UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2023-50387 Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU bind9 bind9 bind9 bind9 dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq
CVE CVE-2023-6516 To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods bind9 bind9 bind9 bind9
CVE CVE-2023-5517 A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, bind9 bind9 bind9 bind9
CVE CVE-2023-4408 The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS bind9 bind9 bind9 bind9
CVE CVE-2023-42282 An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() functi node-ip node-ip
Launchpad 2052469 Provide an arm64 linux-oracle 64k kernel variant linux-oracle-6.5 linux-meta-oracle linux-generate-oracle linux-meta-oracle-6.5 linux-generate-oracle-6.5 linux-restricted-modules-oracle linux-restricted-modules-oracle-6.5 linux-signed-oracle linux-signed-oracle-6.5
Launchpad 2052723 Azure: Enable CONFIG_TEST_LOCKUP linux-azure-6.5 linux-azure-5.15 linux-azure-6.5
Launchpad 2040465 New upstream microrelease 2.5.17 openldap openldap
Launchpad 2024325 [SRU] trac crashes while importing a library in Ubuntu 20.04 (ImportError: cannot import name 'soft_unicode' from 'jinja2.utils') trac
CVE CVE-2023-4641 A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow shadow shadow shadow shadow shadow shadow
Launchpad 1981147 [SRU] giara fails to start giara
Launchpad 2051181 apt cannot upgrade phased updates if the current security version is same as updates apt apt apt apt
Launchpad 1995790 regression: ?garbage does not work correctly in install commands apt apt apt apt
Launchpad 2040340 Upgrade Rust to 1.73.0 rustc rustc rustc rustc rustc rustc rustc rustc
CVE CVE-2023-48733 An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. edk2 edk2
CVE CVE-2023-45235 EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise messa edk2 edk2 edk2 edk2 edk2 edk2 edk2 edk2
CVE CVE-2023-45234 EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vu edk2 edk2 edk2 edk2 edk2 edk2 edk2 edk2
CVE CVE-2023-4523 Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run a edk2 edk2 edk2 edk2 edk2 edk2 edk2 edk2
CVE CVE-2023-45233 EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vu edk2 edk2 edk2 edk2 edk2 edk2 edk2 edk2
CVE CVE-2023-45232 EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This edk2 edk2 edk2 edk2 edk2 edk2 edk2 edk2



About   -   Send Feedback to @ubuntu_updates