Category Archives: Advisories

DSA-5296 xfce4-settings – security update

Read Time:20 Second

Robin Peraglie and Johannes Moritz discovered an argument injection bug in the
xfce4-mime-helper component of xfce4-settings, which can be exploited using the
xdg-open common tool. Since xdg-open is used by multiple standard applications
for opening links, this bug could be exploited by an attacker to run arbitrary
code on an user machine by providing a malicious PDF file with specifically
crafted links.

Read More

A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:29 Second

A Vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-5760-2: libxml2 vulnerabilities

Read Time:24 Second

USN-5760-1 fixed vulnerabilities in libxml2. This update provides the
corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information
or cause a crash. (CVE-2022-40303)

It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2022-40304)

Read More