Post Content
Category Archives: Advisories
GLSA 202409-18: liblouis: Multiple Vulnerabilities
GLSA 202409-17: VLC: Multiple Vulnerabilities
GLSA 202409-16: Slurm: Multiple Vulnerabilities
GLSA 202409-19: Emacs, org-mode: Command Execution Vulnerability
DSA-5774-1 ruby-saml – security update
It was discovered that ruby-saml, a SAML library implementing the client
side of a SAML authorization, does not properly verify the signature of
the SAML Response, which could result in bypass of authentication in an
application using the ruby-saml library.
USN-6968-2: PostgreSQL vulnerability
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16
This update provides the corresponding updates for PostgreSQL-9.5 in
Ubuntu 16.04 LTS.
Original advisory details:
Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.
USN-7015-2: Python vulnerabilities
USN-7015-1 fixed several vulnerabilities in Python. This update provides
one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for
python3.5 for Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that Python allowed excessive backtracking while
parsing certain tarfile headers. A remote attacker could possibly use
this issue to cause Python to consume resources, leading to a denial
of service. This issue only affected python3.5 for
Ubuntu 16.04 LTS (CVE-2024-6232)
It was discovered that the Python http.cookies module incorrectly
handled parsing cookies that contained backslashes for quoted
characters. A remote attacker could possibly use this issue to cause
Python to consume resources, leading to a denial of service.
(CVE-2024-7592)
USN-7027-1: Emacs vulnerabilities
It was discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2022-45939)
Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2022-48337)
Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 22.04 LTS. (CVE-2022-48338)
Xi Lu discovered that Emacs incorrectly handled input sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2022-48339)
It was discovered that Emacs incorrectly handled filename sanitization. An
attacker could possibly use this issue to execute arbitrary commands. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2023-28617)
It was discovered that Emacs incorrectly handled certain crafted files. An
attacker could possibly use this issue to crash the program, resulting in
a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-30203,
CVE-2024-30204, CVE-2024-30205)
It was discovered that Emacs incorrectly handled certain crafted files. An
attacker could possibly use this issue to execute arbitrary commands.
(CVE-2024-39331)
USN-7024-1: tgt vulnerability
It was discovered that tgt attempts to achieve entropy
by calling rand without srand. The PRNG seed is always 1,
and thus the sequence of challenges is always identical.