#ubuntu

Ubuntu Security Notice 5767-1 - Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.

Ubuntu Security Notice 5768-1 - Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. It was discovered that the GNU C Library did not properly handled DNS responses when ENDS0 is enabled. An attacker could possibly use this issue to cause fragmentation-based attacks.

SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep.

Ubuntu Security Notice 5763-1 - It was discovered that NumPy did not properly manage memory when specifying arrays of large dimensions. If a user were tricked into running malicious Python file, an attacker could cause a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that NumPy did not properly perform string comparison operations under certain circumstances. An attacker could possibly use this issue to cause NumPy to crash, resulting in a denial of service.

Ubuntu Security Notice 5764-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

Ubuntu Security Notice 5761-2 - USN-5761-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package.

Ubuntu Security Notice 5762-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Ubuntu Security Notice 5761-1 - Due to security concerns, the TrustCor certificate authority has been marked as distrusted in Mozilla's root store. This update removes the TrustCor CA certificates from the ca-certificates package.

GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c.

Ubuntu Security Notice 5760-2 - USN-5760-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash.