Category Archives: Advisories

CVE-2022-23469

Read Time:30 Second

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.

Read More

USN-5770-1: GCC vulnerability

Read Time:12 Second

Todd Eisenberger discovered that certain versions of GNU Compiler
Collection (GCC) could be made to clobber the status flag of RDRAND
and RDSEED with specially crafted input. This could potentially lead
to less randomness in random number generation.

Read More

USN-5769-1: protobuf vulnerabilities

Read Time:24 Second

It was discovered that protobuf did not properly manage memory when serializing
large messages. An attacker could possibly use this issue to cause applications
using protobuf to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2015-5237)

It was discovered that protobuf did not properly manage memory when parsing
specifically crafted messages. An attacker could possibly use this issue to
cause applications using protobuf to crash, resulting in a denial of service.
(CVE-2022-1941)

Read More

USN-5767-2: Python vulnerability

Read Time:18 Second

USN-5767-1 fixed a vulnerability in Python. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Python incorrectly handled certain IDNA inputs.
An attacker could possibly use this issue to expose sensitive information
denial of service, or cause a crash.
(CVE-2022-45061)

Read More

USN-5767-1: Python vulnerabilities

Read Time:18 Second

Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
(CVE-2022-37454)

It was discovered that Python incorrectly handled certain IDNA inputs.
An attacker could possibly use this issue to expose sensitive information
denial of service, or cause a crash.
(CVE-2022-45061)

Read More

USN-5768-1: GNU C Library vulnerabilities

Read Time:25 Second

Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library
iconv feature incorrectly handled certain input sequences. An attacker
could possibly use this issue to cause the GNU C Library to hang or crash,
resulting in a denial of service. (CVE-2016-10228, CVE-2019-25013,
CVE-2020-27618)

It was discovered that the GNU C Library did not properly handled DNS
responses when ENDS0 is enabled. An attacker could possibly use this issue
to cause fragmentation-based attacks. (CVE-2017-12132)

Read More