Category Archives: Advisories

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:28 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-6910-1: Apache ActiveMQ vulnerabilities

Read Time:1 Minute, 6 Second

Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain
commands. A remote attacker could possibly use this issue to terminate
the program, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2015-7559)

Peter Stöckli discovered that Apache ActiveMQ incorrectly handled
hostname verification. A remote attacker could possibly use this issue
to perform a person-in-the-middle attack. This issue only affected Ubuntu
16.04 LTS. (CVE-2018-11775)

Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache
ActiveMQ incorrectly handled authentication in certain functions.
A remote attacker could possibly use this issue to perform a
person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13920)

Gregor Tudan discovered that Apache ActiveMQ incorrectly handled
LDAP authentication. A remote attacker could possibly use this issue
to acquire unauthenticated access. This issue only affected Ubuntu 16.04
LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26117)

It was discovered that Apache ActiveMQ incorrectly handled
authentication. A remote attacker could possibly use this issue to run
arbitrary code. (CVE-2022-41678)

It was discovered that Apache ActiveMQ incorrectly handled
deserialization. A remote attacker could possibly use this issue to run
arbitrary shell commands. (CVE-2023-46604)

Read More

USN-6530-2: HAProxy vulnerability

Read Time:11 Second

Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled
URI components containing the hash character (#). A remote attacker could
possibly use this issue to obtain sensitive information, or to bypass
certain path_end rules.

Read More

USN-6907-1: Squid vulnerability

Read Time:12 Second

Joshua Rogers discovered that Squid did not properly handle multi-byte
characters during Edge Side Includes (ESI) processing. A remote attacker
could possibly use this issue to cause a memory corruption error, leading
to a denial of service.

Read More

USN-6909-1: Bind vulnerabilities

Read Time:1 Minute, 3 Second

It was discovered that Bind incorrectly handled a flood of DNS messages
over TCP. A remote attacker could possibly use this issue to cause Bind to
become unstable, resulting in a denial of service. (CVE-2024-0760)

Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very
large number of RRs existing at the same time. A remote attacker could
possibly use this issue to cause Bind to consume resources, leading to a
denial of service. (CVE-2024-1737)

It was discovered that Bind incorrectly handled a large number of SIG(0)
signed requests. A remote attacker could possibly use this issue to cause
Bind to consume resources, leading to a denial of service. (CVE-2024-1975)

Daniel Stränger discovered that Bind incorrectly handled serving both
stable cache data and authoritative zone content. A remote attacker could
possibly use this issue to cause Bind to crash, resulting in a denial of
service. (CVE-2024-4076)

On Ubuntu 20.04 LTS, Bind has been updated from 9.16 to 9.18. In addition
to security fixes, the updated packages contain bug fixes, new features,
and possibly incompatible changes.

Please see the following for more information:

https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918

Read More

USN-6908-1: Tomcat vulnerabilities

Read Time:19 Second

It was discovered that the Tomcat SSI printenv command echoed user
provided data without escaping it. An attacker could possibly use this
issue to perform an XSS attack. (CVE-2019-0221)

It was discovered that Tomcat incorrectly handled certain uncommon
PersistenceManager with FileStore configurations. A remote attacker could
possibly use this issue to execute arbitrary code.
(CVE-2020-9484, CVE-2021-25329)

Read More

USN-6898-4: Linux kernel vulnerabilities

Read Time:4 Minute, 13 Second

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)

Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)

Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)

Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– RISC-V architecture;
– x86 architecture;
– Block layer subsystem;
– Accessibility subsystem;
– Android drivers;
– Bluetooth drivers;
– Clock framework and drivers;
– Data acquisition framework and drivers;
– Cryptographic API;
– DMA engine subsystem;
– GPU drivers;
– HID subsystem;
– I2C subsystem;
– IRQ chip drivers;
– Multiple devices driver;
– VMware VMCI Driver;
– MMC subsystem;
– Network drivers;
– Device tree and open firmware driver;
– PCI subsystem;
– S/390 drivers;
– SCSI drivers;
– Freescale SoC drivers;
– Trusted Execution Environment drivers;
– TTY drivers;
– USB subsystem;
– VFIO drivers;
– Framebuffer layer;
– Xen hypervisor drivers;
– File systems infrastructure;
– BTRFS file system;
– Ext4 file system;
– FAT file system;
– Network file system client;
– Network file system server daemon;
– NILFS2 file system;
– Pstore file system;
– SMB network file system;
– UBI file system;
– Netfilter;
– BPF subsystem;
– Core kernel;
– PCI iomap interfaces;
– Memory management;
– B.A.T.M.A.N. meshing protocol;
– Bluetooth subsystem;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– IEEE 802.15.4 subsystem;
– NFC subsystem;
– Open vSwitch;
– RDS protocol;
– Network traffic control;
– SMC sockets;
– Unix domain sockets;
– eXpress Data Path;
– ALSA SH drivers;
– KVM core;
(CVE-2024-35872, CVE-2024-35807, CVE-2024-27013, CVE-2024-35989,
CVE-2024-36008, CVE-2024-26957, CVE-2024-35912, CVE-2024-27000,
CVE-2024-35918, CVE-2024-26977, CVE-2024-35821, CVE-2024-35853,
CVE-2024-26814, CVE-2024-35823, CVE-2024-35958, CVE-2024-26813,
CVE-2024-26811, CVE-2024-26937, CVE-2024-26951, CVE-2024-35925,
CVE-2024-26929, CVE-2024-35988, CVE-2024-35902, CVE-2024-26994,
CVE-2024-27001, CVE-2024-36029, CVE-2024-36005, CVE-2024-35970,
CVE-2024-36007, CVE-2024-35809, CVE-2024-27019, CVE-2024-26970,
CVE-2024-27059, CVE-2024-35877, CVE-2024-35899, CVE-2024-26989,
CVE-2024-27008, CVE-2024-26812, CVE-2024-35969, CVE-2024-35785,
CVE-2024-35871, CVE-2024-35847, CVE-2024-36006, CVE-2024-35973,
CVE-2024-27396, CVE-2024-35849, CVE-2024-35990, CVE-2024-26960,
CVE-2024-26931, CVE-2024-35852, CVE-2024-26965, CVE-2024-35960,
CVE-2024-35813, CVE-2024-26976, CVE-2024-36004, CVE-2024-35895,
CVE-2024-27018, CVE-2024-26969, CVE-2024-27016, CVE-2024-27437,
CVE-2024-26956, CVE-2024-26629, CVE-2024-35879, CVE-2024-35817,
CVE-2024-26922, CVE-2024-35815, CVE-2024-35935, CVE-2024-35940,
CVE-2023-52880, CVE-2024-35851, CVE-2024-35854, CVE-2024-35893,
CVE-2024-26973, CVE-2024-35997, CVE-2024-26984, CVE-2024-26961,
CVE-2024-26966, CVE-2024-35885, CVE-2024-27020, CVE-2024-26950,
CVE-2024-35934, CVE-2024-26988, CVE-2024-35938, CVE-2024-26958,
CVE-2024-35888, CVE-2024-27395, CVE-2024-35915, CVE-2024-35806,
CVE-2024-26934, CVE-2024-35825, CVE-2024-35796, CVE-2024-35900,
CVE-2024-35791, CVE-2024-26925, CVE-2024-35982, CVE-2024-26810,
CVE-2024-26955, CVE-2024-26935, CVE-2024-35805, CVE-2024-35896,
CVE-2024-35855, CVE-2024-35819, CVE-2024-26642, CVE-2024-27009,
CVE-2024-35804, CVE-2024-35898, CVE-2024-35822, CVE-2024-35930,
CVE-2024-35789, CVE-2024-26687, CVE-2024-26964, CVE-2024-35978,
CVE-2024-35976, CVE-2024-35936, CVE-2024-26926, CVE-2024-26993,
CVE-2024-35933, CVE-2024-35884, CVE-2024-26974, CVE-2024-35922,
CVE-2024-35886, CVE-2024-27004, CVE-2024-36020, CVE-2024-35955,
CVE-2024-26996, CVE-2024-26981, CVE-2024-36025, CVE-2024-26654,
CVE-2024-27015, CVE-2024-35984, CVE-2024-26828, CVE-2024-35950,
CVE-2024-35944, CVE-2024-35905, CVE-2024-35890, CVE-2024-26923,
CVE-2024-35897, CVE-2024-27393, CVE-2023-52699, CVE-2024-26817,
CVE-2024-35910, CVE-2024-35857, CVE-2024-35907, CVE-2023-52488,
CVE-2024-26999)

Read More