Category Archives: Advisories

USN-7022-3: Linux kernel vulnerabilities

Read Time:24 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Modular ISDN driver;
– MMC subsystem;
– SCSI drivers;
– F2FS file system;
– GFS2 file system;
– Netfilter;
– RxRPC session sockets;
– Integrity Measurement Architecture(IMA) framework;
(CVE-2021-47188, CVE-2024-39494, CVE-2022-48791, CVE-2022-48863,
CVE-2024-42228, CVE-2024-38570, CVE-2024-42160, CVE-2024-26787,
CVE-2024-27012, CVE-2024-26677)

Read More

USN-7060-1: EDK II vulnerabilities

Read Time:1 Minute, 23 Second

It was discovered that EDK II did not check the buffer length in XHCI,
which could lead to a stack overflow. A local attacker could potentially
use this issue to cause a denial of service. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-0161)

Laszlo Ersek discovered that EDK II incorrectly handled recursion. A
remote attacker could possibly use this issue to cause EDK II to consume
resources, leading to a denial of service. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-28210)

Satoshi Tanda discovered that EDK II incorrectly handled decompressing
certain images. A remote attacker could use this issue to cause EDK II to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2021-28211)

It was discovered that EDK II incorrectly decoded certain strings. A remote
attacker could use this issue to cause EDK II to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-38575)

It was discovered that EDK II had integer underflow vulnerability in
SmmEntryPoint, which could result in a buffer overflow. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2021-38578)

Elison Niven discovered that OpenSSL, vendored in EDK II, incorrectly
handled the c_rehash script. A local attacker could possibly use this
issue to execute arbitrary commands when c_rehash is run. This issue
only affected Ubuntu 16.04 LTS. (CVE-2022-1292)

Read More

USN-7043-4: cups-filters vulnerabilities

Read Time:42 Second

USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the
fix for CVE-2024-47176 by removing support for the legacy CUPS printer
discovery protocol entirely.

Original advisory details:

Simone Margaritelli discovered that the cups-filters cups-browsed
component could be used to create arbitrary printers from outside the
local network. In combination with issues in other printing components, a
remote attacker could possibly use this issue to connect to a system,
created manipulated PPD files, and execute arbitrary code when a printer
is used. This update disables support for the legacy CUPS printer
discovery protocol. (CVE-2024-47176)

Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used. (CVE-2024-47076)

Read More