USN-6844-1 fixed vulnerabilities in the CUPS package. The update
lead to the discovery of a regression in CUPS with regards to
how the cupsd daemon handles Listen configuration directive.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:
Rory McNamara discovered that when starting the cupsd server with a
Listen configuration item, the cupsd process fails to validate if
bind call passed. An attacker could possibly trick cupsd to perform
an arbitrary chmod of the provided argument, providing world-writable
access to the target.

Read More

Mansour Gashasbi discovered that libcdio incorrectly handled certain
memory operations when parsing an ISO file, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service
or possibly execute arbitrary code.

Read More

Post Content

Read More

USN-5615-1 fixed several vulnerabilities in SQLite. This update provides
the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that SQLite incorrectly handled INTERSEC query
processing. An attacker could use this issue to cause SQLite to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-35525)

It was discovered that SQLite incorrectly handled ALTER TABLE for views
that have a nested FROM clause. An attacker could use this issue to cause
SQLite to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS.
(CVE-2020-35527)

It was discovered that SQLite incorrectly handled embedded null characters
when tokenizing certain unicode strings. This issue could result in
incorrect results. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-20223)

Read More

FEDORA-2024-7c36291390

Packages in this update:

cups-2.4.10-1.fc39

Update description:

Rebase to 2.4.10, security fix for CVE-2024-35235

Read More

FEDORA-2024-c45c747f02

Packages in this update:

ghostscript-10.02.1-5.fc39

Update description:

Security fixes for CVE-2024-33870, CVE-2024-29510

Fix for issues in gating

Security fix for CVE-2024-33871

Read More

FEDORA-2024-a3d1f80409

Packages in this update:

cups-2.4.10-1.fc40

Update description:

Rebase to 2.4.10, security fix for CVE-2024-35235

Read More

FEDORA-2024-f433c5c4da

Packages in this update:

ghostscript-10.02.1-10.fc40

Update description:

Security fixes for CVE-2024-33870, CVE-2024-29510

Read More

Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS. (CVE-2021-28651)

It was discovered that Squid incorrectly handled SSPI and SMB
authentication. A remote attacker could use this issue to cause Squid to
crash, resulting in a denial of service, or possibly obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS. (CVE-2022-41318)

Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49285)

Joshua Rogers discovered that Squid incorrectly handled Helper process
management. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49286)

Joshua Rogers discovered that Squid incorrectly handled HTTP request
parsing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service.
(CVE-2023-50269, CVE-2024-25617)

Read More

USN-6852-1 fixed a vulnerability in Wget. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that Wget incorrectly handled semicolons in the userinfo
subcomponent of a URI. A remote attacker could possibly trick a user into
connecting to a different host than expected.

Read More