Category Archives: Advisories

DSA-5137 needrestart – security update

Read Time:16 Second

Jakub Wilk discovered a local privilege escalation in needrestart, a
utility to check which daemons need to be restarted after library
upgrades. Regular expressions to detect the Perl, Python, and Ruby
interpreters are not anchored, allowing a local user to escalate
privileges when needrestart tries to detect if interpreters are using
old source files.

Read More

USN-5311-2: containerd regression

Read Time:21 Second

USN-5311-1 released updates for contained. Unfortunately, a subsequent update
reverted the fix for this CVE by mistake. This update corrects the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that containerd allows attackers to gain access to read-
only copies of arbitrary files and directories on the host via a specially-
crafted image configuration. An attacker could possibly use this issue to
obtain sensitive information.

Read More

CVE-2021-27442

Read Time:8 Second

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.

Read More

CVE-2021-27444

Read Time:11 Second

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.

Read More

CVE-2021-23267

Read Time:8 Second

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.

Read More

USN-5422-1: libxml2 vulnerabilities

Read Time:23 Second

Shinji Sato discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2022-23308)

It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-29824)

Read More