich discovered that sensitive data could be exposed in logs. An
attacker could use this information to find hashed passwords and possibly
escalate their privilege.
