We take a sneak peek at the upcoming AppArmor 4.0 release, plus we cover vulnerabilities in AccountsService, the Linux Kernel, ReportLab, GNU Screen, containerd and more.
50 unique CVEs addressed
~/.pam_environmentfile which is used to configure various per-user session environment variables - this way no matter how you log in to a Ubuntu system, the locale etc that you configured via g-c-c etc gets used
io_uringsubsystem - local attacker could use this to trigger a deadlock and hence a DoS
INVLPGinstruction - but it was found that on certain hardware platforms this did not actually flush the global TLB contrary to expectation - and so could leak kernel memory back to userspace
io_uringand TC flower plus OOB read in InfiniBand RDMA driver - DoS / info leak
eval()function directly on value obtained from an XML document
eval()without having to remove this functionality - new update disables this by default and instead only allows a much limited subset of colors to be parsed