NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

Remediation

There is no fixed version for Ubuntu:20.04 glibc.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-33574
• https://security.netapp.com/advisory/ntap-20210629-0005/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
• https://security.gentoo.org/glsa/202107-07
• https://sourceware.org/bugzilla/show_bug.cgi?id=27896
• https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
• https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

Remediation

There is no fixed version for Ubuntu:20.04 git.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021
• https://security-tracker.debian.org/tracker/CVE-2018-1000021
• http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.

Remediation

There is no fixed version for Ubuntu:20.04 systemd.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-26604
• https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/
• https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340
• https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7
• https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html
• https://security.netapp.com/advisory/ntap-20230505-0009/
• http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html
• https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7
• https://www.exploit-db.com/exploits/51674

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

Remediation

There is no fixed version for Ubuntu:20.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20657
• http://www.securityfocus.com/bid/106444
• https://support.f5.com/csp/article/K62602089
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539
• https://access.redhat.com/errata/RHSA-2019:3352

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

Remediation

There is no fixed version for Ubuntu:20.04 glibc.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013
• https://twitter.com/solardiz/status/795601240151457793
• https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
• https://akkadia.org/drepper/SHA-crypt.txt

NVD Description

Note: Versions mentioned in the description apply only to the upstream harfbuzz package and not the harfbuzz package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Remediation

There is no fixed version for Ubuntu:20.04 harfbuzz.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-25193
• https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361
• https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh
• https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/
• https://security.netapp.com/advisory/ntap-20230725-0006/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Remediation

There is no fixed version for Ubuntu:20.04 krb5.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709
• https://security-tracker.debian.org/tracker/CVE-2018-5709
• https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5709
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

Remediation

There is no fixed version for Ubuntu:20.04 patch.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952
• https://security-tracker.debian.org/tracker/CVE-2018-6952
• https://security.gentoo.org/glsa/201904-17
• https://savannah.gnu.org/bugs/index.php?53133
• https://access.redhat.com/errata/RHSA-2019:2033
• http://www.securityfocus.com/bid/103047

NVD Description

Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Remediation

There is no fixed version for Ubuntu:20.04 pcre3.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164
• https://security-tracker.debian.org/tracker/CVE-2017-11164
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://openwall.com/lists/oss-security/2017/07/11/3
• http://www.securityfocus.com/bid/99575
• http://www.openwall.com/lists/oss-security/2023/04/11/1
• http://www.openwall.com/lists/oss-security/2023/04/12/1
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream cairo package and not the cairo package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

Remediation

There is no fixed version for Ubuntu:20.04 cairo.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18064
• https://security-tracker.debian.org/tracker/CVE-2018-18064
• https://gitlab.freedesktop.org/cairo/cairo/issues/341
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream cairo package and not the cairo package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

Remediation

There is no fixed version for Ubuntu:20.04 cairo.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6461
• https://security-tracker.debian.org/tracker/CVE-2019-6461
• https://github.com/TeamSeri0us/pocs/tree/master/gerbv
• https://gitlab.freedesktop.org/cairo/cairo/issues/352
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Remediation

There is no fixed version for Ubuntu:20.04 coreutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781
• https://security-tracker.debian.org/tracker/CVE-2016-2781
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://www.openwall.com/lists/oss-security/2016/02/28/2
• http://www.openwall.com/lists/oss-security/2016/02/28/3
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

Remediation

There is no fixed version for Ubuntu:20.04 ncurses.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-50495
• https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html
• https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html
• https://security.netapp.com/advisory/ntap-20240119-0008/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.

Remediation

There is no fixed version for Ubuntu:20.04 tiff.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10126
• https://security-tracker.debian.org/tracker/CVE-2018-10126
• http://bugzilla.maptools.org/show_bug.cgi?id=2786
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream configobj package and not the configobj package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)).

Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.

Remediation

There is no fixed version for Ubuntu:20.04 configobj.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-26112
• https://github.com/DiffSK/configobj/issues/232
• https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYU4IHVLOTYMFPH7KDOJGKZQR4GKWPFK/

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

Remediation

There is no fixed version for Ubuntu:20.04 openssh.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-14145
• https://security.netapp.com/advisory/ntap-20200709-0004/
• https://security.gentoo.org/glsa/202105-35
• https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d
• https://docs.ssh-mitm.at/CVE-2020-14145.html
• https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1
• https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py
• https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
• http://www.openwall.com/lists/oss-security/2020/12/02/1

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

Remediation

There is no fixed version for Ubuntu:20.04 systemd.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-7008
• https://access.redhat.com/security/cve/CVE-2023-7008
• https://bugzilla.redhat.com/show_bug.cgi?id=2222261
• https://bugzilla.redhat.com/show_bug.cgi?id=2222672
• https://github.com/systemd/systemd/issues/25676
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Remediation

There is no fixed version for Ubuntu:20.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13716
• https://security-tracker.debian.org/tracker/CVE-2017-13716
• https://sourceware.org/bugzilla/show_bug.cgi?id=22009

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Remediation

There is no fixed version for Ubuntu:20.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48064
• https://sourceware.org/bugzilla/show_bug.cgi?id=29922
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f2c64de86bc3d7556121fe296dd679000283931
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/
• https://security.netapp.com/advisory/ntap-20231006-0008/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Remediation

There is no fixed version for Ubuntu:20.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-1010204
• https://support.f5.com/csp/article/K05032915?utm_source=f5support&utm_medium=RSS
• https://security-tracker.debian.org/tracker/CVE-2019-1010204
• https://sourceware.org/bugzilla/show_bug.cgi?id=23765
• https://security.netapp.com/advisory/ntap-20190822-0001/
• https://support.f5.com/csp/article/K05032915?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream cairo package and not the cairo package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

Remediation

There is no fixed version for Ubuntu:20.04 cairo.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7475
• https://security-tracker.debian.org/tracker/CVE-2017-7475
• https://bugs.freedesktop.org/show_bug.cgi?id=100763
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• http://seclists.org/oss-sec/2017/q2/151
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream libpng1.6 package and not the libpng1.6 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.

Remediation

There is no fixed version for Ubuntu:20.04 libpng1.6.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3857
• https://sourceforge.net/p/libpng/bugs/300/
• https://security.netapp.com/advisory/ntap-20230406-0004/

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

Remediation

There is no fixed version for Ubuntu:20.04 openexr.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-3598
• https://bugzilla.redhat.com/show_bug.cgi?id=1970987
• https://security.gentoo.org/glsa/202210-31
• https://www.debian.org/security/2022/dsa-5299
• https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

Remediation

There is no fixed version for Ubuntu:20.04 openexr.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45942
• https://github.com/AcademySoftwareFoundation/openexr/pull/1209
• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
• https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e
• https://github.com/AcademySoftwareFoundation/openexr/commit/db217f29dfb24f6b4b5100c24ac5e7490e1c57d0
• https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1627.yaml
• https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.4
• https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/
• https://security.gentoo.org/glsa/202210-31
• https://www.debian.org/security/2022/dsa-5299
• https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TEZDE2S2DB4BF4LZSSV4W3DNW7DSRHJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJ5PW4WNXBKCRFGDZGAQOSVH2BKZKL4X/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJUK7WIQV5EKWTCZBRXFN6INHG6MLS5O/

NVD Description

Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

Remediation

There is no fixed version for Ubuntu:20.04 patch.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261
• https://savannah.gnu.org/bugs/?61685

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

Remediation

There is no fixed version for Ubuntu:20.04 tiff.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-3164
• https://access.redhat.com/security/cve/CVE-2023-4156
• https://bugzilla.redhat.com/show_bug.cgi?id=2215930
• https://access.redhat.com/security/cve/CVE-2023-3164
• https://bugzilla.redhat.com/show_bug.cgi?id=2213531
• https://gitlab.com/libtiff/libtiff/-/issues/542

NVD Description

Note: Versions mentioned in the description apply only to the upstream openexr package and not the openexr package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.

Remediation

There is no fixed version for Ubuntu:20.04 openexr.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-20296
• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
• https://bugzilla.redhat.com/show_bug.cgi?id=1939141
• https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html
• https://security.gentoo.org/glsa/202107-27
• https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Remediation

There is no fixed version for Ubuntu:20.04 shadow.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235
• https://security-tracker.debian.org/tracker/CVE-2013-4235
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
• https://access.redhat.com/security/cve/cve-2013-4235
• https://security.gentoo.org/glsa/202210-26
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

Remediation

There is no fixed version for Ubuntu:20.04 gnupg2.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219
• https://access.redhat.com/security/cve/CVE-2022-3219
• https://bugzilla.redhat.com/show_bug.cgi?id=2127010
• https://dev.gnupg.org/D556
• https://dev.gnupg.org/T5993
• https://marc.info/?l=oss-security&m=165696590211434&w=4
• https://security.netapp.com/advisory/ntap-20230324-0001/

NVD Description

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

Remediation

There is no fixed version for Ubuntu:20.04 shadow.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-29383
• https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
• https://github.com/shadow-maint/shadow/pull/687
• https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
• https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797

NVD Description

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

Remediation

There is no fixed version for Ubuntu:20.04 ncurses.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-45918
• https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html
• https://security.netapp.com/advisory/ntap-20240315-0006/