#ubuntu

Ubuntu Security Notice 5948-2 - USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies.

SPIP versions 4.2.1 and below suffer from an unauthenticated remote code execution vulnerability.

Ubuntu Security Notice 6168-2 - USN-6168-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service.

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.

Ubuntu Security Notice 6179-1 - It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 6178-1 - It was discovered that in SVG++ library that the demo application incorrectly managed memory resulting in a memory access violation under certain circumstances. An attacker could possibly use this issue to leak memory information or run a denial of service attack. This issue only affected Ubuntu 18.04 LTS. It was discovered that in SVG++ library that the demo application incorrectly handled null pointers under certain circumstances. An attacker could possibly use this issue to cause denial of service, leak memory information or manipulate program execution flow.

Ubuntu Security Notice 6177-1 - It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 6083-2 - USN-6083-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS. It was discovered that cups-filters incorrectly handled the beh CUPS backend. A remote attacker could possibly use this issue to cause the backend to stop responding or to execute arbitrary code.

Ubuntu Security Notice 6166-2 - USN-6166-1 fixed a vulnerability in libcap2. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Richard Weinberger discovered that libcap2 incorrectly handled certain long input strings. An attacker could use this issue to cause libcap2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice 6170-1 - It was discovered that Podman incorrectly handled certain images. An attacker could possibly use this issue to pull an untrusted image.