Stemcell (Linux) Release Notes

This topic includes release notes for Linux stemcells used with Ops Manager.

Jammy Stemcells

The following sections describe each Jammy stemcell release.

1.x

This section includes release notes for the 1.x line of Linux stemcells used with Ops Manager.

1.232

Available in VMware Tanzu Network

Release Date: September 20, 2023

Metadata:

BOSH Agent Version: 2.581.0

USNs:

Title: USN-6360-1: FLAC vulnerability
URL: https://ubuntu.com/security/notices/USN-6360-1
Priorities: medium
Description:
It was discovered that FLAC incorrectly handled encoding certain files. A
remote attacker could use this issue to cause FLAC to crash, resulting in a
denial of service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2020-22219

Title: USN-6355-1: GRUB2 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6355-1
Priorities: medium,low
Description:
Daniel Axtens discovered that specially crafted images could cause a
heap-based out-of-bonds write. A local attacker could possibly use
this to circumvent secure boot protections. (CVE-2021-3695)

Daniel Axtens discovered that specially crafted images could cause
out-of-bonds read and write. A local attacker could possibly use this
to circumvent secure boot protections. (CVE-2021-3696)

Daniel Axtens discovered that specially crafted images could cause
buffer underwrite which allows arbitrary data to be written to a heap.
A local attacker could possibly use this to circumvent secure
boot protections. (CVE-2021-3697)

It was discovered that GRUB2 configuration files were created with
the wrong permissions. An attacker could possibly use this to leak
encrypted passwords. (CVE-2021-3981)

Daniel Axtens discovered that specially crafted IP packets could cause
an integer underflow and write past the end of a bugger. An attacker
could possibly use this to circumvent secure boot protections.
(CVE-2022-28733)

Daniel Axtens discovered that specially crafted HTTP headers can cause
an out-of-bounds write of a NULL byte. An attacker could possibly use
this to corrupt GRUB2’s internal data. (CVE-2022-28734)

Julian Andres Klode discovered that GRUB2 shim_lock allowed non-
kernel files to be loaded. A local attack could possibly use this to
circumvent secure boot protections. (CVE-2022-28735)

Chris Coulson discovered that executing chainloaders more than once
caused a use-after-free vulnerability. A local attack could possibly
use this to circumvent secure boot protections. (CVE-2022-28736)

Chris Coulson discovered that specially crafted executables could
cause shim to make out-of-bound writes. A local attack could possibly
use this to circumvent secure boot protections. (CVE-2022-28737)

Zhang Boyang discovered that specially crafted unicode sequences
could lead to an out-of-bounds write to a heap. A local attacker could
possibly use this to circumvent secure boot protections.
(CVE-2022-3775)
CVEs:
- https://ubuntu.com/security/CVE-2021-3695
- https://ubuntu.com/security/CVE-2021-3696
- https://ubuntu.com/security/CVE-2021-3697
- https://ubuntu.com/security/CVE-2021-3981
- https://ubuntu.com/security/CVE-2022-28733
- https://ubuntu.com/security/CVE-2022-28734
- https://ubuntu.com/security/CVE-2022-28735
- https://ubuntu.com/security/CVE-2022-28736
- https://ubuntu.com/security/CVE-2022-28737
- https://ubuntu.com/security/CVE-2022-3775
- https://ubuntu.com/security/CVE-2022-28737
- https://ubuntu.com/security/CVE-2022-28734
- https://ubuntu.com/security/CVE-2022-28735
- https://ubuntu.com/security/CVE-2021-3697
- https://ubuntu.com/security/CVE-2021-3981
- https://ubuntu.com/security/CVE-2021-3696
- https://ubuntu.com/security/CVE-2021-3695
- https://ubuntu.com/security/CVE-2022-3775
- https://ubuntu.com/security/CVE-2022-28736
- https://ubuntu.com/security/CVE-2022-28733

Title: USN-6370-1: ModSecurity vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6370-1
Priorities: medium
Description:
It was discovered that ModSecurity incorrectly handled certain nested JSON
objects. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-42717)

It was discovered that ModSecurity incorrectly handled certain HTTP
multipart requests. A remote attacker could possibly use this issue
to bypass ModSecurity restrictions. (CVE-2022-48279)

It was discovered that ModSecurity incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause a
buffer overflow and a firewall failure. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-24021)
CVEs:
- https://ubuntu.com/security/CVE-2021-42717
- https://ubuntu.com/security/CVE-2022-48279
- https://ubuntu.com/security/CVE-2023-24021
- https://ubuntu.com/security/CVE-2021-42717
- https://ubuntu.com/security/CVE-2023-24021
- https://ubuntu.com/security/CVE-2022-48279

Title: USN-6385-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6385-1
Priorities: medium,high,low
Description:
It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)

William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the
do_prlimit() function in the Linux kernel did not properly handle
speculative execution barriers. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2023-0458)

It was discovered that the TLS subsystem in the Linux kernel contained a
type confusion vulnerability in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-1075)

It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076, CVE-2023-4194)

It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1380)

It was discovered that a race condition existed in the btrfs file system
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1611)

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)

Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)

It was discovered that a use-after-free vulnerability existed in the iSCSI
TCP implementation in the Linux kernel. A local attacker could possibly use
this to cause a denial of service (system crash). (CVE-2023-2162)

Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision tracking in certain situations, leading to an out-
of-bounds access vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-2163)

It was discovered that the perf subsystem in the Linux kernel contained a
use-after-free vulnerability. A privileged local attacker could possibly
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-2235)

Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-28328)

It was discovered that a race condition existed in the TLS subsystem in the
Linux kernel, leading to a use-after-free or a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)

It was discovered that a race condition existed in the f2fs file system in
the Linux kernel, leading to a null pointer dereference vulnerability. An
attacker could use this to construct a malicious f2fs image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-2898)

It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in
the Linux kernel contained a race condition during module unload, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-3141)

Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)

It was discovered that the Qualcomm MSM DPU driver in the Linux kernel did
not properly validate memory allocations in certain situations, leading to
a null pointer dereference vulnerability. A local attacker could use this
to cause a denial of service (system crash). (CVE-2023-3220)

It was discovered that the NET/ROM protocol implementation in the Linux
kernel contained a race condition in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32269)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle some error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3390)

It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)

It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)

It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)

It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)

It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)

Maxim Suhanov discovered that the exFAT file system implementation in the
Linux kernel did not properly check a file name length, leading to an out-
of-bounds write vulnerability. An attacker could use this to construct a
malicious exFAT image that, when mounted and operated on, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-4273)

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2023-4569)
CVEs:
- https://ubuntu.com/security/CVE-2022-27672
- https://ubuntu.com/security/CVE-2022-4269
- https://ubuntu.com/security/CVE-2023-0458
- https://ubuntu.com/security/CVE-2023-1075
- https://ubuntu.com/security/CVE-2023-1076
- https://ubuntu.com/security/CVE-2023-4194
- https://ubuntu.com/security/CVE-2023-1206
- https://ubuntu.com/security/CVE-2023-1380
- https://ubuntu.com/security/CVE-2023-1611
- https://ubuntu.com/security/CVE-2023-2002
- https://ubuntu.com/security/CVE-2023-20593
- https://ubuntu.com/security/CVE-2023-2162
- https://ubuntu.com/security/CVE-2023-2163
- https://ubuntu.com/security/CVE-2023-2235
- https://ubuntu.com/security/CVE-2023-2269
- https://ubuntu.com/security/CVE-2023-28328
- https://ubuntu.com/security/CVE-2023-28466
- https://ubuntu.com/security/CVE-2023-2898
- https://ubuntu.com/security/CVE-2023-3090
- https://ubuntu.com/security/CVE-2023-3141
- https://ubuntu.com/security/CVE-2023-31436
- https://ubuntu.com/security/CVE-2023-3220
- https://ubuntu.com/security/CVE-2023-32269
- https://ubuntu.com/security/CVE-2023-3390
- https://ubuntu.com/security/CVE-2023-3609
- https://ubuntu.com/security/CVE-2023-3610
- https://ubuntu.com/security/CVE-2023-3611
- https://ubuntu.com/security/CVE-2023-3776
- https://ubuntu.com/security/CVE-2023-3777
- https://ubuntu.com/security/CVE-2023-3863
- https://ubuntu.com/security/CVE-2023-3995
- https://ubuntu.com/security/CVE-2023-4004
- https://ubuntu.com/security/CVE-2023-4015
- https://ubuntu.com/security/CVE-2023-40283
- https://ubuntu.com/security/CVE-2023-4128
- https://ubuntu.com/security/CVE-2023-4273
- https://ubuntu.com/security/CVE-2023-4569
- https://ubuntu.com/security/CVE-2023-3141
- https://ubuntu.com/security/CVE-2023-40283
- https://ubuntu.com/security/CVE-2023-28328
- https://ubuntu.com/security/CVE-2023-3220
- https://ubuntu.com/security/CVE-2023-1206
- https://ubuntu.com/security/CVE-2023-1075
- https://ubuntu.com/security/CVE-2023-4273
- https://ubuntu.com/security/CVE-2023-4015
- https://ubuntu.com/security/CVE-2022-27672
- https://ubuntu.com/security/CVE-2023-1076
- https://ubuntu.com/security/CVE-2023-28466
- https://ubuntu.com/security/CVE-2023-3609
- https://ubuntu.com/security/CVE-2023-4128
- https://ubuntu.com/security/CVE-2023-2898
- https://ubuntu.com/security/CVE-2023-3090
- https://ubuntu.com/security/CVE-2023-2235
- https://ubuntu.com/security/CVE-2023-2002
- https://ubuntu.com/security/CVE-2023-32269
- https://ubuntu.com/security/CVE-2023-3863
- https://ubuntu.com/security/CVE-2023-31436
- https://ubuntu.com/security/CVE-2023-2163
- https://ubuntu.com/security/CVE-2023-3777
- https://ubuntu.com/security/CVE-2023-3390
- https://ubuntu.com/security/CVE-2023-3611
- https://ubuntu.com/security/CVE-2023-3776
- https://ubuntu.com/security/CVE-2023-0458
- https://ubuntu.com/security/CVE-2023-4004
- https://ubuntu.com/security/CVE-2023-4194
- https://ubuntu.com/security/CVE-2022-4269
- https://ubuntu.com/security/CVE-2023-20593
- https://ubuntu.com/security/CVE-2023-1611
- https://ubuntu.com/security/CVE-2023-2269
- https://ubuntu.com/security/CVE-2023-1380
- https://ubuntu.com/security/CVE-2023-3995
- https://ubuntu.com/security/CVE-2023-2162
- https://ubuntu.com/security/CVE-2023-3610
- https://ubuntu.com/security/CVE-2023-4569

Title: USN-6348-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6348-1
Priorities: medium,high
Description:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)

Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)

Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)

It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3609)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle certain error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)

It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)

It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-3777)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-3995)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2023-4004)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle bound chain deactivation in certain circumstances. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-4015)
CVEs:
- https://ubuntu.com/security/CVE-2022-40982
- https://ubuntu.com/security/CVE-2023-20593
- https://ubuntu.com/security/CVE-2023-21400
- https://ubuntu.com/security/CVE-2023-3609
- https://ubuntu.com/security/CVE-2023-3610
- https://ubuntu.com/security/CVE-2023-3611
- https://ubuntu.com/security/CVE-2023-3776
- https://ubuntu.com/security/CVE-2023-3777
- https://ubuntu.com/security/CVE-2023-3995
- https://ubuntu.com/security/CVE-2023-4004
- https://ubuntu.com/security/CVE-2023-4015
- https://ubuntu.com/security/CVE-2023-4015
- https://ubuntu.com/security/CVE-2023-3777
- https://ubuntu.com/security/CVE-2023-3611
- https://ubuntu.com/security/CVE-2023-20593
- https://ubuntu.com/security/CVE-2022-40982
- https://ubuntu.com/security/CVE-2023-3776
- https://ubuntu.com/security/CVE-2023-4004
- https://ubuntu.com/security/CVE-2023-3609
- https://ubuntu.com/security/CVE-2023-3995
- https://ubuntu.com/security/CVE-2023-3610
- https://ubuntu.com/security/CVE-2023-21400

Title: USN-6350-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6350-1
Priorities: medium,low
Description:
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate MFT flags in certain situations. An
attacker could use this to construct a malicious NTFS image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-48425)

Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)

It was discovered that a race condition existed in the f2fs file system in
the Linux kernel, leading to a null pointer dereference vulnerability. An
attacker could use this to construct a malicious f2fs image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-2898)

It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)

Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer sizes in certain operations, leading to an out-of-
bounds read vulnerability. A remote attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2023-38426, CVE-2023-38428)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly calculate the size of certain buffers. A remote attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-38429)
CVEs:
- https://ubuntu.com/security/CVE-2022-48425
- https://ubuntu.com/security/CVE-2023-21255
- https://ubuntu.com/security/CVE-2023-2898
- https://ubuntu.com/security/CVE-2023-31084
- https://ubuntu.com/security/CVE-2023-3212
- https://ubuntu.com/security/CVE-2023-38426
- https://ubuntu.com/security/CVE-2023-38428
- https://ubuntu.com/security/CVE-2023-38429
- https://ubuntu.com/security/CVE-2023-2898
- https://ubuntu.com/security/CVE-2023-38428
- https://ubuntu.com/security/CVE-2023-21255
- https://ubuntu.com/security/CVE-2023-38426
- https://ubuntu.com/security/CVE-2023-3212
- https://ubuntu.com/security/CVE-2023-38429
- https://ubuntu.com/security/CVE-2023-31084
- https://ubuntu.com/security/CVE-2022-48425

Title: USN-6339-3: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6339-3
Priorities: medium,low
Description:
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate MFT flags in certain situations. An
attacker could use this to construct a malicious NTFS image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-48425)

Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)

It was discovered that a race condition existed in the f2fs file system in
the Linux kernel, leading to a null pointer dereference vulnerability. An
attacker could use this to construct a malicious f2fs image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-2898)

It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)

Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer sizes in certain operations, leading to an out-of-
bounds read vulnerability. A remote attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2023-38426, CVE-2023-38428)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly calculate the size of certain buffers. A remote attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-38429)
CVEs:
- https://ubuntu.com/security/CVE-2022-48425
- https://ubuntu.com/security/CVE-2023-21255
- https://ubuntu.com/security/CVE-2023-2898
- https://ubuntu.com/security/CVE-2023-31084
- https://ubuntu.com/security/CVE-2023-3212
- https://ubuntu.com/security/CVE-2023-38426
- https://ubuntu.com/security/CVE-2023-38428
- https://ubuntu.com/security/CVE-2023-38429
- https://ubuntu.com/security/CVE-2023-38429
- https://ubuntu.com/security/CVE-2023-38428
- https://ubuntu.com/security/CVE-2023-38426
- https://ubuntu.com/security/CVE-2022-48425
- https://ubuntu.com/security/CVE-2023-2898
- https://ubuntu.com/security/CVE-2023-3212
- https://ubuntu.com/security/CVE-2023-31084
- https://ubuntu.com/security/CVE-2023-21255

Title: USN-6359-1: file vulnerability
URL: https://ubuntu.com/security/notices/USN-6359-1
Priorities: medium
Description:
It was discovered that file incorrectly handled certain malformed files. An
attacker could use this issue to cause a denial of service, or possibly
execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2022-48554

Title: USN-6383-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6383-1
Priorities: high
Description:
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)

It was discovered that the ARM64 KVM implementation in the Linux kernel did
not properly restrict hypervisor memory access. An attacker in a guest VM
could use this to execute arbitrary code in the host OS. (CVE-2023-21264)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)

It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2023-4569)
CVEs:
- https://ubuntu.com/security/CVE-2023-20588
- https://ubuntu.com/security/CVE-2023-21264
- https://ubuntu.com/security/CVE-2023-40283
- https://ubuntu.com/security/CVE-2023-4128
- https://ubuntu.com/security/CVE-2023-4569
- https://ubuntu.com/security/CVE-2023-40283
- https://ubuntu.com/security/CVE-2023-4128
- https://ubuntu.com/security/CVE-2023-21264
- https://ubuntu.com/security/CVE-2023-4569
- https://ubuntu.com/security/CVE-2023-20588

Title: USN-6384-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6384-1
Priorities: high
Description:
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2023-4569)
CVEs:
- https://ubuntu.com/security/CVE-2023-20588
- https://ubuntu.com/security/CVE-2023-4569
- https://ubuntu.com/security/CVE-2023-20588
- https://ubuntu.com/security/CVE-2023-4569

Title: USN-6365-1: Open VM Tools vulnerability
URL: https://ubuntu.com/security/notices/USN-6365-1
Priorities: medium
Description:
It was discovered that Open VM Tools incorrectly handled SAML tokens. A
remote attacker could possibly use this issue to bypass SAML token
signature verification and perform VMware Tools Guest Operations.
CVEs:
- https://ubuntu.com/security/CVE-2023-20900

Title: USN-6338-2: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6338-2
Priorities: medium,low
Description:
Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)

It was discovered that a race condition existed in the f2fs file system in
the Linux kernel, leading to a null pointer dereference vulnerability. An
attacker could use this to construct a malicious f2fs image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-2898)

It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)

Quentin Minster discovered that the KSMBD implementation in the Linux
kernel did not properly handle session setup requests. A remote attacker
could possibly use this to cause a denial of service (memory exhaustion).
(CVE-2023-32247)

Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel when handling sessions operations. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,
CVE-2023-32257)

It was discovered that a race condition existed in the KSMBD implementation
in the Linux kernel when handling session connections, leading to a use-
after-free vulnerability. A remote attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32258)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer sizes in certain operations, leading to an out-of-
bounds read vulnerability. A remote attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2023-38426, CVE-2023-38428)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly calculate the size of certain buffers. A remote attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-38429)
CVEs:
- https://ubuntu.com/security/CVE-2023-21255
- https://ubuntu.com/security/CVE-2023-2898
- https://ubuntu.com/security/CVE-2023-31084
- https://ubuntu.com/security/CVE-2023-32247
- https://ubuntu.com/security/CVE-2023-32250
- https://ubuntu.com/security/CVE-2023-32252
- https://ubuntu.com/security/CVE-2023-32257
- https://ubuntu.com/security/CVE-2023-32258
- https://ubuntu.com/security/CVE-2023-38426
- https://ubuntu.com/security/CVE-2023-38428
- https://ubuntu.com/security/CVE-2023-38429
- https://ubuntu.com/security/CVE-2023-2898
- https://ubuntu.com/security/CVE-2023-38428
- https://ubuntu.com/security/CVE-2023-32247
- https://ubuntu.com/security/CVE-2023-32250
- https://ubuntu.com/security/CVE-2023-21255
- https://ubuntu.com/security/CVE-2023-38426
- https://ubuntu.com/security/CVE-2023-32257
- https://ubuntu.com/security/CVE-2023-38429
- https://ubuntu.com/security/CVE-2023-31084
- https://ubuntu.com/security/CVE-2023-32252
- https://ubuntu.com/security/CVE-2023-32258

Title: USN-6358-1: RedCloth vulnerability
URL: https://ubuntu.com/security/notices/USN-6358-1
Priorities: medium
Description:
It was discovered that RedCloth incorrectly handled certain inputs during
html sanitisation. An attacker could possibly use this issue to cause a
denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2023-31606

Title: USN-6361-1: CUPS vulnerability
URL: https://ubuntu.com/security/notices/USN-6361-1
Priorities: medium
Description:
It was discovered that CUPS incorrectly authenticated certain remote
requests. A remote attacker could possibly use this issue to obtain
recently printed documents.
CVEs:
- https://ubuntu.com/security/CVE-2023-32360

Title: USN-6362-1: .NET vulnerability
URL: https://ubuntu.com/security/notices/USN-6362-1
Priorities: medium
Description:
Kevin Jones discovered that .NET did not properly process certain
X.509 certificates. An attacker could possibly use this issue to
cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2023-36799

Title: USN-6378-1: Django vulnerability
URL: https://ubuntu.com/security/notices/USN-6378-1
Priorities: medium
Description:
It was discovered that Django incorrectly handled certain URIs with a very
large number of Unicode characters. A remote attacker could possibly use
this issue to cause Django to consume resources or crash, leading to a
denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2023-41164

Title: USN-6373-1: gawk vulnerability
URL: https://ubuntu.com/security/notices/USN-6373-1
Priorities: medium
Description:
It was discovered that gawk could be made to read out of bounds when
processing certain inputs. If a user or an automated system were tricked
into opening a specially crafted input, an attacker could possibly use
this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2023-4156

Title: USN-6368-1: Thunderbird vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6368-1
Priorities: medium
Description:
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2023-4573, CVE-2023-4574,
CVE-2023-4575, CVE-2023-4581, CVE-2023-4584)

It was discovered that Thunderbird did not properly manage memory when
handling WebP images. If a user were tricked into opening a malicious WebP
image file, an attacker could potentially exploit these to cause a denial
of service or execute arbitrary code. (CVE-2023-4863)
CVEs:
- https://ubuntu.com/security/CVE-2023-4573
- https://ubuntu.com/security/CVE-2023-4574
- https://ubuntu.com/security/CVE-2023-4575
- https://ubuntu.com/security/CVE-2023-4581
- https://ubuntu.com/security/CVE-2023-4584
- https://ubuntu.com/security/CVE-2023-4863
- https://ubuntu.com/security/CVE-2023-4863
- https://ubuntu.com/security/CVE-2023-4574
- https://ubuntu.com/security/CVE-2023-4584
- https://ubuntu.com/security/CVE-2023-4575
- https://ubuntu.com/security/CVE-2023-4581
- https://ubuntu.com/security/CVE-2023-4573

Title: USN-6369-1: libwebp vulnerability
URL: https://ubuntu.com/security/notices/USN-6369-1
Priorities: medium
Description:
It was discovered that libwebp incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a
specially crafted image file, a remote attacker could use this issue to
cause libwebp to crash, resulting in a denial of service, or possibly
execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2023-4863

Full Changelog: https://github.com/cloudfoundry/bosh-linux-stemcell-builder/compare/ubuntu-jammy/v1.222…ubuntu-jammy/v1.232

1.222

Available in VMware Tanzu Network

Available in VMware Tanzu Network

Release Date: November 29, 2022

Metadata:

BOSH Agent Version: 2.479.0

PR’s
- fix rsyslog crash in case of connection abort .#255 by @h0nIg
-

Title: USN-5542-1: Samba vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5542-1
Priorities: low,medium
Description:
It was discovered that Samba did not handle MaxQueryDuration when being
used in AD DC configurations, contrary to expectations. This issue only
affected Ubuntu 20.04 LTS. (CVE-2021-3670)

Luke Howard discovered that Samba incorrectly handled certain restrictions
associated with changing passwords. A remote attacker being requested to
change passwords could possibly use this issue to escalate privileges.
(CVE-2022-2031)

Luca Moro discovered that Samba incorrectly handled certain SMB1
communications. A remote attacker could possibly use this issue to obtain
sensitive memory contents. (CVE-2022-32742)

Joseph Sutton discovered that Samba incorrectly handled certain password
change requests. A remote attacker could use this issue to change passwords
of other users, resulting in privilege escalation. (CVE-2022-32744)

Joseph Sutton discovered that Samba incorrectly handled certain LDAP add or
modify requests. A remote attacker could possibly use this issue to cause
Samba to crash, resulting in a denial of service. (CVE-2022-32745)

Joseph Sutton and Andrew Bartlett discovered that Samba incorrectly handled
certain LDAP add or modify requests. A remote attacker could possibly use
this issue to cause Samba to crash, resulting in a denial of service.
(CVE-2022-32746)
CVEs:
- https://ubuntu.com/security/CVE-2021-3670
- https://ubuntu.com/security/CVE-2022-2031
- https://ubuntu.com/security/CVE-2022-32742
- https://ubuntu.com/security/CVE-2022-32744
- https://ubuntu.com/security/CVE-2022-32745
- https://ubuntu.com/security/CVE-2022-32746
- https://ubuntu.com/security/CVE-2022-32744
- https://ubuntu.com/security/CVE-2022-32745
- https://ubuntu.com/security/CVE-2022-32742
- https://ubuntu.com/security/CVE-2022-32746
- https://ubuntu.com/security/CVE-2021-3670
- https://ubuntu.com/security/CVE-2022-2031

Title: USN-5561-1: GNOME Web vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5561-1
Priorities: medium
Description:
It was discovered that GNOME Web incorrectly filtered certain strings. A
remote attacker could use this issue to perform cross-site scripting (XSS)
attacks. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-45085,
CVE-2021-45086, CVE-2021-45087)

It was discovered that GNOME Web incorrectly handled certain long page
titles. A remote attacker could use this issue to cause GNOME Web to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-29536)
CVEs:
- https://ubuntu.com/security/CVE-2021-45085
- https://ubuntu.com/security/CVE-2021-45086
- https://ubuntu.com/security/CVE-2021-45087
- https://ubuntu.com/security/CVE-2022-29536
- https://ubuntu.com/security/CVE-2022-29536
- https://ubuntu.com/security/CVE-2021-45086
- https://ubuntu.com/security/CVE-2021-45087
- https://ubuntu.com/security/CVE-2021-45085

Title: USN-5538-1: libtirpc vulnerability
URL: https://ubuntu.com/security/notices/USN-5538-1
Priorities: medium
Description:
It was discovered that libtirpc incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2021-46828

Title: USN-5544-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5544-1
Priorities: medium
Description:
It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)

Felix Fu discovered that the Sun RPC implementation in the Linux kernel did
not properly handle socket states, leading to a use-after-free
vulnerability. A remote attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-28893)

Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local attacker could use this
to escalate privileges in certain situations. (CVE-2022-34918)

Minh Yuan discovered that the floppy disk driver in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2022-1652)
CVEs:
- https://ubuntu.com/security/CVE-2022-1679
- https://ubuntu.com/security/CVE-2022-28893
- https://ubuntu.com/security/CVE-2022-34918
- https://ubuntu.com/security/CVE-2022-1652
- https://ubuntu.com/security/CVE-2022-1679
- https://ubuntu.com/security/CVE-2022-28893
- https://ubuntu.com/security/CVE-2022-1652
- https://ubuntu.com/security/CVE-2022-34918

Title: USN-5546-1: OpenJDK vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5546-1
Priorities: high,medium
Description:
Neil Madden discovered that OpenJDK did not properly verify ECDSA
signatures. A remote attacker could possibly use this issue to insert,
edit or obtain sensitive information. This issue only affected OpenJDK
17 and OpenJDK 18. (CVE-2022-21449)

It was discovered that OpenJDK incorrectly limited memory when compiling a
specially crafted XPath expression. An attacker could possibly use this
issue to cause a denial of service. This issue was fixed in OpenJDK 8 and
OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11
and OpenJDK 17. (CVE-2022-21426)

It was discovered that OpenJDK incorrectly handled converting certain
object arguments into their textual representations. An attacker could
possibly use this issue to cause a denial of service. This issue was
fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed
this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21434)

It was discovered that OpenJDK incorrectly validated the encoded length of
certain object identifiers. An attacker could possibly use this issue to
cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18.
USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17.
(CVE-2022-21443)

It was discovered that OpenJDK incorrectly validated certain paths. An
attacker could possibly use this issue to bypass the secure validation
feature and expose sensitive information in XML files. This issue was
fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this
issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21476)

It was discovered that OpenJDK incorrectly parsed certain URI strings. An
attacker could possibly use this issue to make applications accept
invalid of malformed URI strings. This issue was fixed in OpenJDK 8 and
OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11
and OpenJDK 17. (CVE-2022-21496)

It was discovered that OpenJDK incorrectly generated class code in the
Hotspot component. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2022-21540)

It was dicovered that OpenJDK incorrectly restricted access to the
invokeBasic() method in the Hotspot component. An attacker could possibly
use this issue to insert, edit or obtain sensitive information.
(CVE-2022-21541)

It was discovered that OpenJDK incorrectly computed exponentials. An
attacker could possibly use this issue to insert, edit or obtain sensitive
information. This issue only affected OpenJDK 17.
(CVE-2022-21549)

It was discovered that OpenJDK includes a copy of Xalan that incorrectly
handled integer truncation. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2022-34169)
CVEs:
- https://ubuntu.com/security/CVE-2022-21449
- https://ubuntu.com/security/CVE-2022-21426
- https://ubuntu.com/security/CVE-2022-21434
- https://ubuntu.com/security/CVE-2022-21443
- https://ubuntu.com/security/CVE-2022-21476
- https://ubuntu.com/security/CVE-2022-21496
- https://ubuntu.com/security/CVE-2022-21540
- https://ubuntu.com/security/CVE-2022-21541
- https://ubuntu.com/security/CVE-2022-21549
- https://ubuntu.com/security/CVE-2022-34169
- https://ubuntu.com/security/CVE-2022-21541
- https://ubuntu.com/security/CVE-2022-21540
- https://ubuntu.com/security/CVE-2022-21549
- https://ubuntu.com/security/CVE-2022-21426
- https://ubuntu.com/security/CVE-2022-21476
- https://ubuntu.com/security/CVE-2022-34169
- https://ubuntu.com/security/CVE-2022-21443
- https://ubuntu.com/security/CVE-2022-21449
- https://ubuntu.com/security/CVE-2022-21434
- https://ubuntu.com/security/CVE-2022-21496

Title: USN-5537-1: MySQL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5537-1
Priorities: low,medium
Description:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.30 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Ubuntu 18.04 LTS has been updated to MySQL 5.7.39.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-39.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-30.html
https://www.oracle.com/security-alerts/cpujul2022.html
CVEs:
- https://ubuntu.com/security/CVE-2022-21517
- https://ubuntu.com/security/CVE-2022-21569
- https://ubuntu.com/security/CVE-2022-21515
- https://ubuntu.com/security/CVE-2022-21509
- https://ubuntu.com/security/CVE-2022-21530
- https://ubuntu.com/security/CVE-2022-21528
- https://ubuntu.com/security/CVE-2022-21529
- https://ubuntu.com/security/CVE-2022-21553
- https://ubuntu.com/security/CVE-2022-21525
- https://ubuntu.com/security/CVE-2022-21537
- https://ubuntu.com/security/CVE-2022-21531
- https://ubuntu.com/security/CVE-2022-21534
- https://ubuntu.com/security/CVE-2022-21526
- https://ubuntu.com/security/CVE-2022-21538
- https://ubuntu.com/security/CVE-2022-21527
- https://ubuntu.com/security/CVE-2022-21539
- https://ubuntu.com/security/CVE-2022-21547
- https://ubuntu.com/security/CVE-2022-21522

Title: USN-5568-1: WebKitGTK vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5568-1
Priorities: medium
Description:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
CVEs:
- https://ubuntu.com/security/CVE-2022-2294
- https://ubuntu.com/security/CVE-2022-32792
- https://ubuntu.com/security/CVE-2022-32816

Title: USN-5543-1: Net-SNMP vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5543-1
Priorities: medium
Description:
Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled
memory operations when processing certain requests. A remote attacker could
use this issue to cause Net-SNMP to crash, resulting in a denial of
service, or possibly execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2022-24806
- https://ubuntu.com/security/CVE-2022-24808
- https://ubuntu.com/security/CVE-2022-24809
- https://ubuntu.com/security/CVE-2022-24805
- https://ubuntu.com/security/CVE-2022-24810
- https://ubuntu.com/security/CVE-2022-24807

Title: USN-5564-1: Linux kernel (Intel IoTG) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5564-1
Priorities: high,medium,low
Description:
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)

It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)

It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly clean up timers in some situations. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2022-2585)

It was discovered that the eBPF implementation in the Linux kernel did not
properly prevent writes to kernel objects in BPF_BTF_LOAD commands. A
privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-0500)

Minh Yuan discovered that the floppy disk driver in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2022-1652)

It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)

It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2022-1734)

Yongkang Jia discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle guest TLB mapping invalidation requests in
some situations. An attacker in a guest VM could use this to cause a denial
of service (system crash) in the host OS. (CVE-2022-1789)

Duoming Zhou discovered a race condition in the NFC subsystem in the Linux
kernel, leading to a use-after-free vulnerability. A privileged local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-1974)

Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not
properly prevent context switches from occurring during certain atomic
context operations. A privileged local attacker could use this to cause a
denial of service (system crash). (CVE-2022-1975)

Felix Fu discovered that the Sun RPC implementation in the Linux kernel did
not properly handle socket states, leading to a use-after-free
vulnerability. A remote attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-28893)

Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64
processors, the branch predictor could by mis-trained for return
instructions in certain circumstances. A local attacker could possibly use
this to expose sensitive information. (CVE-2022-29900)

Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64
processors, the Linux kernel’s protections against speculative branch
target injection attacks were insufficient in some circumstances. A local
attacker could possibly use this to expose sensitive information.
(CVE-2022-29901)

Minh Yuan discovered that the floppy driver in the Linux kernel contained a
race condition in some situations, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-33981)

Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local attacker could use this
to escalate privileges in certain situations. (CVE-2022-34918)
CVEs:
- https://ubuntu.com/security/CVE-2022-2588
- https://ubuntu.com/security/CVE-2022-2586
- https://ubuntu.com/security/CVE-2022-2585
- https://ubuntu.com/security/CVE-2022-0500
- https://ubuntu.com/security/CVE-2022-1652
- https://ubuntu.com/security/CVE-2022-1679
- https://ubuntu.com/security/CVE-2022-1734
- https://ubuntu.com/security/CVE-2022-1789
- https://ubuntu.com/security/CVE-2022-1974
- https://ubuntu.com/security/CVE-2022-1975
- https://ubuntu.com/security/CVE-2022-28893
- https://ubuntu.com/security/CVE-2022-29900
- https://ubuntu.com/security/CVE-2022-29901
- https://ubuntu.com/security/CVE-2022-33981
- https://ubuntu.com/security/CVE-2022-34918
- https://ubuntu.com/security/CVE-2022-1734
- https://ubuntu.com/security/CVE-2022-2585
- https://ubuntu.com/security/CVE-2022-29900
- https://ubuntu.com/security/CVE-2022-29901
- https://ubuntu.com/security/CVE-2022-33981
- https://ubuntu.com/security/CVE-2022-0500
- https://ubuntu.com/security/CVE-2022-1974
- https://ubuntu.com/security/CVE-2022-28893
- https://ubuntu.com/security/CVE-2022-1789
- https://ubuntu.com/security/CVE-2022-1975
- https://ubuntu.com/security/CVE-2022-34918
- https://ubuntu.com/security/CVE-2022-2586
- https://ubuntu.com/security/CVE-2022-2588
- https://ubuntu.com/security/CVE-2022-1652
- https://ubuntu.com/security/CVE-2022-1679

Title: USN-5566-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5566-1
Priorities: high,medium
Description:
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)

It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)

It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly clean up timers in some situations. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2022-2585)

Minh Yuan discovered that the floppy disk driver in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2022-1652)

It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)

Felix Fu discovered that the Sun RPC implementation in the Linux kernel did
not properly handle socket states, leading to a use-after-free
vulnerability. A remote attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-28893)

Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64
processors, the branch predictor could by mis-trained for return
instructions in certain circumstances. A local attacker could possibly use
this to expose sensitive information. (CVE-2022-29900)

Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64
processors, the Linux kernel’s protections against speculative branch
target injection attacks were insufficient in some circumstances. A local
attacker could possibly use this to expose sensitive information.
(CVE-2022-29901)

Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local attacker could use this
to escalate privileges in certain situations. (CVE-2022-34918)
CVEs:
- https://ubuntu.com/security/CVE-2022-2588
- https://ubuntu.com/security/CVE-2022-2586
- https://ubuntu.com/security/CVE-2022-2585
- https://ubuntu.com/security/CVE-2022-1652
- https://ubuntu.com/security/CVE-2022-1679
- https://ubuntu.com/security/CVE-2022-28893
- https://ubuntu.com/security/CVE-2022-29900
- https://ubuntu.com/security/CVE-2022-29901
- https://ubuntu.com/security/CVE-2022-34918
- https://ubuntu.com/security/CVE-2022-2586
- https://ubuntu.com/security/CVE-2022-29901
- https://ubuntu.com/security/CVE-2022-34918
- https://ubuntu.com/security/CVE-2022-29900
- https://ubuntu.com/security/CVE-2022-2585
- https://ubuntu.com/security/CVE-2022-2588
- https://ubuntu.com/security/CVE-2022-1652
- https://ubuntu.com/security/CVE-2022-1679
- https://ubuntu.com/security/CVE-2022-28893

Title: USN-5567-1: Linux kernel (OEM) vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5567-1
Priorities: high
Description:
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)

It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)

It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly clean up timers in some situations. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2022-2585)
CVEs:
- https://ubuntu.com/security/CVE-2022-2588
- https://ubuntu.com/security/CVE-2022-2586
- https://ubuntu.com/security/CVE-2022-2585
- https://ubuntu.com/security/CVE-2022-2588
- https://ubuntu.com/security/CVE-2022-2585
- https://ubuntu.com/security/CVE-2022-2586

Title: USN-5565-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5565-1
Priorities: high,medium
Description:
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)

It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)

It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly clean up timers in some situations. A local
attacker could use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2022-2585)

Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64
processors, the branch predictor could by mis-trained for return
instructions in certain circumstances. A local attacker could possibly use
this to expose sensitive information. (CVE-2022-29900)

Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64
processors, the Linux kernel’s protections against speculative branch
target injection attacks were insufficient in some circumstances. A local
attacker could possibly use this to expose sensitive information.
(CVE-2022-29901)
CVEs:
- https://ubuntu.com/security/CVE-2022-2588
- https://ubuntu.com/security/CVE-2022-2586
- https://ubuntu.com/security/CVE-2022-2585
- https://ubuntu.com/security/CVE-2022-29900
- https://ubuntu.com/security/CVE-2022-29901
- https://ubuntu.com/security/CVE-2022-2588
- https://ubuntu.com/security/CVE-2022-2585
- https://ubuntu.com/security/CVE-2022-29901
- https://ubuntu.com/security/CVE-2022-29900
- https://ubuntu.com/security/CVE-2022-2586

Title: USN-5571-1: PostgreSQL vulnerability
URL: https://ubuntu.com/security/notices/USN-5571-1
Priorities: medium
Description:
Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An
attacker could possibly use this issue to execute arbitrary code when
extensions are created or updated.
CVEs:
- https://ubuntu.com/security/CVE-2022-2625

Title: USN-5569-1: Unbound vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5569-1
Priorities: medium
Description:
Xiang Li discovered that Unbound incorrectly handled delegation caching.
A remote attacker could use this issue to keep rogue domain names
resolvable long after they have been revoked.
CVEs:
- https://ubuntu.com/security/CVE-2022-30699
- https://ubuntu.com/security/CVE-2022-30698

Title: USN-5547-1: NVIDIA graphics drivers vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5547-1
Priorities: high,medium,low
Description:
Le Wu discovered that the NVIDIA graphics drivers did not properly perform
input validation in some situations. A local user could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2022-31607)

Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled
certain memory operations, leading to a null-pointer dereference. A local
attacker could use this to cause a denial of service. (CVE-2022-31615)

Artem S. Tashkinov discovered that the NVIDIA graphics drivers Dynamic
Boost D-Bus component did not properly restrict access to its endpoint.
When enabled in non-default configurations, a local attacker could use this
to cause a denial of service or possibly execute arbitrary code.
(CVE-2022-31608)
CVEs:
- https://ubuntu.com/security/CVE-2022-31607
- https://ubuntu.com/security/CVE-2022-31615
- https://ubuntu.com/security/CVE-2022-31608
- https://ubuntu.com/security/CVE-2022-31607
- https://ubuntu.com/security/CVE-2022-31615
- https://ubuntu.com/security/CVE-2022-31608

Title: USN-5532-1: Bottle vulnerability
URL: https://ubuntu.com/security/notices/USN-5532-1
Priorities: medium
Description:
It was discovered that Bottle incorrectly handled errors during early request
binding. An attacker could possibly use this issue to disclose sensitive
information. (CVE-2022-31799)
CVEs:
- https://ubuntu.com/security/CVE-2022-31799
- https://ubuntu.com/security/CVE-2022-31799

Title: USN-5531-1: protobuf-c vulnerability
URL: https://ubuntu.com/security/notices/USN-5531-1
Priorities: medium
Description:
Pietro Borrello discovered that protobuf-c contained an invalid
arithmetic shift. This vulnerability allowed attackers to cause a
denial of service (system crash) via unspecified vectors
(CVE-2022-33070).

It was discovered that protobuf-c contained an unsigned integer
overflow. This vulnerability allowed attackers to cause a denial of
service (system crash) via unspecified vectors.

Todd Miller discovered that protobuf-c contained a possible NULL
dereference. This could cause a vulnerability that allowed attackers to
cause a denial of service (system crash) via unspecified vectors.
CVEs:
- https://ubuntu.com/security/CVE-2022-33070
- https://ubuntu.com/security/CVE-2022-33070

Title: USN-5545-1: Linux kernel (OEM) vulnerability
URL: https://ubuntu.com/security/notices/USN-5545-1
Priorities: medium
Description:
Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local attacker could use this
to escalate privileges in certain situations.
CVEs:
- https://ubuntu.com/security/CVE-2022-34918

1.2

Release Date: July 28, 2022

Metadata:

BOSH Agent Version: 2.461.0

First GA version of ubuntu-jammy

Xenial Stemcells

The following sections describe each Xenial stemcell release.

621.x

This section includes release notes for the 621.x line of Linux stemcells used with Ops Manager.

621.687

Available in VMware Tanzu Network

Release Date: September 20, 2023

Metadata:

BOSH Agent Version: 2.268.173

USNs:

Title: USN-6380-1: Node.js vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6380-1
Priorities: medium
Description:
Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If
a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2019-15604)

Ethan Rubinson discovered that Node.js incorrectly handled certain inputs. If
a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2019-15605)

Alyssa Wilk discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2019-15606)

Tobias Niessen discovered that Node.js incorrectly handled certain inputs. If
a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-8174)

It was discovered that Node.js incorrectly handled certain inputs. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2020-8265, CVE-2020-8287)
CVEs:
- https://ubuntu.com/security/CVE-2019-15604
- https://ubuntu.com/security/CVE-2019-15605
- https://ubuntu.com/security/CVE-2019-15606
- https://ubuntu.com/security/CVE-2020-8174
- https://ubuntu.com/security/CVE-2020-8265
- https://ubuntu.com/security/CVE-2020-8287
- https://ubuntu.com/security/CVE-2019-15604
- https://ubuntu.com/security/CVE-2019-15606
- https://ubuntu.com/security/CVE-2020-8265
- https://ubuntu.com/security/CVE-2019-15605
- https://ubuntu.com/security/CVE-2020-8287
- https://ubuntu.com/security/CVE-2020-8174

Title: USN-6356-1: OpenDMARC vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6356-1
Priorities: low,medium
Description:
Jianjun Chen, Vern Paxson and Jian Jiang discovered that OpenDMARC
incorrectly handled certain inputs. If a user or an automated system were
tricked into receiving crafted inputs, an attacker could possibly use this
to falsify the domain of an e-mails origin. (CVE-2020-12272)

Patrik Lantz discovered that OpenDMARC incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to
cause a denial of service. (CVE-2020-12460)
CVEs:
- https://ubuntu.com/security/CVE-2020-12272
- https://ubuntu.com/security/CVE-2020-12460
- https://ubuntu.com/security/CVE-2020-12460
- https://ubuntu.com/security/CVE-2020-12272

Title: USN-6381-1: GNU binutils vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6381-1
Priorities: medium
Description:
It was discovered that a memory leak existed in certain GNU binutils
modules. An attacker could possibly use this issue to cause a denial of
service (memory exhaustion). (CVE-2020-19724, CVE-2020-21490)

It was discovered that GNU binutils was not properly performing bounds
checks in several functions, which could lead to a buffer overflow. An
attacker could possibly use this issue to cause a denial of service,
expose sensitive information or execute arbitrary code.
(CVE-2020-19726, CVE-2021-46174, CVE-2022-45703)

It was discovered that GNU binutils was not properly initializing heap
memory when processing certain print instructions. An attacker could
possibly use this issue to expose sensitive information. (CVE-2020-35342)

It was discovered that GNU binutils was not properly handling the logic
behind certain memory management related operations, which could lead to a
buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2022-44840)

It was discovered that GNU binutils was not properly handling the logic
behind certain memory management related operations, which could lead to
an invalid memory access. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-47695)
CVEs:
- https://ubuntu.com/security/CVE-2020-19724
- https://ubuntu.com/security/CVE-2020-21490
- https://ubuntu.com/security/CVE-2020-19726
- https://ubuntu.com/security/CVE-2021-46174
- https://ubuntu.com/security/CVE-2022-45703
- https://ubuntu.com/security/CVE-2020-35342
- https://ubuntu.com/security/CVE-2022-44840
- https://ubuntu.com/security/CVE-2022-47695
- https://ubuntu.com/security/CVE-2020-19726
- https://ubuntu.com/security/CVE-2020-35342
- https://ubuntu.com/security/CVE-2022-44840
- https://ubuntu.com/security/CVE-2020-21490
- https://ubuntu.com/security/CVE-2022-45703
- https://ubuntu.com/security/CVE-2021-46174
- https://ubuntu.com/security/CVE-2020-19724
- https://ubuntu.com/security/CVE-2022-47695

Title: USN-6364-1: Ghostscript vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6364-1
Priorities: medium
Description:
It was discovered that Ghostscript incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-21710)

It was discovered that Ghostscript incorrectly handled certain PDF files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2020-21890)
CVEs:
- https://ubuntu.com/security/CVE-2020-21710
- https://ubuntu.com/security/CVE-2020-21890
- https://ubuntu.com/security/CVE-2020-21890
- https://ubuntu.com/security/CVE-2020-21710

Title: USN-6371-1: libssh2 vulnerability
URL: https://ubuntu.com/security/notices/USN-6371-1
Priorities: medium
Description:
It was discovered that libssh2 incorrectly handled memory
access. An attacker could possibly use this issue to cause
a crash.
CVEs:
- https://ubuntu.com/security/CVE-2020-22218

Title: USN-6370-1: ModSecurity vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6370-1
Priorities: medium
Description:
It was discovered that ModSecurity incorrectly handled certain nested JSON
objects. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-42717)

It was discovered that ModSecurity incorrectly handled certain HTTP
multipart requests. A remote attacker could possibly use this issue
to bypass ModSecurity restrictions. (CVE-2022-48279)

It was discovered that ModSecurity incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause a
buffer overflow and a firewall failure. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-24021)
CVEs:
- https://ubuntu.com/security/CVE-2021-42717
- https://ubuntu.com/security/CVE-2022-48279
- https://ubuntu.com/security/CVE-2023-24021
- https://ubuntu.com/security/CVE-2021-42717
- https://ubuntu.com/security/CVE-2023-24021
- https://ubuntu.com/security/CVE-2022-48279

Title: USN-6388-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6388-1
Priorities: medium,low,high
Description:
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)

Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)

It was discovered that the NET/ROM protocol implementation in the Linux
kernel contained a race condition in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32269)

It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)

It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)

It was discovered that the JFS file system implementation in the Linux
kernel did not properly validate memory allocations in certain situations,
leading to a null pointer dereference vulnerability. An attacker could use
this to construct a malicious JFS image that, when mounted, could cause a
denial of service (system crash). (CVE-2023-4385)

It was discovered that the VMware VMXNET3 ethernet driver in the Linux
kernel contained a use-after-free vulnerability in certain situations. A
local attacker in a guest VM could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4387)

It was discovered that the VMware VMXNET3 ethernet driver in the Linux
kernel did not properly handle errors in certain situations, leading to a
null pointer dereference vulnerability. A local attacker in a guest VM
could use this to cause a denial of service (system crash). (CVE-2023-4459)
CVEs:
- https://ubuntu.com/security/CVE-2022-40982
- https://ubuntu.com/security/CVE-2023-3212
- https://ubuntu.com/security/CVE-2023-32269
- https://ubuntu.com/security/CVE-2023-3863
- https://ubuntu.com/security/CVE-2023-40283
- https://ubuntu.com/security/CVE-2023-4128
- https://ubuntu.com/security/CVE-2023-4385
- https://ubuntu.com/security/CVE-2023-4387
- https://ubuntu.com/security/CVE-2023-4459
- https://ubuntu.com/security/CVE-2023-32269
- https://ubuntu.com/security/CVE-2023-4385
- https://ubuntu.com/security/CVE-2023-3212
- https://ubuntu.com/security/CVE-2023-4387
- https://ubuntu.com/security/CVE-2023-3863
- https://ubuntu.com/security/CVE-2023-4459
- https://ubuntu.com/security/CVE-2023-4128
- https://ubuntu.com/security/CVE-2022-40982
- https://ubuntu.com/security/CVE-2023-40283

Title: USN-6342-2: Linux kernel (Azure)
URL: https://ubuntu.com/security/notices/USN-6342-2
Priorities: high,medium,low
Description:
Tavis Ormandy discovered that some AMD processors did not properly handle
speculative execution of certain vector register instructions. A local
attacker could use this to expose sensitive information. (CVE-2023-20593)

Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)

It was discovered that a use-after-free vulnerability existed in the HFS+
file system implementation in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-2985)

It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)

It was discovered that the Quick Fair Queueing network scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)

It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)
CVEs:
- https://ubuntu.com/security/CVE-2023-20593
- https://ubuntu.com/security/CVE-2023-2269
- https://ubuntu.com/security/CVE-2023-2985
- https://ubuntu.com/security/CVE-2023-31084
- https://ubuntu.com/security/CVE-2023-3611
- https://ubuntu.com/security/CVE-2023-3776
- https://ubuntu.com/security/CVE-2023-3611
- https://ubuntu.com/security/CVE-2023-2269
- https://ubuntu.com/security/CVE-2023-2985
- https://ubuntu.com/security/CVE-2023-31084
- https://ubuntu.com/security/CVE-2023-3776
- https://ubuntu.com/security/CVE-2023-20593

Title: USN-6237-3: curl vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6237-3
Priorities: low,medium
Description:
USN-6237-1 fixed several vulnerabilities in curl. This update provides the
corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and
Ubuntu 18.04 LTS.

Original advisory details:

Hiroki Kurosawa discovered that curl incorrectly handled validating certain
certificate wildcards. A remote attacker could possibly use this issue to
spoof certain website certificates using IDN hosts. (CVE-2023-28321)

Hiroki Kurosawa discovered that curl incorrectly handled callbacks when
certain options are set by applications. This could cause applications
using curl to misbehave, resulting in information disclosure, or a denial
of service. (CVE-2023-28322)

It was discovered that curl incorrectly handled saving cookies to files. A
local attacker could possibly use this issue to create or overwrite files.
This issue only affected Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-32001)
CVEs:
- https://ubuntu.com/security/CVE-2023-28321
- https://ubuntu.com/security/CVE-2023-28322
- https://ubuntu.com/security/CVE-2023-32001
- https://ubuntu.com/security/CVE-2023-28322
- https://ubuntu.com/security/CVE-2023-28321

Title: USN-6164-2: c-ares vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6164-2
Priorities: medium
Description:
USN-6164-1 fixed several vulnerabilities in c-ares. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Hannes Moesl discovered that c-ares incorrectly handled certain ipv6
addresses. An attacker could use this issue to cause c-ares to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-31130)

Xiang Li discovered that c-ares incorrectly handled certain UDP packets. A
remote attacker could possibly use this issue to cause c-res to crash,
resulting in a denial of service. (CVE-2023-32067)
CVEs:
- https://ubuntu.com/security/CVE-2023-31130
- https://ubuntu.com/security/CVE-2023-32067
- https://ubuntu.com/security/CVE-2023-32067
- https://ubuntu.com/security/CVE-2023-31130

Title: USN-6358-1: RedCloth vulnerability
URL: https://ubuntu.com/security/notices/USN-6358-1
Priorities: medium
Description:
It was discovered that RedCloth incorrectly handled certain inputs during
html sanitisation. An attacker could possibly use this issue to cause a
denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2023-31606

Title: USN-6372-1: DBus vulnerability
URL: https://ubuntu.com/security/notices/USN-6372-1
Priorities: low
Description:
It was discovered that DBus incorrectly handled certain
invalid messages. A local attacker could possibly use
this issue to cause DBus to crash, resulting in a denial
of service.
CVEs:
- https://ubuntu.com/security/CVE-2023-34969

Title: USN-6366-1: PostgreSQL vulnerability
URL: https://ubuntu.com/security/notices/USN-6366-1
Priorities: medium
Description:
It was discovered that PostgreSQL incorrectly handled certain extension
script substitutions. An attacker having database-level CREATE privileges
can use this issue to execute arbitrary code as the bootstrap superuser.
CVEs:
- https://ubuntu.com/security/CVE-2023-39417

Title: USN-6373-1: gawk vulnerability
URL: https://ubuntu.com/security/notices/USN-6373-1
Priorities: medium
Description:
It was discovered that gawk could be made to read out of bounds when
processing certain inputs. If a user or an automated system were tricked
into opening a specially crafted input, an attacker could possibly use
this issue to cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2023-4156

Title: USN-6374-1: Mutt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-6374-1
Priorities: medium
Description:
It was discovered that Mutt incorrectly handled certain email header
contents. If a user were tricked into opening a specially crafted message,
a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2023-4874, CVE-2023-4875)
CVEs:
- https://ubuntu.com/security/CVE-2023-4874
- https://ubuntu.com/security/CVE-2023-4875
- https://ubuntu.com/security/CVE-2023-4874
- https://ubuntu.com/security/CVE-2023-4875

Full Changelog: https://github.com/pivotal-cf/bosh-linux-stemcell-builder-lts/compare/ubuntu-trusty/v3586.153…ubuntu-xenial/v621.687

621.676

Available in VMware Tanzu Network

Release Date: September 07, 2023

Metadata:

BOSH Agent Version: 2.268.170

621.584

Available in VMware Tanzu Network

Release Date: June 26, 2023

Metadata:

BOSH Agent Version: 2.268.145

Title: USN-5961-1: abcm2ps vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5961-1
Priorities: medium,low
Description:
It was discovered that abcm2ps incorrectly
handled memory when parsing specially crafted ABC files.
An attacker could use this issue to cause abcm2ps to crash,
leading to a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 ESM
and Ubuntu 18.04 LTS.
(CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069)

Chiba of Topsec Alpha Lab discovered that abcm2ps incorrectly
handled memory when parsing specially crafted ABC files.
An attacker could use this issue to cause abcm2ps to crash,
leading to a denial of service.
(CVE-2021-32434, CVE-2021-32435, CVE-2021-32436)
CVEs:
- https://ubuntu.com/security/CVE-2018-10753
- https://ubuntu.com/security/CVE-2018-10771
- https://ubuntu.com/security/CVE-2019-1010069
- https://ubuntu.com/security/CVE-2021-32434
- https://ubuntu.com/security/CVE-2021-32435
- https://ubuntu.com/security/CVE-2021-32436
- https://ubuntu.com/security/CVE-2021-32435
- https://ubuntu.com/security/CVE-2018-10771
- https://ubuntu.com/security/CVE-2019-1010069
- https://ubuntu.com/security/CVE-2021-32434
- https://ubuntu.com/security/CVE-2021-32436
- https://ubuntu.com/security/CVE-2018-10753

Title: USN-5974-1: GraphicsMagick vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5974-1
Priorities: medium
Description:
It was discovered that GraphicsMagick was not properly performing bounds
checks when processing TGA image files, which could lead to a heap buffer
overflow. If a user or automated system were tricked into processing a
specially crafted TGA image file, an attacker could possibly use this
issue to cause a denial of service or execute arbitrary code. This issue
only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-20184)

It was discovered that GraphicsMagick was not properly validating bits per
pixel data when processing DIB image files. If a user or automated system
were tricked into processing a specially crafted DIB image file, an
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2018-20189)

It was discovered that GraphicsMagick was not properly processing
bit-field mask values in BMP image files, which could result in the
execution of an infinite loop. If a user or automated system were tricked
into processing a specially crafted BMP image file, an attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-5685)

It was discovered that GraphicsMagick was not properly validating data
used in arithmetic operations when processing MNG image files, which
could result in a divide-by-zero error. If a user or automated system were
tricked into processing a specially crafted MNG image file, an attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2018-9018)

It was discovered that GraphicsMagick was not properly performing bounds
checks when processing MIFF image files, which could lead to a heap buffer
overflow. If a user or automated system were tricked into processing a
specially crafted MIFF image file, an attacker could possibly use this
issue to cause a denial of service or expose sensitive information. This
issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2019-11006)

It was discovered that GraphicsMagick did not properly magnify certain
MNG image files, which could lead to a heap buffer overflow. If a user or
automated system were tricked into processing a specially crafted MNG
image file, an attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu
20.04 LTS. (CVE-2020-12672)

It was discovered that GraphicsMagick was not properly performing bounds
checks when parsing certain MIFF image files, which could lead to a heap
buffer overflow. If a user or automated system were tricked into
processing a specially crafted MIFF image file, an attacker could possibly
use this issue to cause a denial of service or execute arbitrary code.
(CVE-2022-1270)
CVEs:
- https://ubuntu.com/security/CVE-2018-20184
- https://ubuntu.com/security/CVE-2018-20189
- https://ubuntu.com/security/CVE-2018-5685
- https://ubuntu.com/security/CVE-2018-9018
- https://ubuntu.com/security/CVE-2019-11006
- https://ubuntu.com/security/CVE-2020-12672
- https://ubuntu.com/security/CVE-2022-1270
- https://ubuntu.com/security/CVE-2019-11006
- https://ubuntu.com/security/CVE-2018-9018
- https://ubuntu.com/security/CVE-2022-1270
- https://ubuntu.com/security/CVE-2018-20189
- https://ubuntu.com/security/CVE-2020-12672
- https://ubuntu.com/security/CVE-2018-20184
- https://ubuntu.com/security/CVE-2018-5685

Title: USN-5973-1: url-parse vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5973-1
Priorities: medium,low
Description:
It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. (CVE-2018-3774)

It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass input
validation. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-8124)

Yaniv Nizry discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-27515)

It was discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-3664)

It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass
authorization. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2022-0512, CVE-2022-0639, CVE-2022-0691)

Rohan Sharma discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass
authorization. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2022-0686)
CVEs:
- https://ubuntu.com/security/CVE-2018-3774
- https://ubuntu.com/security/CVE-2020-8124
- https://ubuntu.com/security/CVE-2021-27515
- https://ubuntu.com/security/CVE-2021-3664
- https://ubuntu.com/security/CVE-2022-0512
- https://ubuntu.com/security/CVE-2022-0639
- https://ubuntu.com/security/CVE-2022-0691
- https://ubuntu.com/security/CVE-2022-0686
- https://ubuntu.com/security/CVE-2021-3664
- https://ubuntu.com/security/CVE-2022-0639
- https://ubuntu.com/security/CVE-2021-27515
- https://ubuntu.com/security/CVE-2022-0686
- https://ubuntu.com/security/CVE-2020-8124
- https://ubuntu.com/security/CVE-2022-0512
- https://ubuntu.com/security/CVE-2022-0691
- https://ubuntu.com/security/CVE-2018-3774

Title: USN-5990-1: musl vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5990-1
Priorities: medium
Description:
It was discovered that musl did not handle certain i386 math functions
properly. An attacker could use this vulnerability to cause a denial of
service (crash) or possibly execute arbitrary code. This issue only
affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS.
(CVE-2019-14697)

It was discovered that musl did not handle wide-character conversion
properly. A remote attacker could use this vulnerability to cause resource
consumption (infinite loop), denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04
ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28928)
CVEs:
- https://ubuntu.com/security/CVE-2019-14697
- https://ubuntu.com/security/CVE-2020-28928
- https://ubuntu.com/security/CVE-2020-28928
- https://ubuntu.com/security/CVE-2019-14697

Title: USN-5988-1: Xcftools vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5988-1
Priorities: medium
Description:
It was discovered that integer overflows vulnerabilities existed in Xcftools.
An attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2019-5086, CVE-2019-5087)
CVEs:
- https://ubuntu.com/security/CVE-2019-5086
- https://ubuntu.com/security/CVE-2019-5087
- https://ubuntu.com/security/CVE-2019-5086
- https://ubuntu.com/security/CVE-2019-5087

Title: USN-5983-1: Nette vulnerability
URL: https://ubuntu.com/security/notices/USN-5983-1
Priorities: medium
Description:
Cyku Hong discovered that Nette was not properly handling and validating
data used for code generation. A remote attacker could possibly use this
issue to execute arbitrary code.
CVEs:
- https://ubuntu.com/security/CVE-2020-15227

Title: USN-5997-1: IPMItool vulnerability
URL: https://ubuntu.com/security/notices/USN-5997-1
Priorities: medium
Description:
It was discovered that IPMItool was not properly checking the data received
from a remote LAN party. A remote attacker could possibly use this issue to
to cause a crash or arbitrary code execution.
CVEs:
- https://ubuntu.com/security/CVE-2020-5208

Title: USN-5904-2: SoX regression
URL: https://ubuntu.com/security/notices/USN-5904-2
Priorities: medium,low
Description:
USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for
CVE-2021-33844 was incomplete. This update fixes the problem.

Original advisory details:

Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
and Ubuntu 18.04 LTS. (CVE-2019-13590)

Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2021-23159, CVE-2021-23172, CVE-2021-23210,
CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, and
CVE-2022-31651)
CVEs:
- https://ubuntu.com/security/CVE-2021-33844
- https://ubuntu.com/security/CVE-2019-13590
- https://ubuntu.com/security/CVE-2021-23159
- https://ubuntu.com/security/CVE-2021-23172
- https://ubuntu.com/security/CVE-2021-23210
- https://ubuntu.com/security/CVE-2021-33844
- https://ubuntu.com/security/CVE-2021-3643
- https://ubuntu.com/security/CVE-2021-40426
- https://ubuntu.com/security/CVE-2022-31650
- https://ubuntu.com/security/CVE-2022-31651
- https://ubuntu.com/security/CVE-2021-33844

Title: USN-5981-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5981-1
Priorities: low,medium
Description:
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)

It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41218)

It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)

José Oliveira and Rodrigo Branco discovered that the prctl syscall
implementation in the Linux kernel did not properly protect against
indirect branch prediction attacks in some situations. A local attacker
could possibly use this to expose sensitive information. (CVE-2023-0045)

It was discovered that a use-after-free vulnerability existed in the
Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could
use this to cause a denial of service (system crash). (CVE-2023-0266)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-0394)

Kyle Zeng discovered that the ATM VC queuing discipline implementation in
the Linux kernel contained a type confusion vulnerability in some
situations. An attacker could use this to cause a denial of service (system
crash). (CVE-2023-23455)

It was discovered that the RNDIS USB driver in the Linux kernel contained
an integer overflow vulnerability. A local attacker with physical access
could plug in a malicious USB device to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-23559)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-28328)
CVEs:
- https://ubuntu.com/security/CVE-2021-3669
- https://ubuntu.com/security/CVE-2022-3424
- https://ubuntu.com/security/CVE-2022-36280
- https://ubuntu.com/security/CVE-2022-41218
- https://ubuntu.com/security/CVE-2022-47929
- https://ubuntu.com/security/CVE-2023-0045
- https://ubuntu.com/security/CVE-2023-0266
- https://ubuntu.com/security/CVE-2023-0394
- https://ubuntu.com/security/CVE-2023-23455
- https://ubuntu.com/security/CVE-2023-23559
- https://ubuntu.com/security/CVE-2023-28328
- https://ubuntu.com/security/CVE-2022-41218
- https://ubuntu.com/security/CVE-2023-0394
- https://ubuntu.com/security/CVE-2022-36280
- https://ubuntu.com/security/CVE-2021-3669
- https://ubuntu.com/security/CVE-2023-23455
- https://ubuntu.com/security/CVE-2022-3424
- https://ubuntu.com/security/CVE-2023-0045
- https://ubuntu.com/security/CVE-2023-0266
- https://ubuntu.com/security/CVE-2022-47929
- https://ubuntu.com/security/CVE-2023-23559
- https://ubuntu.com/security/CVE-2023-28328

Title: USN-5969-1: gif2apng vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5969-1
Priorities: medium
Description:
It was discovered that gif2apng contained multiple heap-base overflows. An
attacker could potentially exploit this to cause a denial of service (system
crash). (CVE-2021-45909, CVE-2021-45910, CVE-2021-45911)
CVEs:
- https://ubuntu.com/security/CVE-2021-45909
- https://ubuntu.com/security/CVE-2021-45910
- https://ubuntu.com/security/CVE-2021-45911
- https://ubuntu.com/security/CVE-2021-45911
- https://ubuntu.com/security/CVE-2021-45909
- https://ubuntu.com/security/CVE-2021-45910

Title: USN-5968-1: GitPython vulnerability
URL: https://ubuntu.com/security/notices/USN-5968-1
Priorities: medium
Description:
It was discovered that GitPython did not properly sanitize user inputs for
remote URLs in the clone command. By injecting a maliciously crafted
remote URL, an attacker could possibly use this issue to execute arbitrary
commands on the host.
CVEs:
- https://ubuntu.com/security/CVE-2022-24439

Title: USN-5958-1: FFmpeg vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5958-1
Priorities: medium
Description:
It was discovered that FFmpeg could be made to dereference a null
pointer. An attacker could possibly use this to cause a denial of
service via application crash. These issues only affected Ubuntu
16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. (CVE-2022-3109, CVE-2022-3341)

It was discovered that FFmpeg could be made to access an out-of-bounds
frame by the Apple RPZA encoder. An attacker could possibly use this
to cause a denial of service via application crash or access sensitive
information. This issue only affected Ubuntu 20.04 LTS and Ubuntu
22.10. (CVE-2022-3964)

It was discovered that FFmpeg could be made to access an out-of-bounds
frame by the QuickTime encoder. An attacker could possibly use this to
cause a denial of service via application crash or access sensitive
information. This issue only affected Ubuntu 22.10. (CVE-2022-3965)
CVEs:
- https://ubuntu.com/security/CVE-2022-3109
- https://ubuntu.com/security/CVE-2022-3341
- https://ubuntu.com/security/CVE-2022-3964
- https://ubuntu.com/security/CVE-2022-3965
- https://ubuntu.com/security/CVE-2022-3341
- https://ubuntu.com/security/CVE-2022-3109
- https://ubuntu.com/security/CVE-2022-3965
- https://ubuntu.com/security/CVE-2022-3964

Title: USN-5966-2: amanda regression
URL: https://ubuntu.com/security/notices/USN-5966-2
Priorities: low,medium,high
Description:
USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced
a regression in GNUTAR-based backups. This update reverts all of the
changes in amanda until a better fix is provided.

We apologize for the inconvenience.

Original advisory details:

Maher Azzouzi discovered an information disclosure vulnerability in the
calcsize binary within amanda. calcsize is a suid binary owned by root that
could possibly be used by a malicious local attacker to expose sensitive
file system information. (CVE-2022-37703)

Maher Azzouzi discovered a privilege escalation vulnerability in the
rundump binary within amanda. rundump is a suid binary owned by root that
did not perform adequate sanitization of environment variables or
commandline options and could possibly be used by a malicious local
attacker to escalate privileges. (CVE-2022-37704)

Maher Azzouzi discovered a privilege escalation vulnerability in the runtar
binary within amanda. runtar is a suid binary owned by root that did not
perform adequate sanitization of commandline options and could possibly be
used by a malicious local attacker to escalate privileges. (CVE-2022-37705)
CVEs:
- https://ubuntu.com/security/CVE-2022-37703
- https://ubuntu.com/security/CVE-2022-37704
- https://ubuntu.com/security/CVE-2022-37705

Title: USN-5966-1: amanda vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5966-1
Priorities: low,medium,high
Description:
Maher Azzouzi discovered an information disclosure vulnerability in the
calcsize binary within amanda. calcsize is a suid binary owned by root that
could possibly be used by a malicious local attacker to expose sensitive
file system information. (CVE-2022-37703)

Maher Azzouzi discovered a privilege escalation vulnerability in the
rundump binary within amanda. rundump is a suid binary owned by root that
did not perform adequate sanitization of environment variables or
commandline options and could possibly be used by a malicious local
attacker to escalate privileges. (CVE-2022-37704)

Maher Azzouzi discovered a privilege escalation vulnerability in the runtar
binary within amanda. runtar is a suid binary owned by root that did not
perform adequate sanitization of commandline options and could possibly be
used by a malicious local attacker to escalate privileges. (CVE-2022-37705)
CVEs:
- https://ubuntu.com/security/CVE-2022-37703
- https://ubuntu.com/security/CVE-2022-37704
- https://ubuntu.com/security/CVE-2022-37705
- https://ubuntu.com/security/CVE-2022-37703
- https://ubuntu.com/security/CVE-2022-37704
- https://ubuntu.com/security/CVE-2022-37705

Title: USN-5686-4: Git vulnerability
URL: https://ubuntu.com/security/notices/USN-5686-4
Priorities: medium
Description:
USN-5686-1 fixed several vulnerabilities in Git. This update
provides the corresponding fix for CVE-2022-39253 on Ubuntu 16.04 ESM.

Original advisory details:

Cory Snider discovered that Git incorrectly handled certain symbolic links.
An attacker could possibly use this issue to cause an unexpected behaviour.
CVEs:
- https://ubuntu.com/security/CVE-2022-39253
- https://ubuntu.com/security/CVE-2022-39253

Title: USN-5963-1: Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5963-1
Priorities: medium
Description:
It was discovered that Vim was not properly performing memory management
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu 18.04
LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-47024,
CVE-2023-0049, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433)

It was discovered that Vim was not properly performing memory management
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu 22.04
LTS, and Ubuntu 22.10. (CVE-2023-0051)

It was discovered that Vim was not properly performing memory management
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. (CVE-2023-1170, CVE-2023-1175)

It was discovered that Vim was not properly performing memory management
operations. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu 20.04
LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-1264)
CVEs:
- https://ubuntu.com/security/CVE-2022-47024
- https://ubuntu.com/security/CVE-2023-0049
- https://ubuntu.com/security/CVE-2023-0054
- https://ubuntu.com/security/CVE-2023-0288
- https://ubuntu.com/security/CVE-2023-0433
- https://ubuntu.com/security/CVE-2023-0051
- https://ubuntu.com/security/CVE-2023-1170
- https://ubuntu.com/security/CVE-2023-1175
- https://ubuntu.com/security/CVE-2023-1264
- https://ubuntu.com/security/CVE-2023-0054
- https://ubuntu.com/security/CVE-2023-1175
- https://ubuntu.com/security/CVE-2023-0049
- https://ubuntu.com/security/CVE-2023-1264
- https://ubuntu.com/security/CVE-2023-0433
- https://ubuntu.com/security/CVE-2022-47024
- https://ubuntu.com/security/CVE-2023-0051
- https://ubuntu.com/security/CVE-2023-0288
- https://ubuntu.com/security/CVE-2023-1170

Title: LSN-0093-1: Kernel Live Patch Security Notice
URL: https://ubuntu.com/security/notices/LSN-0093-1
Priorities: high
Description:
Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel
did not properly handle VLAN headers in some situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2023-0179)

It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-0461)
CVEs:
- https://ubuntu.com/security/CVE-2023-0179
- https://ubuntu.com/security/CVE-2023-0461
- https://ubuntu.com/security/CVE-2023-0461
- https://ubuntu.com/security/CVE-2023-0179

Title: USN-5975-1: Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5975-1
Priorities: high,low,medium
Description:
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)

It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)

It was discovered that an out-of-bounds write vulnerability existed in the
Video for Linux 2 (V4L2) implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-20369)

Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan
and Ariel Sabba discovered that some Intel processors with Enhanced
Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET
instructions after a VM exits. A local attacker could potentially use this
to expose sensitive information. (CVE-2022-26373)

David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

Johannes Wikner and Kaveh Razavi discovered that for some AMD x86-64
processors, the branch predictor could by mis-trained for return
instructions in certain circumstances. A local attacker could possibly use
this to expose sensitive information. (CVE-2022-29900)

Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64
processors, the Linux kernel’s protections against speculative branch
target injection attacks were insufficient in some circumstances. A local
attacker could possibly use this to expose sensitive information.
(CVE-2022-29901)

It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)

It was discovered that a race condition existed in the Kernel Connection
Multiplexor (KCM) socket implementation in the Linux kernel when releasing
sockets in certain situations. A local attacker could use this to cause a
denial of service (system crash). (CVE-2022-3521)

It was discovered that the Netronome Ethernet driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3545)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform bounds checking in some situations. A
physically proximate attacker could use this to craft a malicious USB
device that when inserted, could cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-3628)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)

It was discovered that a use-after-free vulnerability existed in the
Bluetooth stack in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3640)

It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3646)

Khalid Masum discovered that the NILFS2 file system implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2022-3649)

Hyunwoo Kim discovered that an integer overflow vulnerability existed in
the PXA3xx graphics driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2022-39842)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41218)

It was discovered that a race condition existed in the SMSC UFX USB driver
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41849)

It was discovered that a race condition existed in the Roccat HID driver in
the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-41850)

It was discovered that a race condition existed in the Xen network backend
driver in the Linux kernel when handling dropped packets in certain
circumstances. An attacker could use this to cause a denial of service
(kernel deadlock). (CVE-2022-42328, CVE-2022-42329)

Tamás Koczka discovered that the Bluetooth L2CAP implementation in the
Linux kernel did not properly initialize memory in some situations. A
physically proximate attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-42895)

It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)

It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)

José Oliveira and Rodrigo Branco discovered that the prctl syscall
implementation in the Linux kernel did not properly protect against
indirect branch prediction attacks in some situations. A local attacker
could possibly use this to expose sensitive information. (CVE-2023-0045)

It was discovered that a use-after-free vulnerability existed in the
Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could
use this to cause a denial of service (system crash). (CVE-2023-0266)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-0394)

Kyle Zeng discovered that the ATM VC queuing discipline implementation in
the Linux kernel contained a type confusion vulnerability in some
situations. An attacker could use this to cause a denial of service (system
crash). (CVE-2023-23455)

It was discovered that the RNDIS USB driver in the Linux kernel contained
an integer overflow vulnerability. A local attacker with physical access
could plug in a malicious USB device to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-23559)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate attributes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2023-26607)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-28328)
CVEs:
- https://ubuntu.com/security/CVE-2023-0461
- https://ubuntu.com/security/CVE-2021-3669
- https://ubuntu.com/security/CVE-2022-20369
- https://ubuntu.com/security/CVE-2022-26373
- https://ubuntu.com/security/CVE-2022-2663
- https://ubuntu.com/security/CVE-2022-29900
- https://ubuntu.com/security/CVE-2022-29901
- https://ubuntu.com/security/CVE-2022-3424
- https://ubuntu.com/security/CVE-2022-3521
- https://ubuntu.com/security/CVE-2022-3545
- https://ubuntu.com/security/CVE-2022-3628
- https://ubuntu.com/security/CVE-2022-36280
- https://ubuntu.com/security/CVE-2022-3640
- https://ubuntu.com/security/CVE-2022-3646
- https://ubuntu.com/security/CVE-2022-3649
- https://ubuntu.com/security/CVE-2022-39842
- https://ubuntu.com/security/CVE-2022-41218
- https://ubuntu.com/security/CVE-2022-41849
- https://ubuntu.com/security/CVE-2022-41850
- https://ubuntu.com/security/CVE-2022-42328
- https://ubuntu.com/security/CVE-2022-42329
- https://ubuntu.com/security/CVE-2022-42895
- https://ubuntu.com/security/CVE-2022-43750
- https://ubuntu.com/security/CVE-2022-47929
- https://ubuntu.com/security/CVE-2023-0045
- https://ubuntu.com/security/CVE-2023-0266
- https://ubuntu.com/security/CVE-2023-0394
- https://ubuntu.com/security/CVE-2023-23455
- https://ubuntu.com/security/CVE-2023-23559
- https://ubuntu.com/security/CVE-2023-26607
- https://ubuntu.com/security/CVE-2023-28328
- https://ubuntu.com/security/CVE-2022-43750
- https://ubuntu.com/security/CVE-2022-3521
- https://ubuntu.com/security/CVE-2022-3424
- https://ubuntu.com/security/CVE-2022-41218
- https://ubuntu.com/security/CVE-2022-47929
- https://ubuntu.com/security/CVE-2022-3628
- https://ubuntu.com/security/CVE-2022-3640
- https://ubuntu.com/security/CVE-2023-23455
- https://ubuntu.com/security/CVE-2022-42329
- https://ubuntu.com/security/CVE-2023-26607
- https://ubuntu.com/security/CVE-2023-23559
- https://ubuntu.com/security/CVE-2022-3649
- https://ubuntu.com/security/CVE-2023-0045
- https://ubuntu.com/security/CVE-2022-2663
- https://ubuntu.com/security/CVE-2021-3669
- https://ubuntu.com/security/CVE-2022-29901
- https://ubuntu.com/security/CVE-2022-3646
- https://ubuntu.com/security/CVE-2022-29900
- https://ubuntu.com/security/CVE-2022-42328
- https://ubuntu.com/security/CVE-2022-41850
- https://ubuntu.com/security/CVE-2022-39842
- https://ubuntu.com/security/CVE-2022-3545
- https://ubuntu.com/security/CVE-2023-0266
- https://ubuntu.com/security/CVE-2023-0394
- https://ubuntu.com/security/CVE-2023-0461
- https://ubuntu.com/security/CVE-2022-20369
- https://ubuntu.com/security/CVE-2022-42895
- https://ubuntu.com/security/CVE-2022-36280
- https://ubuntu.com/security/CVE-2023-28328
- https://ubuntu.com/security/CVE-2022-26373
- https://ubuntu.com/security/CVE-2022-41849

Title: USN-5960-1: Python vulnerability
URL: https://ubuntu.com/security/notices/USN-5960-1
Priorities: medium
Description:
Yebo Cao discovered that Python incorrectly handled certain URLs.
An attacker could possibly use this issue to bypass blocklisting
methods by supplying a URL that starts with blank characters.
CVEs:
- https://ubuntu.com/security/CVE-2023-24329

Title: USN-5942-2: Apache HTTP Server vulnerability
URL: https://ubuntu.com/security/notices/USN-5942-2
Priorities: medium
Description:
USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update
provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM.

Original advisory details:

Lars Krapf discovered that the Apache HTTP Server mod_proxy module
incorrectly handled certain configurations. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2023-25690)
CVEs:
- https://ubuntu.com/security/CVE-2023-25690
- https://ubuntu.com/security/CVE-2023-25690
- https://ubuntu.com/security/CVE-2023-25690

Title: USN-5989-1: GlusterFS vulnerability
URL: https://ubuntu.com/security/notices/USN-5989-1
Priorities: medium
Description:
Tao Lyu discovered that GlusterFS did not properly handle certain
event notifications. An attacker could possibly use this issue to
cause a denial of service.
CVEs:
- https://ubuntu.com/security/CVE-2023-26253

Title: USN-5996-1: Liblouis vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5996-1
Priorities: medium
Description:
It was discovered that Liblouis incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-26767, CVE-2023-26768, CVE-2023-26769)
CVEs:
- https://ubuntu.com/security/CVE-2023-26767
- https://ubuntu.com/security/CVE-2023-26768
- https://ubuntu.com/security/CVE-2023-26769
- https://ubuntu.com/security/CVE-2023-26769
- https://ubuntu.com/security/CVE-2023-26768
- https://ubuntu.com/security/CVE-2023-26767

Title: USN-5964-2: curl vulnerabilities
URL: https://ubuntu.com/security/notices/USN-5964-2
Priorities: low,medium
Description:
USN-5964-1 fixed several vulnerabilities in curl. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Harry Sintonen discovered that curl incorrectly handled certain TELNET
connection options. Due to lack of proper input scrubbing, curl could pass
on user name and telnet options to the server as provided, contrary to
expectations. (CVE-2023-27533)

Harry Sintonen discovered that curl incorrectly reused certain FTP
connections. This could lead to the wrong credentials being reused,
contrary to expectations. (CVE-2023-2753