Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49285)
Joshua Rogers discovered that Squid incorrectly handled Helper process
management. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49286)
Joshua Rogers discovered that Squid incorrectly handled HTTP request
parsing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-50269)
Several vulnerabilities were discovered in the Xorg X server, which may
result in privilege escalation if the X server is running privileged
or denial of service.
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in side channel attacks, leaking sensitive data to log
files, denial of service or bypass of sandbox restrictions.
A bunch of fixes for various components: systemd, systemctl, hostnamectl, bootctl, systemd-networkd, systemd-network-generator, systemd-analyze, systemd-dissect, man pages.
Also has a patch for CVE-2023-7008 (rhbz#2222260)
Add missing %postun scriptlets for systemd-{resolved,networkd} so that they are restarted on package updates.
A bunch of fixes for various components: systemd, systemctl, systemd-firstboot, systemd-repart, bootctl, systemd-networkd, systemd-network-generator, systemd-analyze, systemd-dissect, ukify, man pages.
Also has a patch for CVE-2023-7008 (rhbz#2222260)
Add missing %postun scriptlets for systemd-{resolved,networkd} so that they are restarted on package updates.
It was discovered that GnuTLS had a timing side-channel when processing
malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could
possibly use this issue to recover sensitive information. (CVE-2024-0553)
It was discovered that GnuTLS incorrectly handled certain certificate
chains with a cross-signing loop. A remote attacker could possibly use this
issue to cause GnuTLS to crash, resulting in a denial of service. This
issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
(CVE-2024-0567)