Category Archives: Advisories

USN-5745-2: shadow regression

Read Time:29 Second

USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update
introduced a regression that caused useradd to behave incorrectly in Ubuntu
14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This
update reverts the security fix pending further investigation.

We apologize for the inconvenience.

Original advisory details:

Florian Weimer discovered that shadow was not properly copying and removing
user directory trees, which could lead to a race condition. A local attacker
could possibly use this issue to setup a symlink attack and alter or remove
directories without authorization.

Read More

CVE-2022-21126

Read Time:14 Second

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.

Read More

woff-0.20091126-35.fc37

Read Time:12 Second

FEDORA-2022-c30d362ce5

Packages in this update:

woff-0.20091126-35.fc37

Update description:

Fix a possible double free in woffEncode().

Update License to SPDX
improved summary and description
Add hand-written man pages
Install HTML format description as documentation

Read More

USN-5747-1: Bind vulnerabilities

Read Time:23 Second

It was discovered that Bind incorrectly handled large query name when using
lightweight resolver protocol. A remote attacker could use this issue to
consume resources, leading to a denial of service. (CVE-2016-2775)

It was discovered that Bind incorrectly handled large zone data size
received via AXFR response. A remote authenticated attacker could use this
issue to consume resources, leading to a denial of service. This issue only
affected Ubuntu 16.04 LTS. (CVE-2016-6170)

Read More

CVE-2022-24187

Read Time:22 Second

The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover sensitive information such as end-user email addresses, and their unique frame_token value of all other Ourphoto App end-users.

Read More

CVE-2022-24188

Read Time:24 Second

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality.

Read More

CVE-2022-24189

Read Time:17 Second

The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users.

Read More