Friday, December 8, 2023

Ubuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities

Ubuntu Released security updates frequently this month and fixed multiple critical vulnerabilities that affected the Ubuntu package.

The vulnerabilities are fixed with the latest packages if you have enabled automatic update in your Ubuntu servers the updates will be applied automatically.

php5 vulnerabilities

Ubuntu fixes the several vulnerabilities that affected the PHP that provides  corresponding update for Ubuntu 12.04 ESM.

It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service.

GLib vulnerabilities

There are 2 Vulnerabilities fixed that affected glib2.0 – GLib Input, Output and Streaming Library.

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2018-16428)

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-16429)

Ghostscript vulnerabilities

Several security issues were fixed in Ghostscript.Tavis Ormandy discovered multiple security issues in Ghostscript.

If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

glib2.0 vulnerabilities

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information.

ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360)

It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361)

PHP vulnerabilities

It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS.

It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service.

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

Also Read

Google Chrome to Show Not Secure For HTTP Sites and Fix for 42 Security Issues

Apache Software Foundation Releases Important Security Patches for Multiple Apache Tomcat Versions

Cisco Released Critical Security Updates for Vulnerabilities that Affected Cisco Products

Website

Latest articles

Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid...

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative...

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

SLAM Attack Gets Root Password Hash in 30 Seconds

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat...

Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

The Akira ransomware group, which first appeared in March 2023, has been identified as...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Endpoint Strategies for 2024 and beyond

Converge and Defend

What's the pulse of Unified Endpoint Management and Security (UEMS) in Europe? Join us live to uncover the strategies that are defining endpoint security in the region.

Related Articles