USN-7015-1: Python vulnerabilities

Read Time:53 Second

It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could possibly
use this issue to bypass certain protection mechanisms. (CVE-2023-27043)

It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue to
cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)

It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)

It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)

It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of service.
(CVE-2024-8088)

Read More

USN-7014-1: nginx vulnerability

Read Time:13 Second

It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.

Read More

USN-7013-1: Dovecot vulnerabilities

Read Time:21 Second

It was discovered that Dovecot incorrectly handled a large number of
address headers. A remote attacker could possibly use this issue to cause
Dovecot to consume resources, leading to a denial of service.
(CVE-2024-23184)

It was discovered that Dovecot incorrectly handled very large headers. A
remote attacker could possibly use this issue to cause Dovecot to consume
resources, leading to a denial of service. (CVE-2024-23185)

Read More

USN-7011-1: ClamAV vulnerabilities

Read Time:19 Second

It was discovered that ClamAV incorrectly handled certain PDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2024-20505)

It was discovered that ClamAV incorrectly handled logfile privileges. A
local attacker could use this issue to cause ClamAV to overwrite arbitrary
files, possibly leading to privilege escalation. (CVE-2024-20506)

Read More