#dos

### Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. ### Patches The issue has been resolved in 4.3.2. ### Workarounds None ### References N/A

Plus: Major security patches from Microsoft, Mozilla, Atlassian, Cisco, and more.

Ubuntu Security Notice 6527-1 - Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of service.

Ubuntu Security Notice 6528-1 - It was discovered that the HotSpot VM implementation in OpenJDK did not properly validate bytecode blocks in certain situations. An attacker could possibly use this to cause a denial of service. Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions.

Ubuntu Security Notice 6526-1 - It was discovered that GStreamer Bad Plugins incorrectly handled certain media files. A remote attacker could use this issue to cause GStreamer Bad Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 6525-1 - Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 6524-1 - Nicky Mouha discovered that PyPy incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause PyPy to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 6522-1 - It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 6521-1 - It was discovered that GIMP incorrectly handled certain image files. If a user were tricked into opening a specially crafted image, an attacker could use this issue to cause GIMP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 6523-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code.