Category Archives: Advisories

USN-5378-4: Gzip vulnerability

Read Time:18 Second

USN-5378-1 fixed a vulnerability in Gzip. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Cleemy Desu Wayo discovered that Gzip incorrectly handled certain
filenames. If a user or automated system were tricked into performing zgrep
operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.

Read More

USN-5378-3: XZ Utils vulnerability

Read Time:18 Second

USN-5378-2 fixed a vulnerability in XZ Utils. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Cleemy Desu Wayo discovered that Gzip incorrectly handled certain
filenames. If a user or automated system were tricked into performing zgrep
operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.

Read More

CVE-2020-29653

Read Time:11 Second

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.

Read More

USN-5378-1: Gzip vulnerability

Read Time:10 Second

Cleemy Desu Wayo discovered that Gzip incorrectly handled certain
filenames. If a user or automated system were tricked into performing zgrep
operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.

Read More