It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)

Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)

Norbert Slusarek discovered that a race condition existed in the perf
subsystem in the Linux kernel, resulting in a use-after-free vulnerability.
A privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1729)

It was discovered that the device-mapper verity (dm-verity) driver in the
Linux kernel did not properly verify targets being loaded into the device-
mapper table. A privileged attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-2503)

Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)

Read More

Benjamin Balder Bach discovered that Django incorrectly handled certain
internationalized URLs. A remote attacker could possibly use this issue to
cause Django to crash, resulting in a denial of service.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache Batik. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache Batik. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

Read More

Douglas Mendizabal discovered that Barbican, the OpenStack Key Management
Service, incorrectly parsed requests which could allow an authenticated
user to bypass Barbican access policies.

Read More

Multiple security issues were discovered in MediaWiki, a website engine
for collaborative work, which could result in restriction bypass,
information leaks, cross-site scripting or denial of service.

Read More

Marlon Starkloff discovered that twig, a template engine for PHP, did
not correctly enforce sandboxing. This would allow a malicious user to
execute arbitrary code.

Read More

USN-5651-1 fixed a vulnerability in strongSwan. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and
and CRL distribution points (CDP) in certificates. A remote attacker could
possibly use this issue to initiate IKE_SAs and send crafted certificates
that contain URIs pointing to servers under their control, which can lead
to a denial-of-service attack.

Read More

Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and
and CRL distribution points (CDP) in certificates. A remote attacker could
possibly use this issue to initiate IKE_SAs and send crafted certificates
that contain URIs pointing to servers under their control, which can lead
to a denial-of-service attack.

Read More

USN-5614-1 fixed a vulnerability in Wayland. This update
provides the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Wayland incorrectly handled reference counting
certain objects. An attacker could use this issue to cause Wayland to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Read More