Security insights, vulnerability roundups, and updates from the Agent Breach team.
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.
Ubuntu has released security updates addressing multiple vulnerabilities in Unbound, a widely-used DNS resolver, affecting Ubuntu 14.04 through 20.04 LTS. The flaws range from denial-of-service conditions to potential arbitrary code execution through improper DNSSEC validation.
Ubuntu security advisory USN-8358-1 discloses a credential validation bypass in haveged that could permit local attackers to execute privileged commands. The vulnerability stems from improper access controls on the entropy daemon's control socket.
A path sanitization vulnerability in NNCP enables remote attackers to read or write files outside intended directories during packet operations. Ubuntu has released a security update to address this critical issue.
Ubuntu has released a security update addressing a symlink handling flaw in sslh that could allow local attackers to overwrite arbitrary files. The vulnerability stems from improper PID file handling and affects systems running vulnerable versions of the protocol multiplexer.
Ubuntu has released security updates addressing a critical vulnerability in Little CMS that could allow arbitrary code execution through malformed ICC profiles. The patch covers Ubuntu 14.04, 16.04, 18.04, and 20.04 LTS versions.
Ubuntu has released a critical security update addressing a vulnerability in the Linux kernel's packet socket subsystem. The flaw could allow attackers to compromise affected systems.
Ubuntu security advisory USN-8345-1 addresses a memory handling flaw in GDAL's vendored LibTIFF library that could enable arbitrary code execution when processing malformed TIFF metadata. Organizations using GDAL for geospatial image processing should apply patches immediately to mitigate denial-of-service and data exfiltration risks.
Ubuntu security update USN-8346-1 addresses critical vulnerabilities in Texmaker's bundled LibTIFF library that could allow attackers to execute arbitrary code through specially crafted TIFF files. The flaw affects memory handling during image metadata parsing, posing risks to users who process untrusted documents.
Ubuntu security update USN-8347-1 addresses a critical vulnerability in QT WebEngine's vendored LibTIFF library that could allow attackers to execute arbitrary code through specially crafted TIFF image metadata. The flaw affects memory handling during image parsing and poses risks to applications embedding QT WebEngine.
Ubuntu released USN-8338-2 to address a regression in Apache HTTP Server that prevented mod_http2 from loading on Ubuntu 18.04 LTS. The patch resolves an unintended side effect from the previous security update while maintaining fixes for multiple CVEs.