Ubuntu Security Notice 6506-1 - David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Prof. Sven Dietrich, Isa Jafarov, Prof. Heejo Lee, and Choongin Lee discovered that the Apache HTTP Server incorrectly handled certain HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.04, and Ubuntu 23.10.
8a919d1a4d307c69872670d645ac6969f558a3c26282d75583807e9eb42825c5
Ubuntu Security Notice 6505-1 - It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service.
03d107d2cf8ab399de40a112a24a0819d324fa4dda506f874f6f670d8e52d1fc
Ubuntu Security Notice 6504-1 - It was discovered that tracker-miners incorrectly handled sandboxing. If a second security issue was discovered in tracker-miners, an attacker could possibly use this issue in combination with it to escape the sandbox.
3b3d9faa327fabcfd7513e72be00f3390d2ce22460ac02fed2b03cf2e2ed14fd
Ubuntu Security Notice 6503-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.
f49422348439f73d6b38b42749f79884cebe5eadebb4f303ea755ef60d55b31d
Ubuntu Security Notice 6502-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
8b281c71f5499aa0d9babf8be280fa9bfb686118750a8a2f47909b213297ce1d
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities.
bfb7306b803b1acac19078db2972f3aa4724b44e3c44892d41946574771b0eda
Ubuntu Security Notice 6501-1 - It was discovered that RabbitMQ incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service.
2d3249c3745b8f65d72b1d274eb24d24152b2af6f363f93db9cc96d2f62e1dcb
Ubuntu Security Notice 6497-1 - Maxim Levitsky discovered that the KVM nested virtualization implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.
1cc01b285543877683c581f44bf9007094b8fb6f7d0a6dae46f3076858904e22
Ubuntu Security Notice 6496-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
fdc60d8e003a09f361ff5ac07a415ab8ebfa403348d5e5c0f06215ad1ca095ce
Ubuntu Security Notice 6495-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
0038b4a53931aed559aad4f7b7dc878297fdaf2901ec90a9d676eb3e2302139e
Ubuntu Security Notice 6494-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
b8155c22b0aee7834c05ed29a1774d0847591054fd409c28e4a01741d747e025
Ubuntu Security Notice 6500-1 - Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.
89e080ec0dca666e58acac5a17ad942076e2d2723e487a8ff043ca16623f5d78
Ubuntu Security Notice 6499-1 - It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information.
c4318ffc70d40344c6cc24f5df5b0bd189dedc07477a6bdf29ded4cc378b8f3b
Ubuntu Security Notice 6498-1 - It was discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.
8ffb58b4fdeecb594ce52be5a964442b10c2448f7272166e562fe6adb101bd85
Red Hat Security Advisory 2023-7438-01 - An update for python-gevent is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a privilege escalation vulnerability.
7ebe1c475d5ccc7d07e64c9ca0f0bce420cd72bd757e8c878fd7af74d19eb8a2
Red Hat Security Advisory 2023-7436-01 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include an out of bounds write vulnerability.
4627ce7f95ad3d19e6dfee6f3c3b90ba7dc75c3c1fde62f8448cddd9d59b3130
Red Hat Security Advisory 2023-7435-01 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
7f9bc46d37a2ac495edf8707f0e857b1be49c57ba74edecf3fd9ca26aeeffe44
Red Hat Security Advisory 2023-7434-01 - An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.
e0fba6a08cab6238d94cd0a025c00582aadfb8a859979b55fd86c7e9368c8806
Red Hat Security Advisory 2023-7431-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.
5254d2f7a68346117fbef2d12d056430d6df8d2b748916611ccfa85c6128aca8
Red Hat Security Advisory 2023-7428-01 - An update for tigervnc is now available for Red Hat Enterprise Linux 7. Issues addressed include out of bounds write and use-after-free vulnerabilities.
e1777058ed5bdd6393bb17d224962e7cd066901f0e5c3b9bd7c95653bc25c4d6
Red Hat Security Advisory 2023-7424-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
d5760bd84b7ee41a667637ddd0ff52382b41fed50c66b7b650fa41d3c651cf47
Red Hat Security Advisory 2023-7423-01 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
8b144e8a2724365279a823f10c2e4b42859380077eb33857cc9ed90fa1c8e747
Red Hat Security Advisory 2023-7419-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
936fdf648883fbd8ebdc63aa8a8c2b8a636850d88046a3db4ad2063a7fadd385
Red Hat Security Advisory 2023-7418-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
c2dc4159acf31b034b7ecd43a6adfc922a8e39d37b80c340d0836fcd2213c967
Red Hat Security Advisory 2023-7417-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.
b79e2f3138343f171cb37f04e56e61c94acb5fe89091bbd35686421d2cb63901