Category Archives: Advisories

CVE-2021-33897

Read Time:22 Second

A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.

Read More

USN-5686-2: Git vulnerability

Read Time:15 Second

USN-5686-1 fixed several vulnerabilities in Git. This update
provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM.

Original advisory details:

Kevin Backhouse discovered that Git incorrectly handled certain command
strings. An attacker could possibly use this issue to cause a crash or
arbitrary code execution.

Read More

USN-5731-1: multipath-tools vulnerabilities

Read Time:22 Second

It was discovered that multipath-tools incorrectly handled symlinks. A
local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41973)

It was discovered that multipath-tools incorrectly handled access controls.
A local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. (CVE-2022-41974)

Read More

USN-5730-1: WebKitGTK vulnerabilities

Read Time:15 Second

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Read More

USN-5638-2: Expat vulnerabilities

Read Time:18 Second

USN-5638-1 fixed a vulnerability in Expat. This update provides
the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS.

Original advisory details:

Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.

Read More