A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing

Apport does not disable python crash handler before entering chroot

is_closing_session() allows users to consume RAM in the Apport process

is_closing_session() allows users to create arbitrary tcp dbus connections

is_closing_session() allows users to fill up apport.log

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

Race condition in snap-confine's must_mkdir_and_open_with_perms()