It was discovered that Gson incorrectly handled deserialization of untrusted
input data. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service.
Category Archives: Advisories
LSN-0101-1: Kernel Live Patch Security Notice
Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817)
It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-6932)
It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform reference counting in some error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion).(CVE-2023-7192)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0193)
Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2024-0646)
USN-6691-1: OVN vulnerability
It was discovered that OVN incorrectly enabled OVS Bidirectional Forwarding
Detection on logical ports. A remote attacker could possibly use this issue
to disrupt traffic.
USN-6690-1: Open vSwitch vulnerabilities
Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch
incorrectly handled certain crafted Geneve packets when hardware offloading
via the netlink path is enabled. A remote attacker could possibly use this
issue to cause Open vSwitch to crash, leading to a denial of service.
(CVE-2023-3966)
It was discovered that Open vSwitch incorrectly handled certain ICMPv6
Neighbor Advertisement packets. A remote attacker could possibly use this
issue to redirect traffic to arbitrary IP addresses. (CVE-2023-5366)
USN-6656-2: PostgreSQL vulnerability
USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides
the corresponding updates for Ubuntu 16.04 LTS
Original advisory details:
It was discovered that PostgreSQL incorrectly handled dropping privileges
when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or
automatic system were tricked into running a specially crafted command, a
remote attacker could possibly use this issue to execute arbitrary SQL
functions.
USN-6689-1: Rack vulnerabilities
It was discovered that Rack incorrectly parse some headers.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-27539, CVE-2024-26141, CVE-2024-26146)
ZDI-24-290: NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23609.
ZDI-24-289: NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23612.
ZDI-24-288: NI LabVIEW VI File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23611.
ZDI-24-287: NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23610.