Ubuntu Security Notice 6754-1 - It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
5cf8f575ba3f618cd1a7ba459257c95bf26180fa995bf1e705ddd3bb811a5c3e
Ubuntu Security Notice 6753-1 - Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attacker could possibly use this issue to expose sensitive information.
9b59079ffc816463d7133b64a1e0918a00b6e29ba9a8c0f1321f133a3a7f8bb4
Ubuntu Security Notice 6751-1 - It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting attacks.
aca65a6b1e51cfb0dd46b906420ebb846f14557c539fa2fa267bbee51159cbed
Ubuntu Security Notice 6752-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service.
702e8249c383680f94def92bffb7af2a05d557c2c7231374395c96333198b803
Ubuntu Security Notice 6750-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service.
754d51ac65b5ef2eda4da9a5a3c295a24f0e2be8f571d9de933977d88d6415b9
Ubuntu Security Notice 6743-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
2348dfa67ffc549ba9ae3c52fded90704b226cc905290d9d0c8793bb8506cba7
Ubuntu Security Notice 6657-2 - USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP packet size as required by DNS Flag Day 2020. This issue only affected Ubuntu 23.10.
1fe74e528f9c677caecbbdfcd678431e4752e4565e8a9eb7cd614192a3dcc6e0
Ubuntu Security Notice 6749-1 - It was discovered that FreeRDP incorrectly handled certain context resets. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.
3624c911bf5bf2f7589ea259742919993e0067e4732c1ecb641749c0cc060fdd
Ubuntu Security Notice 6748-1 - It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting attack. This issue only affected Ubuntu 22.04 LTS. It was discovered that Sanitize incorrectly handled style elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting attack.
ab6dc1159009d7c16992352e21fe2f624a1b8ad711051c13905b37a5aa4d784e
Ubuntu Security Notice 6747-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service.
fe5132fb8a5bc8bcd0558902c71cf2276c28f6168b4d2cd89f4e001ddfd7106d
Ubuntu Security Notice 6742-2 - Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to subsequently impersonate one of the paired devices. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
186243d4c27faa63ab8d52c327cc0396d841121b76a1d45b444edac2801ebb9a
Ubuntu Security Notice 6746-1 - It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service.
4711e95dafcdc5ecd9aa5665bc96071e9d4193763164d7e9726ef45f45021482
Ubuntu Security Notice 6728-3 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update.
0bf30fb6ffcb2ab3a9eb80bf643a6a374df5e9b1e030e608690f2c194f51ccdd
Ubuntu Security Notice 6743-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
ad9c04adbcdee9be436a8df29d9d071201aa865ba8141b9946f2a4e52cb9ffe9
Ubuntu Security Notice 6744-2 - USN-6744-1 fixed a vulnerability in Pillow. This update provides the corresponding updates for Pillow in Ubuntu 20.04 LTS. Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
7f9a3f70c1f7e100375a7fbb89547638e45380d3ba57eca5212263547b378f8c
Ubuntu Security Notice 6744-1 - Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
a1631938e290abb7678d024b33eb2b0bf5cf2f26fdff61069536a736c29b981a
Ubuntu Security Notice 6745-1 - It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code execution.
40803bb13bb6b4c27bfc5773a166b8effac088e66f24df2f5ef97c3868607eea
Ubuntu Security Notice 6738-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass integrity checks.
d77b141e270c41154b29de186352132905dedeb534b3e7d82e7b08b98259c5f4
Ubuntu Security Notice 6743-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
5e5f229563e3c429730da05f62649d804fe5fcc3df71db82f33e6fe0ba5299c1
Ubuntu Security Notice 6742-1 - Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to subsequently impersonate one of the paired devices. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
234102586def229a208c315fa397cd1db7c7bc4c31eab695d1718ef42f88ce93
Ubuntu Security Notice 6741-1 - Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to subsequently impersonate one of the paired devices. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
c6b3855c5a30ae98458ae3e5b1858440f9d4c3d136432f67ecdd3beeeb05fc11
Ubuntu Security Notice 6740-1 - Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that the virtio network implementation in the Linux kernel did not properly handle file references in the host, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
444f68d723cc469e212afdb8cada5cf6504c7f71ead1646805559424b443f87e
Ubuntu Security Notice 6739-1 - It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service. Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
5f4dadac1f0ffbad1948bc44ea21d9526e86681e856c3a3cb7fb406e90965bf4
Ubuntu Security Notice 6737-1 - Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.
a2193ea8debdc56e5db177fb9a7501493c0c605992b026d6d4b0041034023456
Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
48e8f6ab38e454ffe37a65ae74aa96cb5b3942a28276a0cc0f3a974d4716ae83